Yagami Website

Unemployment in Japan has hit 5.7 percent in July, the highest on record since World War II.

Joblessness in the world's second-largest economy has been steadily rising from 4.8 percent in March to 5.4 percent in June. The record July number exceeded analyst predictions of 5.5 percent, which would have matched the previous postwar record.

The news comes on the eve of Japanese elections this weekend and could augur the end of rule of the nation's Liberal Democratic Party, which has had an iron grip on Japan's government for most of the last half century.

Japan's core consumer price index fell 2.2 percent, which could heighten deflation concerns.

The unemployment news ends a month of mixed economic news for Japan, which limped out of recession with slight growth in the last quarter. But trade data saw exports decrease in July after posting two months of slight gains.

Data released on Wednesday showed that shipments in July fell 36.5 percent by value year-on-year, outpacing the 35.7 percent decline in June. On a seasonally-adjusted basis, exports fell 1.3 percent from June.

Japan's economy grew 3.7 percent on an annualized basis from April to June this year, the first time the world's second-largest economy has seen positive growth in 15 months. Japan's GDP grew just under 1 percent during the three-month period and trade increased 1.6 percent.

Japan joined major economies such as Hong Kong, France and Germany by posting slight growth for the second quarter of the year.

The news that Japan -- the hardest hit of the major economies because of its reliance on exports -- had rebounded from recession triggered cautious optimism among economists that the worst of the global recession was over. Net exports, especially in high-tech industries and materials such as chemicals and steel, tentatively led Japan out of recession.

The uptick marked the end of the worst recession in Japan since the end of World War II. Japan's GDP fell at a record pace during the January-March quarter, when GDP was 15.4 percent lower than the same time period last year.

Prime Minister Taro Aso's government had hoped a political as well as economic bounce would result from its historic 15 trillion yen ($150 billion) stimulus package in May, which included unemployment benefits, aid to struggling companies, promotion of green industries and a variety of tax breaks

Starting Tuesday, many "robocalls" from telemarketers will be illegal.

Businesses that try to push products on consumers with automated and unsolicited calls will face fines of up to $16,000 per call, according to the Federal Trade Commission.

"American consumers have made it crystal clear that few things annoy them more than the billions of commercial telemarketing robocalls they receive every year," FTC Chairman Jon Leibowitz said in a news release.

Calls from politicians, public service announcements and "informational" calls will be exempt from the new rule. A call alerting a traveler that his or her flight has been delayed would still be allowed, for example.

Banks, telephone carriers and most charitable organizations are also excluded from the ban, the FTC says.

The FTC asks people to report questionable robocalls by visiting its complaint Web site or by calling 1-877-FTC-HELP.

"If consumers think they're being harassed by robocallers, they need to let us know, and we will go after them," Leibowitz said.

The ban on many pre-recorded calls was approved by the FTC in August of 2008 and is the last of a series of amendments to go into effect, said Lois Greisman, the FTC's associate director of marketing practices.

She said the ban applies only to pre-recorded calls and encouraged consumers to sign up for the federal "do not call" registry for additional protections.

Robocalls to mobile phones already are illegal, she said.

People still will be able to receive telemarketer calls if they give companies written permission to contact them.

Nate Anderson, a blogger at Ars Technica, a technology site, cheered the amendments but said many calls are illegal even without the new amendments.

"Most of the robocalls received by people in the office here are already illegal to do begin with -- pitches for time shares and bogus car warranties top the list of such calls," he wrote.

Search teams have found the flight data recorder from the Yemenia Airways plane that crashed off the Comoros Islands in June, killing 152 people, the chief investigator said Friday.

An operation to retrieve the recorder has begun, said a statement from investigator Ali Abdou Mohamed.

The Airbus 310 crashed into the Indian Ocean, carrying 142 passengers and 11 crew members. It originated in Yemen's capital, Sanaa, and went down just miles from Moroni, the capital of the Comoros Islands.

One person, a 13-year-old French girl, survived.

The recorder could contain information to help determine what caused the crash.

The plane had tried to land at the airport in Moroni, then made a U-turn before it crashed, Comoros Vice President Idi Nadhoim said soon after the accident.

A French official said that country had banned the plane after it failed an aviation inspection in 2007, but Yemenia Airways was not on the European Union's list of banned airlines.

Passengers on the flight included 66 French citizens, 54 Comorians, one Palestinian and one Canadian, according to Yemeni and French officials. The crew was made up of six Yemenis, two Moroccans, one Ethiopian, one Filipino and one Indonesian.

The Comoros Islands are between the east African country of Tanzania and the island nation of Madagascar.

Hurricane experts are throwing cold water on an idea backed by billionaire Microsoft founder Bill Gates aimed at controlling the weather.

Gates and a dozen other scientists have raised eyebrows by submitting patent applications for a technology to reduce the danger of approaching hurricanes by cooling ocean temperatures.

It's a noble idea, given the horrible memories from Hurricane Katrina, which slammed into the Gulf Coast four years ago this week.

The storm, which rated a frightening Category 3 when it made landfall in Louisiana, was blamed for $81 billion in damaged and destroyed property and the deaths of more than 1,800 men, women and children.

Skeptics applaud the motive of the concept but question its feasibility.

"The enormity of it, in order to do something effective, we'd have to do something at a scale that humans have never really done before," said Gabriel Vecchi, a research scientist with the National Oceanic and Atmospheric Administration.

How exactly would this hurricane-zapping technology work?

Hurricanes are fueled by warm water, and cooling the waters surrounding a storm would slow a storm's momentum.

According to the patents, many tub-like barges would be placed directly in the path of an oncoming storm. Each barge would have two conduits, each 500 feet long.

One conduit would push the warm water from the ocean's surface down. The other would bring up cold water where it lies deep undersea.

World reknowned hurricane expert William Gray, who's been studying and predicting the storms for a half-century, also doubts whether the proposal would work.

"The problem is the storms come up so rapidly," said Gray, a professor of atmospheric science at Colorado State University. "You only get two to three days warning. It's very difficult to bring up enough cold water in two to three days to have much effect."

The idea itself isn't groundbreaking, according to Gray, who said it could only be feasible if the barges were put into place at the beginning of hurricane season with the idea that storms will come.

"But you might do all that, and perhaps no storms would come. That's an economic problem," Gray said.

Even if the technology does work, Gray said it won't completely halt a hurricane.

"There is no way to stop it. The storm might weaken in the center, but the outer areas wouldn't be affected much."

And flooding and storm surges are determined by these outer winds, Gray said.

When word of Gates' five patent applications first made headlines in July, alarmed bloggers lit up the Internet, expressing fears that playing with ocean temperatures could lead to catastrophe, possibly forcing a storm in a different direction.

That's not likely, said Kerry Emanuel, a professor in atmospheric sciences at Massachusetts Institute of Technology.

"You're doing something to the ocean that the hurricane would have done anyway," Emanuel said.

Cold water that churns up during a storm slows down a hurricane naturally. But the coldest water is usually at the rear of the storm, so sometimes it's too late to weaken [the storm], Emanuel said.

"The key is doing it a little sooner than the storm itself does it and make [the hurricane] weaker than it would have been," he said. "There are enough experiments to find out whether hurricanes' natural cooling could steer the storm in a different location, and the answer is no, or it's a very small chance."

While Emanuel believes the physics are conceivable, he says the cost of implementing the system shouldn't outweigh the benefit.

"This would only be practical if the amount [of money] you spend doing this would be less than the damage caused by the hurricane," Emanuel said.

Gates and scientist Ken Caldeira, both listed as inventors on the patents, did not respond to CNN's requests to comment about their venture.

The patents, which were only made public last month by the U.S. Patent and Trade Office, were filed in January by Searete LLC. The company is a subsidiary of Intellectual Ventures, an invention firm run by Microsoft's former chief technology officer Nathan Myhrvold.

A spokeswoman for Intellectual Ventures, which holds about 27,000 technology patents, didn't elaborate on the cost associated with the patent.

"At this point, there are no plans for deployment, so there is no talk of funding," she said, adding that it could take up to 18 months for the patent application to be approved.

Regardless, inventors say that this technology is not something they'll be rushing to use anytime soon.

"This type of technology is not something humankind would use as a 'Plan A' or 'Plan B,'" Paul "Pablos" Holman, an inventor in the Intellectual Ventures laboratory, wrote on the company blog.

"These inventions are a 'Plan C,' where humans decide that we've exhausted all our behavior changing and alternative energy options and need to rely on mitigation technologies. If our planet is in this severe situation, then our belief is that we should not be starting from scratch at investigating mitigation options."

Hurricane expert Gray agrees.

"I don't think this is anything that's going to be done in the next few decades in a practical sense, but maybe further down the line," Gray said. "I would love to see Bill Gates, with all his money, use some of it to experiment."

One year before the day of his death, an ailing Sen. Ted Kennedy electrified a crowd of thousands at the Democratic National Convention.

"There is a new wave of change all around us, and if we set our compass true, we will reach our destination -- not merely victory for our party, but renewal for our nation," Kennedy said on August 25, 2008.

"And this November, the torch will be passed again to a new generation of Americans, so with Barack Obama and for you and for me, our country will be committed to his cause."

Two months later, the election of the United States' first black president marked the actualization of decades of work for Kennedy, who was a champion of civil rights throughout his nearly 50-year tenure in the Senate.

In the 1960s, as civil rights battles raged across the country, it was Kennedy's brother, President John F. Kennedy, who sought passage of a landmark bill to ban discrimination.

And when JFK was assassinated, Ted Kennedy, already filling his older brother's Senate seat, filled his shoes, too, helping to push the legislation through.

The first major speech Kennedy made on the Senate floor was in support of the 1964 Civil Rights Act, which banned discrimination based on race or gender in public places, schools and places of employment.

"He didn't have to do it. He was not from the heart of the American South ... but I think because of his upbringing, his faith, his passion, he would say over and over again, 'We must do what is right. It's the right thing to do. We have a moral obligation,' " Lewis said.

And even as his 1980 presidential bid came to an end, Kennedy kept his focus on equal rights.

"And we can be proud that our party stands plainly and publicly and persistently for the ratification of the Equal Rights Amendment," he said in the keynote address at the Democratic convention that year.

"Women hold their rightful place at our convention, and women must have their rightful place in the Constitution of the United States. On this issue we will not yield; we will not equivocate; we will not rationalize, explain or excuse. We will stand for E.R.A. and for the recognition at long last that our nation was made up of founding mothers as well as founding fathers."

While the White House eluded his grasp, the longtime Massachusetts senator was considered one of the most effective legislators of the past few decades. In addition to the Civil Rights Act, Kennedy played a key role in passing the Voting Rights Act of 1965, the 1990 Americans with Disabilities Act and the 1993 Family and Medical Leave Act. He earned a reputation as an outspoken liberal standard-bearer during a conservative-dominated era from the 1980s to the early 2000s.

The senator pulled no punches when he felt civil rights might be in danger. In 1987, Kennedy led the opposition to President Reagan's nominee for the Supreme Court, Robert Bork. The senator was quick to warn that he thought Bork's conservative ideology would be dangerous for the country.

"In Robert Bork's America, there is no room at the inn for blacks and no place in the Constitution for women. And in our America, there should be no seat on the Supreme Court for Robert Bork," Kennedy charged. His effort was successful, as Reagan's nominee was rejected.

Sen. Chris Dodd, a close friend and colleague, said Kennedy spent his life fighting for justice for all.

"The issue was people in the shadows, people who don't have lawyers and lobbyists, people who don't have advocates," said Dodd, D-Connecticut.

"And so his biggest issue were those millions of people -- and that includes everyone, because everyone at some point or another in our lives needs an advocate. And you never could have a better one than Ted Kennedy. When he was in your corner, he was in it forever."

Kennedy made life different -- and better, Lewis said. "During the '60s, I saw those signs that said 'white men, colored men; white women, colored women; white waiting, colored waiting.' He helped to bring those signs down."

For many, it was fitting that Kennedy became an early supporter of Obama's presidential campaign, reaching out to all the groups he championed in the past to carry his civil rights legacy to the future.

"The work begins anew. The hope rises again. And the dream lives on," Kennedy said at the close of his convention address last year.

The morning after Kennedy's death, Obama acknowledged the personal role Kennedy played in helping him become president of the United States.

"I valued his wise counsel in the Senate, where, regardless of the swirl of events, he always had time for a new colleague. I cherished his confidence and momentous support in my race for the presidency. And even as he waged a valiant struggle with a mortal illness, I've profited as president from his encouragement and wisdom," the president said in a statement Wednesday morning.

"For five decades, virtually every major piece of legislation to advance the civil rights, health and economic well-being of the American people bore his name and resulted from his efforts."

Kennedy, Obama said, "picked up the torch of his fallen brothers and became the greatest United States senator of our time."

Al Qaeda's second-in-command called on Pakistanis to back Islamic militants in the country's tribal areas against what he called an ongoing assault by American "crusaders" and the Pakistani army.

Punishment from God was promised for Muslims who did not follow the words of Ayman al-Zawahiri in a video that appeared on radical Islamist Web sites Thursday.

"The war in the tribal areas and Swat [Valley] is an inseparable part of the crusaders' assault on the Muslims the length and breadth of the Islamic world," al-Zawahiri said in the video, titled "Path of Doom."

"This is the battle, briefly and plainly; and this is why anyone who supports the Americans and Pakistan army -- under any pretext, ploy or lie -- is in fact standing with, backing and supporting the crusaders against Islam and Muslims."

The Pakistani military is fighting Taliban militants in the country's north, and missile attacks from suspected U.S. drones have targeted militant leaders -- one of them killing Baitullah Mehsud, the leader of the Pakistani Taliban.

Reports from the region suggest government troops have dislodged the Taliban from many areas of the North West Frontier Province, but militant attacks continue daily.

In the video, Al-Zawahiri suggested that the United States has wider goals in the region.

"They want to eliminate the Mujahedeen (Islamic militants) in the tribal areas so they can seek to smother the Jihad in Afghanistan," he said.

NATO-led forces are battling the Taliban across the border in Afghanistan as well. U.S. and British forces launched offensives in Helmand province this summer.

Al-Zawahiri warned Muslims that they have a religious duty to support the jihad, or struggle, or face punishment from God.

"No people abandons Jihad without Allah giving them a general punishment," he said, quoting the Quran.

Al-Zawahiri also prayed for the annihilation "the Americans and Jews" and anyone who might help them.

From the time she was an 11-year-old, blue-eyed, freckle-faced blonde until she was a 29-year-old woman with two children, Jaycee Dugard was kept locked away in a backyard compound of sheds and tarps by a couple police say abducted her.

She was more than 160 miles from home, and her family had no idea where she was.

Nobody else knew she was there except the couple that snatched her off the street in front of her house in South Lake Tahoe, California, in 1991, and took her straight to the soundproof shed, police said.

Dugard's pocket of Phillip and Nancy Garrido's backyard in Antioch, California, was so overgrown no one even knew it existed.

The details about Dugard's time in captivity emerged Thursday after one of Northern California's most enduring mysteries was solved and the Garridos were arrested and accused of her kidnapping.

Anyone who came across the couple's backyard, littered with garbage cans and a dishwasher, would assume that it ended at a six-foot fence.

"You could walk through the backyard and never know there was another set of living circumstances," said Fred Kollar, undersheriff of El Dorado County. "There was nothing that would cause you to question it. You can't see it from either adjoining property. It was presumably well arranged."

But tucked away beyond the tangle of bushes, high grass and trees was a blue tarp that concealed the only world Dugard had known since her abduction.

In it were sheds and tarps, a makeshift bathroom and shower, along with electricity supplied by an extension cord. Kollar compared the primitive conditions to camping.

