This year was no different. The Labs team collected an enormous amount of data on malware (over 75 million signatures) and vulnerabilities to help customers protect against them. This information also gave them the ability to look ahead at evolving threats that could become prevalent in 2013.

So, what’s in store for us? Increased mobile threats are certainly on the horizon.  This is perhaps no surprise given the explosion of mobile devices, and mobile malware, that the team has seen in the last couple of years. Also on the list are innovative ways in which cybercriminals plan to continue profiting from old scams while working on new scams to dupe victims.

Get ready, because here are our threat predictions for the year ahead:

1)    “Ransomware” resurges and takes on mobile devices

Ransomware is a type of malware that allows cybercriminals to lock your computer from a remote location, and demand payment in order for you to regain access to your files and programs. In fact, McAfee Labs saw a 43% increase in ransomware samples in the last quarter[1], making it one of the fastest growing areas of cybercrime. As users become more reliant on their devices to perform business and financial transactions, we expect this threat to move from computers to mobile devices. And, we know that attackers have already developed mobile ransomware.

What’s more, mobile ransomware could give attackers other frightening possibilities, besides hijacking users’ ability to communicate and access data. For example, they could threaten to distribute recorded phone calls and pictures saved on the device if the user refuses to pay a ransom.

2)    Mobile malware goes on a shopping spree

Mobile malware has been on the rise, doubling from the second quarter of 2012 to the third quarter[2], and much of the threat came from malicious applications that mobile users downloaded from unofficial app stores.

Well, now the cybercrooks are moving in a new direction that doesn’t require users to download anything. The malware writers are exploiting vulnerabilities in mobile phones to deliver programs that can buys apps in stealth shopping sprees! The apps they buy have been developed by the malware authors, putting money straight into their own pockets.

3)    Mobile “tap and pay” worms “bump and infect”

A growing number of phones are enabled with a technology that allows users to simply “tap and pay,” called near-field communications (NFC), or make purchases using close-range wireless communications. This means that your smartphones are becoming virtual wallets, attracting virtual criminals. McAfee Labs predicts that malware writers will create mobile worms with NFC capabilities that can spread using that “bump and infect” method, as well as steal money from victims’ accounts.

4)    Botnets phone home

Botnets are networks of infected computers, and they’ve been around for a while. In fact, they are one of the largest sources of spam emails. Attackers can make your computer part of a botnet  (a “bot”) by infecting it with malware, and using its resources to launch attacks on other computers, or send out spam, all without your knowledge.

Unfortunately for the “botmasters” who run these networks, international cooperation in policing spam, malware and other illegal activities has led to a crackdown on some of the largest bot networks. In 2013 we expect these botmasters to retaliate and protect their income by implementing fail-safes that will allow them to regain control of a botnet after it has been taken down.

5)    Online marketplaces offer “click” to hack services

Up until recently, cybercriminals used to wheel and deal on public forums, where they would sell malware and hacking services, but this proved a little too risky. After all, they could be dealing with an undercover agent and not even know it. So, they recently began selling their wares on e-commerce sites, where buyers can select a piece of malware or hacking service with the click of the mouse. This provides the cybercrooks more security and anonymity.

While we don’t know for sure whether these particular attacks will thrive in the year ahead, we do know that there are a large variety of threats that can put your devices and information at risk, so it’s best to take proactive measures to protect yourself.  Follow these security resolutions for 2013 to stay a step ahead of the bad guys.

2013 Security Resolutions:

1) Install security software on all your devices including mobile—With the growing amount of mobile threats that we’re seeing, you want to make sure that your smartphone and tablet are protected, just like your computer. McAfee makes this easy with McAfee All Access, a single software solution to protect all of your devices. It includes McAfee Mobile Security, which protects tablet and smartphones from viruses and malware, as well as protects your devices and information in the case of loss or theft.

2) Strengthen and regularly change your passwords—If you’re still using easy to remember passwords that include your home address and pet’s name, it’s time to get serious about creating strong passwords that are at least eight characters long, and a combination of numbers, letters and symbols. Don’t include any personal information that can be guessed by hackers.  Password management software can also help you easily keep track of your passwords and ensures they are secure.  McAfee offers this functionality, called SafeKey, in McAfee All Access.

