Saturday, July 2, 2011

Environmentalism

You don't miss what you didn't like.

After the surge of environmentalism in the late 1960s laws were passed and water, air, and land were cleaned up. (OK, you can't make everybody happy, there is still much to be cleaned up, but it is a heck of a lot better than it was. And ultimately you meet a trade-off between cleaner and cost of cleaning and you accept a little dirt.) But I must admit, I never woke up one day and jumped for joy because the environment was cleaner. I did notice that Los Angeles has less rolling black smog drifting across the highways but even in the smoggy bad old days there were some days with less pollution. So I never really noticed.

Well... I must admit I didn't notice that web pollution has ebbed. Sure, I was annoyed as anybody over the mailbox being full of spam. But I haven't really jumped out of bed lately and shouted "hosannah the spam is gone!". I didn't think about it. But this graphic made me realize I wasn't seeing what wasn't there...

Click to Enlarge


This post on the KrebsonSecurity blog gave me my "aha!" moment:
First, the good news: The past year has witnessed the decimation of spam volume, the arrests of several key hackers, and the high-profile takedowns of some of the Web’s most notorious botnets. The bad news? The crooks behind these huge crime machines are fighting back — devising new approaches designed to resist even the most energetic takedown efforts.

The volume of junk email flooding inboxes each day is way down from a year ago, as much as a 90 percent decrease according to some estimates. Symantec reports that spam volumes hit their high mark in July 2010, when junk email purveyors were blasting in excess of 225 billion spam messages per day. The company says daily spam volumes now hover between 25 and 50 billion missives daily. Anti-spam experts from Cisco Systems are tracking a similarly precipitous decline, from 300 billion per day in June 2010 to just 40 billion in June 2011.
But good news is not permanent and unlike the old westerns where the guy in the white hat cleaned up the city and you could cut to the fadeaway shot knowing that all would rest safe and secure from then on out:
But botmasters are not idly standing by while their industry is dismantled. Analysts from Kaspersky Lab this week published research on a new version of the TDSS malware (a.k.a. TDL), a sophisticated malicious code family that includes a powerful rootkit component that compromises PCs below the operating system level, making it extremely challenging to detect and remove. The latest version of TDSS — dubbed TDL-4 – has already infected 4.5 million PCs; it uses a custom encryption scheme that makes it difficult for security experts to analyze traffic between hijacked PCs and botnet controllers. TDL-4 control networks also send out instructions to infected PCs using a peer-to-peer network that includes multiple failsafe mechanisms.

...

Unfortunately, not many security experts or law enforcement agencies say they are focusing attention on another major weapon in battling e-crime: Targeting the financial instruments used by these criminal organizations.
Arghh!

But Brian Krebs knows something about marketing. He remembers the old cliffhanger technique...
Next week, I will publish the first in a series of blog posts that look at the connections between the financial instruments used by rogue Internet pharmacies and those of the affiliate networks that push rogue anti-virus or “scareware.”
To be continued...

No comments: