Beware November 24: Black Monday for malware?

Stephen Withers
Wednesday, 19 November 2008 01:11

Your IT - Home IT

For US retailers, the day after Thanksgiving is known as Black Friday in reference to the huge discounts that are offered to attract customers intent on Christmas and other holiday shopping.

The following Monday is regarded as the busiest day for online shopping, possibly as people try to secure items that were out of stock at the stores they visited or to eke out their remaining gift budgets with bargains from Internet retailers.

This seasonal increase in online activity as people prepare to do their holiday shopping provides an opportunity for those behind malware to reach a larger number of computers than usual.

In addition to spoof web sites that take customers' credit card details with no intention of delivering the goods (and every intention of using those details for fraudulent transactions), there are also floods of bogus Thanksgiving and Christmas cards that are used to spread malware.

If that malware includes a keystroke logger, miscreants may gain access to the credit card details victims provide to bona fide merchants, along with usernames and passwords for online banking and store accounts.

Consumers are being given the usual 'safe surfing' advice, including the use of software that warns of potentially dangerous sites (eg, PC Tools Browser Defender or McAfee SiteAdvisor), checking that their security software is up to date, and avoiding links in emails even if they appear to come from a trusted business (type in the URL for the site's home page instead).

While spam volumes are down following the isolation of US hosting provider McColo.net (which was used to control botnets responsible for somewhere between two-thirds and three-quarters of the world's spam), it seems probably that the spam rings will soon regroup.

That process was helped by McColo.net temporarily gaining access to the Internet via Swdish ISP TeliaSonera. That, according to FireEye Malware Intelligence Lab, gave the Rustock botnet an opportunity to change its command and control servers from McColo.net to a data centre in Russia.