3) Make sure that all of your software is up-to-date—Software updates often include fixes to security holes and other vulnerabilities so you want to make sure that you have the latest version of all your software programs, especially security software.

4) Check your bank statements and mobile charges regularly—This way, you can discover and report any suspicious charges.

Finally, as cybercriminals continue developing new attacks, realize that you need to stay up-to-date on the latest threats and how to protect yourself. For the latest security news, check out: http://blogs.mcafee.com/category/consumer and http://blogs.mcafee.com/category/mcafee-labs

In keeping with its usual quality, the Q3 Threats Report is filled with pages of new discoveries, trends, and forecasting.  I would, however, like to share three threats that were uncovered this quarter that I believe are the stealthiest and possibly the most dangerous to overall network security.  

1. Ransomware: Scary at home, scarier at work

Last quarter, McAfee researchers discovered nearly 100,000 new malware samples per day – which is incredible growth.  This quarter, we see malware slowing, but we’ve already topped 100 million samples.  While there are many classes of malware and attacks, however, I think we need to pay particular attention to ransomware.  As you know from last quarter’s report, ransomware is a family of malware that takes a computer or its data hostage to extort money from its victims. According to McAfee researchers, the number of unique ransomware samples grew by another 43 percent last quarter, making it one of the fastest growing classes of cybercrime.

With ransomware, many don’t even recognize they have become victims of a crime or that they can actually report it as a crime.  Not only is ransomware particularly disturbing to consumers with its sophisticated use of social engineering tactics, but it is a huge risk to the corporate network as the line between employee-owned devices and company devices begins to blur.  It can start with a seemingly innocent click in a streaming video or “pay per install” action, and lead to control by botnets and further infection – actions that pose huge risks to the corporate network.  The ramifications of Bring Your Own Device (BYOD) are making it clear that organizations must deploy a combination of best practices, process controls, and advanced security – from the network all the way down to the application level. 

 2. Data Breaches: Databases are serious targets

In my conversations around network security, I often get asked about database security and the prevalence of data breaches.  This quarter’s Threats Report discloses that while the volume of data breaches is not exceptionally high, the total number of data breaches from the beginning of 2012 has already surpassed what we uncovered during the full year of 2011.  What I find as equally interesting as I do disturbing is that McAfee Labs is predicting an increase in volume and sophistication of data breach attacks in response to an increase in new defensive technologies like biometric and multifactor authentication. 

It’s a vicious cycle.  While my network security team is currently integrating the most advanced defenses into our various security offerings, McAfee Labs is trying to determine how stolen data will be used in future attacks and if that intelligence can somehow be used to prevent future attacks.  Although there are still so many unknowns, there is one thing I know for certain:  organizations that deploy a data loss prevention solution have far greater protection no matter what the future holds. 

3. Websites: Bad reputations, bad actors, bad news

At McAfee, we are relentless in our search for bad or malicious websites/URLs – those websites deemed to have malicious reputations because they host malware, potentially unwanted programs, or phishing sites. According to the Threats Report, by the end of September, the total number of suspect URLs tallied by McAfee Labs surpassed 43.4 million, which represents a 20 percent increase over the second quarter. In the case of suspect URLs, we’re seeing incredible volume – over 2.7 million per month – with most of them host to malware, exploits, or codes that have been designed specifically to compromise computers. Packing a punch in this website category is phishing.  McAfee Labs discovered a trend around financially-focused phishing attacks in the third quarter touching on five main areas and hitting some high-profile financial institutions like Wells Fargo, eBay, the IRS, and Amazon.

When I read these reports, I am always blown away by the massive volume of malicious sites developed by malicious people with equally-malicious motives.  At the same time, I am incredulous that a business could survive in this environment without a layered web protection solution in place backed by protection equal to McAfee Global Threat Intelligence and McAfee Labs.  It seems unthinkable. 

I cannot stress enough how critical it is for network security providers to stay one step ahead of the threats and I’m grateful that we have a brilliant team of researchers at McAfee to ensure that we can and that we do.  Without the collective data from our quarterly Threats Reports, it would be impossible to develop new defenses and bolster our current defenses to ensure that our enterprise customers are protected from the seemingly innocent website to the highly-calculated network infiltration.

