McAffee See Sure In Spam
The first three months of 2013 have seen a surge in spam volume, as well as a growing number of samples of the Koobface social networking worm and master boot record (MBR) infecting malware, according to antivirus vendor McAfee.
After remaining relatively stable throughout 2012, spam levels rose during the first quarter of 2013, reaching the highest volume seen in the past two years, McAfee said in a report released Monday.
The amount of spam originating from some countries rose dramatically, McAfee said. Spam from Belarus increased by 540% while spam originating in Kazakhstan grew 150%.
Cutwail, also known as Pushdo, was the most prevalent spam-sending botnet during the first quarter, McAfee said.
The increased Pushdo activity has recently been observed by other security companies as well. Last month, researchers from security firm Damballa found a new variant of the Pushdo malware that’s more resilient to coordinated takedown efforts.
On the malware front, McAfee has also seen a surge in the number of Koobface samples, which reached previously unseen levels during the first quarter of 2013. First discovered in 2008, Koobface is a worm that spreads via social networking sites, especially through Facebook, by hijacking user accounts.
The number of malware samples designed to infect a computer’s master boot record (MBR) also reached a record high during the first three months of 2013, after increasing during the last quarter of 2012 as well, McAfee said.
The MBR is a special section on a hard disk drive that contains information about its partitions and is used during the system startup operation. “Compromising the MBR offers an attacker a wide variety of control, persistence, and deep penetration,” the McAfee researchers said in the report.
The MBR attacks seen during the first quarter involved malware like StealthMBR, also known as Mebroot; Tidserv, also known as Alureon, TDSS and TDL; Cidox and Shamoon, they said.
Windows 8 ‘Grace Period’ Ends
Microsoft has halted the 30-day grace period, a trademark of Windows 7, in the retail copies of Windows 8, requiring that users provide a product key during setup.
The change runs counter to previous practice by the Redmond, Wash. developer. With Windows 7, for example, users could run the OS for 30 days before activating the copy by providing a legitimate key.
That “grace period” was used by some to evaluate the software prior to purchasing, to save up to $100 by using an “upgrade” license to install the OS on a newly-formatted hard drive, and to create physical partitions or virtual machines for quick testing purposes.
Because Windows 8 handles activation differently, the grace period has been eliminated.
As several blogs have noted, customers must enter a unique product key — a 25-character alpha-numeric string — to proceed during Windows 8 setup. Failure to do so stops the process in its tracks. The Consumer Preview and Release Preview used this technique too, although Microsoft provided users a generic key for those sneak peeks.
Once Windows 8 is installed — assuming the machine is connected to the Internet — it automatically seeks out a Microsoft server to verify that the key is valid and then activates the OS. “If the licensed computer is connected to the Internet, the software will automatically connect to Microsoft for activation,” states the end-user licensing agreement, or EULA, for Windows 8 Pro.