Crimeware on the rise

In the past most viruses have been designed with two purposes in mind. The first to destroy data and systems and the second, and probably most important, to raise the profile of the virus writer in the hacking community.
2006 saw a new style of virus arrive and a change in the reason for virus creation. Crimeware, as defined by Kaspersky Lab is hostile software designed to financially benefit someone. In recent times the individual or company benefiting from the virus may not be the virus writer, these people are now software coders for hire. There are a small number of examples of viruses that have been specifically designed to attack one company but end up released into the wild.
Kaspersky have recently commented that they believe ransomware is on the increase. This type of virus encrypts an individuals data and the writer blackmails them for the key to unencrypt it.
Keeping your virus software up to date will help against this type of virus, but the best protection is backups of your data as there have been cases of the virus writers being ahead of the anti-virus companies.

Safer without Microsoft?

It's a common argument that by not using Microsoft technology an individual is protected against the nasty threats from the Internet. You are likely to hear comments like this from Apple Macintosh users and Firefox users.
While historically these technologies have been proven to be safer and more secure than Microsoft equivalents it doesn't mean users of Macs or Firefox should relax.
Two recent flaws have been discovered in Firefox. The first was a problem shared with IE that allowed a website to trick the browsers into entering usernames and passwords and the second a flaw with the anti-phishing toolbar that allows a remote user to execute code.
In January 2007 two Security Experts (LMH and Kevin Finisterre) ran a project called Month Of Apple Bugs (MOAB). During January the team identified a potential security flaw in Apple software each day, a total of 31 were produced. Examples of how to exploit these bugs were provided if possible. The project created a lot of publicity (Washington Post, BBC News) and succeeded in it's main aim of raising the security awareness of Apple users.
No matter what technology you're using you should always stay up to date with patches and security fixes.

Stopping the Spam

Unsolicited e-mail, or Spam, seems to go in cycles. During some parts of the year it's just a small trickle, during other parts it's as if everyone in the world is targeting you personally. These cycles tend to be based on new security flaws being found and the Spammers making use of them.
One of the most annoying Spam techniques, and one of the hardest to explain to people, is spoofing. In this technique the Spammer fakes the sender address so it looks like the e-mail comes from you. You then either get lots of people complaining to you or lots of bounced e-mails with sender unknown.
The IT industry have recognised this as a problem and realised that removing the ability to do this will help track spammers down. There are currently two initiatives to provide proof of sender for e-mails. The first is an Open Source project called OpenSPF and the second a Microsoft lead solution called Sender ID. The technologies are very similar and a number of providers are supporting both. They rely on the recipients mail server checking that the server the e-mail came from is allowed to send e-mail from you. The current danger with them is that some companies are turning on the checking but very few companies are turning on the technology that provides proof of sender, causing e-mails to be incorrectly marked as Spam.
Both rely on new entries in your DNS records, which normally have to be done by your hosting provider. If you don't have a SPF record in your DNS, or aren't sure if you do, then check with your hosting provider or ISP and ask them to add one. You will need to answer some questions about who sends your e-mail out and what servers they use. See the wizards on the OpenSPF or Microsoft sites to generate a SPF record.

Meet the newsletter

On March the 20th and 21st the East Midlands EBusiness Expo will be at the East Midlands Conference Centre in Nottingham. The event is free to attend and TMC will be exhibiting at the event, along with a large number of IT Suppliers. The event will include an exhibition area, 1-2-1 advice sessions and four conference sessions by industry experts.
We'll be running a win a bottle of champagne draw during the show and as a newsletter reader you will have two chances to enter. On either day, write the newsletter secret phrase (Continuity) on your business card and drop it in our draw jar. At the end of the week we'll be doing two draws, one for everyone and one just for newsletter readers. Good luck and don't forget to say hello on the day.