Read the full McAfee Labs Q3 Threats Report, here: http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q3-2012.pdf

I met with key enterprise customers, telecom operators, and partners. I also met with a very knowledgeable journalist from one of the top Russian IT magazines. All these conversations were very enjoyable. Moreover, I was pleased to receive very positive feedback from customers, partners and media about the concept of our holistic security approach with our Security Connected Reference Architecture. My audience was interested to hear from our latest releases, especially our co-developments with Intel and the new protection features we provide for smartphones and tablets. This week, I travelled to the Middle East where I met quite a few key customers. In addition, I attended a Cyber Security Briefing in Saudi Arabia and met with over 50 CIO’s and security executives in the region.  McAfee released its latest Threat Report with Mobile “Drive-by Downloads”, use of twitter for control of mobile botnets, and mobile “Ransomware” counting among the latest trends.

The agenda of the Executive Briefing Center in Amsterdam starts to look pretty packed for the last month of the quarter and starts to fill for October. Customer and partners can experience in real time how attacks behave and spread throughout the Internet. I plan to personally welcome as many customers as possible in the EBC.

Next week I will be travelling to the UK for some exciting new meetings. More to come! Meanwhile don’t forget to stay in touch by following me on my twitter account: @GertJanSchenk

McAfee Labs Q1 2011 Threat Report reveals that the quarter recorded the highest activity in Q1 (January – February) malware history, coupled by significant changes in the threat scenario and hacking methodologies. The report also marks a sharp rise in botnets and threats to messaging and mobile devices. With rapid expansion of 3G phone users, this is indeed a matter for concern, especially as the Android OS has earned the dubious fame of being the third-most-targeted platform on the mobile front!

The report points out that malware writers, scammers, and cybercriminals are still using daily events, news, sports, and celebrities as bait for their schemes.

Here are some salient findings of the report:

1. Renewed growth in fake anti-virus software and generic password-stealing Trojans

2. Consistent search-term abuse, with 49% of the daily search terms in the top 100 results directing users to malicious websites

3. The Android was the second most popular environment for mobile malware, after the Symbian OS, resulting from the rising popularity of that platform

4. Spam is at its lowest levels since 2007, partly due to the successful shut down of the zombies and command structure of the Rustock botnet globally. However, McAfee labs expect that Rustock will be reseeded by cybercriminals during the coming months

5. There are many new botnets ready to fill the gap left by Rustock’s decline. Botnets can not only send spams but can also control various cybercrimes, like denial-of-service attacks, distribution and installation of malware, and hosting of phishing sites

6. McAfee Labs identified over 6 million unique malware samples in Q1 and predicts the cumulative count to reach 75 million samples by 2011-end at this rate

7. The growth in Koobface and AutoRun Trojans has plateaued

8. The number of domains, IP addresses, and URLs with malicious reputations has dropped since Q4 2010 but is still higher y-o-y

9. Interestingly the “banker” Trojans are using almost the same phish-like email topics on their spam campaigns.

10. Around 14 new sites per day were used in this quarter for illegal P2P sharing of files including music, film, license key generators, software cracks, and serial numbers

11. Malware makers benefits from the weaknesses in Adobe Flash and PDF technologies

12. Spam promoting phony or real products was the most popular lure, with drug spams leading in Russia and South Korea, and fake delivery status notifications ruling in Australia and China

So are all Internet users doomed? Never, as long as we have such dedicated security communities working around the clock to protect us. But we can also play a proactive role and safeguard our PC, laptops, and mobile gadgets with the latest complete internet security software. That way, it will be very difficult for spammers to reach us or for cyber criminals to turn our computers into zombies. Our kids will also remain safe online, if we use parental controls to monitor their internet activities.

Safe surfing everybody!

Anindita

When I mention Zombies, adults seem to glaze over. They don’t even know what a Double Tap is for goodness sakes! I have done a few blogs trying to get y’all up to speed. But I guess Zombie references don’t go far enough to explain how to protect yourself in the current Zombie Apocalypse! Yes, I said “current”. The Zombie Apocalypse has been going on for years!

What’s that you say? You think I have been watching too many movies??

Well, here is an Infographic from McAfee to prove my point that Zombies are living among us and I need your help to fight them!

As you can see in the infographic, most people don’t even know they’ve become a zombie, but it is easy to download malware that steals your personal data, damages your computer, and spams your friends and contacts. Be on the lookout for unsolicited messages that claim to have news on celebrities or other sensational topics or links to images and animated greeting cards. Never click on links or attachments included in these messages.

When the U.S. government is getting involved, you know that the outbreak is serious… However, my instructions are a little different from the CDC’s.

There are some common symptoms of an infected device:

• The device is running sluggish
• Unusual activity at startup
• Internet security or virus detection software disabled
• You get e-mails from auto responders that the recipient is not online or on vacation, but you do not know the recipient
• Number of tasks running on the computer exceeds what should be running
• The device running at or near capacity

(Privacy Rights Clearinghouse)

Tips to Avoid Becoming a Victim:

1. Never download or click anything from an unknown source. If you really think your friend is sending you a video clip or an electronic greeting card, double-check with the friend to be sure before you click on the link.
2. Before clicking on any links related to the news, check to see that the address is going to a well-established site. If it is a shortened URL, use a URL preview tool such as http://hugeurl.com/, to make sure it is safe to click on.
3. Buy consumer security software from a reputable, well known vendor, such as McAfee, and make sure the suite includes anti-virus, anti-spyware, anti-spam, anti-phishing, a two-way firewall, and a website safety advisor to stay protected against newly discovered malware and spam. Run the software EVERY DAY (not weekly or monthly) to make sure your machine is clear of malware.

Tips on What to Do If You Become a Victim:

1. To see if your machine has been infected, scan your computer for free using McAfee Security Scan Plus: http://us.mcafee.com/root/mfs/default.asp?cid=9913
2. If your social media account has been compromised, change your password immediately and delete all dangerous messages and links. Also, let your friends know that your account could be sending them spam in your name.
3. Contact the Cybercrime Response Unit at www.mcafee.com/cru, an online help center for advice and technical assistance, if you think you’ve been a victim of a cybercrime.

Please stay vigilant my friends! These Zombies won’t be taken out by records… stop opening attachments from people you don’t know!

Stay safe out there!

Tracy

@McAfeeCyberMom on Twitter

Aside from sending spam, botnets can be used to control other types of cybercrimes such as attacking Web sites, distributing viruses and other malware to others from your PC, and hosting phishing sites designed to steal personal information (e.g. your passwords, usernames, account information, and financial data).

In February 2011, McAfee saw botnets steadily declining worldwide, as law enforcement and security experts took down Rustock, the world’s largest botnet network. However, infections shot up to more than 3 million in March 2011, as researchers saw cybercriminals trying to make up for the loss of Rustock with a vengeance. Researchers also saw criminals attempting to make botnets work on Android phones and tablets (http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2011.pdf).

The Top Five Botnets Worldwide in May 2011:

1. Maazben
2. Bobax
3. Cutwail
4. Grum
5. Donbot

It is usually hard to tell which Botnet is sending the spam that lands in your inbox, but certain Bots favor certain topics, for example, #1 Maazben sends spam promoting luxury watches and counterfeit pharmaceutical drugs; #2 Bobax sends lots of “lonely girl” and Russian dating spam; and #3 Cutwail tends to send spam for replica watches, pharmaceutical drugs, and also phishes for personal data from respondents.

Countries with the Highest Zombie Populations in May 2011:

1. India
2. Russia
3. Brazil
4. Indonesia
5. Belarus

Countries with the Lowest Zombie Populations in May 2011:

1. French Guiana
2. Myotte
3. Cook Islands
4. St. Helena
5. Falkland Islands

As you can see in the infographic below, most people don’t even know they’ve become a zombie, but it is easy to download malware that steals your personal data, damages your computer, and spams your friends and contacts. Be wary of any unsolicited messages that claim to have news on celebrities or other sensational topics or links to images and animated greeting cards, and never click on links or attachments included in these messages.

There are some common symptoms of an infected device:

• The device is running sluggish
• Unusual activity at startup
• Internet security or virus detection software disabled
• You get e-mails from auto responders that the recipient is not online or on vacation, but you do not know the recipient
• Number of tasks running on the computer exceeds what should be running
• The device running at or near capacity

(Privacy Rights Clearinghouse)

Tips to Avoid Becoming a Victim:

1. Never download or click anything from an unknown source. If you really think your friend is sending you a video clip or an electronic greeting card, double-check with the friend to be sure before you click on the link.
2. Before clicking on any links related to the news, check to see that the address is going to a well-established site. If it is a shortened URL, use a URL preview tool such as http://hugeurl.com/, to make sure it is safe to click on.
3. Buy consumer security software from a reputable, well known vendor, such as McAfee, and make sure the suite includes anti-virus, anti-spyware, anti-spam, anti-phishing, a two-way firewall, and a website safety advisor to stay protected against newly discovered malware and spam. Run the software EVERY DAY (not weekly or monthly) to make sure your machine is clear of malware.

Tips on What to Do If You Become a Victim:

1. To see if your machine has been infected, scan your computer for free using McAfee Security Scan Plus: http://us.mcafee.com/root/mfs/default.asp?cid=9913
2. If your social media account has been compromised, change your password immediately and delete all dangerous messages and links. Also, let your friends know that your account could be sending them spam in your name.
3. Contact the Cybercrime Response Unit at www.mcafee.com/cru, an online help center for advice and technical assistance, if you think you’ve been a victim of a cybercrime.

greatfull-toolss.ru

greatfull.ru

hellcomeback.ru

However, a couple of these domains were already unavailable, but querying the whois database for greatfull.ru gives the following whois record:

nserver:    ns1.reg.ru.

nserver:    ns2.reg.ru.
state:      REGISTERED, DELEGATED, UNVERIFIED
person:     Private Person
phone:      +380686548525
fax-no:     +380686548525
e-mail:
registrar:  REGRU-REG-RIPN
created:    2010.11.03
paid-till:  2011.11.03

Googling for the email address used for registering the domain showed up several adds related to the DDoS service. One of the adds we came across displayed the services and capabilities this botnet can provide.

Darkness bot command and control

During our investigation, we came across the C&C UI used to track the botnet infections and send the DoS commands to the bot clients. One of the control panel we observed posted in underground forums looked like this:

The above control panel UI is in Russian. However, we have been able to translate and understand the purpose of quite a few commands through our command simulation setup. The following are the DDoS commands used by this Bot.

exe — > download specified binary from the server

dd1 — > HTTP GET DDoS attack

dd2 — > ICMP DoS attack

wtf — > Stop all the commands

tot — > Bot synchronization time

vot — > Voting

During our static analysis, we were able to unpack and reverse the binary. We located the Command and Control code within the  binary, as well as some other functionalities, which gives us the fair enough idea on how the malware runs on the victims system.

Below is the code segment for one of the commands and the action it takes if the command matches. After checking the command, it calls the same routine multiple times and calls the CreatThread API to initiate the DoS attack.

The above unpacked view of the binary reveals 3 hardcoded encrypted and Base64 encoded URLs, the string “darkness”, and it copies itself as dwm.exe on the victims machine and runs as IpSectPro service.

Network communications with the bot client

During our extensive research on this Bot, given that we had an idea of how the command format of the bot looks, we were able to simulate the DDoS attack. Once executed, the client sends the Registration request to the control server and we were able to make the server reply with the Base64 encoded DoS command as shown below:

Decoded command is an instruction to DoS the target websites

dd1=http://www.abc.com/;http://www.xyz.org

And we were able to see the DoS attack initiated from the client. Within the span of 5 minutes we saw approximately 80,000 hits logged on the server.

Next we simulated the ICMP DoS attack. We made the server reply with the “dd2” command to be able to see the ICMP DoS. Server response in this case is shown below:

HTTP/1.1 200 OK

Date: December 13, 2010 2:47:53 AM PST

Server: Xerver/4.32

Connection: close

Content-Type: text/html

ZGQyPWh0dHA6Ly93d3cuYWJjLmNvbS87aHR0cDovL3d3dy54eXoub3Jn

Above Base64 command when decoded: dd2=http://www.abc.com/;http://www.xyz.org which initiated the ICMP DoS.

McAfee IPS coverage  for Darkness

McAfee Intrusion Prevention (formerly IntruShield) has released coverage for the Darkness bot under the attack ID 0×48804600 BOT: Darkness Bot Activity Detected. McAfee customers with up-to-date installations are protected against this malware.

Their research was presented at the 5th International Conference on Malicious and Unwanted Software (MALWARE 2010) last week.  In a presentation titled “Rise of the iBots: 0wning a telco network”, Mulliner/Seifert look into various methods of establishing command and control (C&C) of a botnet over a mobile telephone company’s network.  Very timely, I added an overview of the research to my talk on Saturday at Toorcon.

The researchers didn’t implement any spreading functionality so that there was no risk of the botnet escaping the lab. They instead concentrated on seeing which communication methods were best for maintaining a distributed computing network (like a botnet); SMS, http, or P2P.  Unlike general PC security researchers, these two have experience in the challenges and issues involved in developing for low powered, limited CPU/RAM devices with inconsistent network connectivity(EDGE, 3G, WiFi, etc.).

The SMS method, using text messages to send commands to the bots, is commonly used by other mobile spyware and botnets.  The more advanced malware will also intercept and delete any command SMS messages, so that the user never suspects that they’re infected.  Mulliner has previous experience with SMS interception, having presented his research on the topic at the Black Hat USA security conference in 2009.

Instead of using straightforward text-based SMS messages like with other mobile malware, they use binary mode SMS. These are not system SMS messages or “flash” SMS messages that don’t leave a trail in the inbox.  They’re just SMS messages with about 140 bytes.  Sending in binary lets them encode commands in less space and also helps to make the C&C messages harder to detect.  They also determined that in addition to SMS, using a combination of P2P and http protocols could increase the robustness of the botnet.

There’s a joke amongst malware researchers that sometimes it feels like we’re doing QA for the malware authors; calling them out on their bad code.  Malware authors aren’t generally known for following secure development or software testing processes.  Occasionally it takes a professional developer/researcher to do it right.  Mulliner’s research from Black Hat involved fuzzing SMS handlers, so it was amusing to see that they actually fuzzed their botnet’s SMS command handling code.  I guess when you’re getting ready to take over your telephone company’s network, you can’t have your botnet fail just because it gets a malformed command SMS.

Since they used binary SMS messages, the botnet commands aren’t as easy to decode as a plain text protocol.  The table below shows the breakdown of a command SMS.  Mulliner/Seifert were careful in designing their communication protocol to insure that it was safe from replay attacks(responding only to packets with sequence numbers greater than the last command) or hijacking through command emulation(encrypting and digitally signing command messages).

Fig 1 - Binary command SMS messages are broken down into a few parts. Each command SMS is digitally signed to prevent hijacking of the botnet. The sequence number helps to prevent a replay attack. All packets can also be optionally encrypted to further evade detection.

Below is a breakdown of the commands they implemented:

Fig 2 - A human-readable list of the binary commands used in the botnet. Running a command can be used to DDOS a website.

After seeing an attempt at a stable, fault resistant, mobile botnet, one might wonder how to protect against such a threat.  On that note, we may actually be better off taking a page from Mulliner and Seifert’s presentation:

“Mobile telcos need to think about monitoring and fighting SMS-based botnets”.

This works for threats on the network. On the individual level there are still a few ways to shut the door on attackers:

• Install the latest official OS/firmware patches for your smartphone
• Avoid pirated software or software from untrusted sources

Cybercrooks have long been using botnets, or networks of remotely-controlled, infected computers, for malicious purposes. Now it is possible for cybercriminals to infect computers via dangerous websites, and control computers using social networking sites such as Twitter and LinkedIn.

The increasing popularity of social networking has created an emerging avenue for botnet distributors that is rich with potential. Since botnets are a continuing threat, you should be aware of how cybercrooks use them, and how to keep your computer from being part of the problem by not spreading the infection.

The Hook: Cybercriminals create malware designed to infect your machine with “bots”, or automated software programs that can execute remote commands, without your knowledge.

They then send out spam emails and instant messages (IM), enticing you to click on a link by mentioning a current news topic or popular artist. If you click on the link, a bot may unknowingly be downloaded onto your computer.

Once your computer is infected, the cybercrook can access and control your computer—and thousands of other infected machines—with the intent of sending spam email, to your friends and family, spreading malware disguised as a personal message from you.

The Latest Methods:

1)   Social botnets—Social networking sites like Twitter and LinkedIn provide cybercrooks a simple, yet elusive way to control the bot networks, allowing them to spread spam and malware at will.  

For example, it is now possible for cybercrooks to write basic code telling botnets to follow commands given by “@botcommand” on Twitter. To get the botnet to send spam, download a dangerous file, or launch a denial of service attack, all the cybercrook has to do is type in a simple command over Twitter.

Criminals can send the same kinds of commands on other platforms. On LinkedIn, for example, the cybercrook can create a profile and program bots to follow any command given by that profile. These applications serve solely as a means to send commands, and since they are so widely used and distributed, it is almost impossible to track the cybercrooks.

2) Bot kits—New “exploit kits” are available on the Internet that allow cybercrooks to remotely install software on infected machines and control them through a website. The way it works is pretty clever—the cybercrook simply sends out spam emails or spam instant messages containing links to a website that has the exploit kit installed.

Once the user clicks on the link, the kit determines which exploit to use, based on the user’s country, operating system and browser. With the exploit successfully installed, the cybercrook gains remote access to your machine.

3) P2P botnets—Bots controlled by peer-to-peer (P2P) networks are some of the most common botnets we see today. Like social bots, there is no central command, making them difficult to detect. However, they work quite differently. The cybercrook logs onto the P2P network and “pings” the network to see which bots are close by. Responding bots then take commands from a nearby server.

The Dangers: If your computer is part of the botnet, you are unwittingly helping the cybercriminals execute their crimes. Furthermore, your own computer and personal information is at-risk. A cybercrook could instruct the bot to disable your security software or access personal files. And, if your computer is being used to send a lot of spam, it could significantly slow down your machine.

Bottom Line: Cybercriminals continue to come up with new and easy ways to distribute and manage botnets. To avoid being part of the problem, keep your computer protected and learn more about how botnets work.

Tips to Avoid Becoming a Victim:

1) Never click on a link in a spam email or IM from someone you don’t know—it might download a bot onto your machine without your knowledge.

2) Turn your computer off when you are not using it – when you are disconnected from the Internet cybercrooks can’t access your machine

3) Use comprehensive security software, like McAfee Total Protection™ software, to protect you from viruses, spam, and other Internet threats, and keep the software up-to-date.

4) When surfing the web, always use a safe search plug-in, such as McAfee® SiteAdvisor® technology, which warns you of potentially dangerous sites right in your search results

5) Set your operating system and browser to automatically apply updates.

Tips on What to Do If You Have Become a Victim:

You’re think your computer is part of a botnet, now what?

1) First, check to see if your Internet connection is inexplicably slow. This might be because the bot is using your connection to send and receive data.

2) If you have a Windows machine, open the network tab under the Task Manager to see if your PC is using the Internet connection, and check to see how much bandwidth it is using. If it is more than a few percent, it is possible you have a bot.

3) If you believe you’re infected, disconnect from the Internet modem or router immediately. Reboot your computer in safe mode and run a full virus scan to remove any malicious code.

To sign up to receive alerts by email, please visit: http://home.mcafee.com/consumer-threats-signup

Our brave and bold participants were assembled from 10 countries and by the end of the 30 days they received more than 104,000 spam emails–that’s an average of 2,096 messages each, the equivalent of approximately 70 messages a day.

Many of the spam messages received were phishing emails: emails that pose as a trustworthy source to criminally acquire sensitive information such as usernames, passwords, and bank account details. Other emails carried viruses, and many allowed malware to be silently installed on the computers by persuading participants to surf unsafe web sites. A number of participants noted a decrease in their computer’s processing speed, as well as an increased number of pop-ups.

The Global ‘Spam League’:

1. United States 23233
2. Brazil 15856
3. Italy 15610
4. Mexico 12229
5. United Kingdom 11965
6. Australia 9214
7. The Netherlands 6378
8. Spain 5419
9. France 2597
10. Germany 2331

To read more about the participants experiences, go here
and make sure you download the ‘Global Spam Diaries’ as well.