Dugard lived for several years there by herself. The sheds were locked from the outside.

She grew up and had her captor's children there, and raised them there.

"None of them have ever been to school, they've never been to a doctor," Kollar said. "They were kept in complete isolation in this compound, if you will, at the rear of the house," he said. "They were born there."

The children, both girls, are now 15 and 11.

"They are all in good health," Kollar said in response to a question about how Dugard and her children are doing. "But living in a backyard for the last 18 years does take its toll."

Research and Markets has announced the addition of GlobalData's new report "The Future of the US Solar PV Equipments Market" to their offering.

The US federal government has provided a funding of $3.1 billion to the states, as part of its economic stimulus package, to encourage photovoltaic (PV) installations and expand solar PV support programs. This is part of the country's plan to encourage the growth of renewables in the energy portfolio. The government has also extended federal tax credits for solar PV. These support mechanisms combined are expected to open up high-growth markets for PV equipments such as inverters and modules. The PV inverter market in the US is therefore expected to generate an estimated $347.90 million by 2013, while the modules market is expected to generate $2,741 million by 2013.

GlobalData viewpoints cover the latest events or important trends in the alternative energy industry and provide our in-depth analysis of issues and challenges. Viewpoints offer expert opinions and Our views of various developments that have been taking place in the alternative energy industry across the world.

Trojans can be classified according to the actions which they carry out on victim machines. Backdoors General Trojans PSW Trojans Trojan Clickers Trojan Downloaders Trojan Droppers Trojan Proxies Trojan Spies Trojan Notifiers ArcBombs Rootkits Backdoors Today backdoors are the most dangerous type of Trojans and the most widespread. These Trojans are remote administration utilities that open infected machines to external control via a LAN or the Internet. They function in the same way as legal remote administration programs used by system administrators. This makes them difficult to detect. The only difference between a legal administration tool and a backdoor is that backdoors are installed and launched without the knowledge or consent of the user of the victim machine. Once the backdoor is launched, it monitors the local system without the user's knowledge; often the backdoor will not be visible in the log of active programs. Once a remote administration utilitiy has been successfully installed and launched, the victim machine is wide open. Backdoor functions can include: Sending/ receiving files Launching/ deleting files Executing files Displaying notification Deleting data Rebooting the machine In other words, backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data, include the machine in bot networks and so forth. In short, backdoors combine the functionality of most other types of Trojans in one package. Backdoors have one especially dangerous sub-class: variants that can propagate like worms. The only difference is that worms are programmed to propagate constantly, whereas these 'mobile' backdoors spread only after a specific command from the 'master'. General Trojans This loose category includes a variety of Trojans that damage victim machines or threaten data integrity, or impair the functioning of the victim machine. Multi-purpose Trojans are also included in this group, as some virus writers create multi-functional Trojans rather than Trojan packs. PSW Trojans This family of Trojans steals passwords, normally system passwords from victim machines. They search for system files which contain confidential information such as passwords and Internet access telephone numbers and then send this information to an email address coded into the body of the Trojan. It will then be retrieved by the 'master' or user of the illegal program. Some PSW Trojans steal other types of information such as: System details (memory, disk space, operating system details) Local email client IP-address Registration details Passwords for on-line games Trojan-AOL are PSW Trojans that steal passwords for aol (American Online) They are contained in a sub-groups because they are so numerous. Trojan Clickers This family of Trojans redirects victim machines to specified websites or other Internet resources. Clickers either send the necessary commands to the browser or replace system files where standard Internet urls are stored (e.g. the 'hosts' file in MS Windows). Clickers are used: To raise the hit-count of a specific site for advertising purposes To organize a DoS attack on a specified server or site To lead the victim to an infected resource where the machine will be attacked by other malware (viruses or Trojans) Trojan Downloaders This family of Trojans downloads and installs new malware or adware on the victim machine. The downloader then either launches the new malware or registers it to enable autorun according to the local operating system requirements. All of this is done without the knowledge or consent of the user. The names and locations of malware to be downloaded are either coded into the Trojan or downloaded from a specified website or other Internet location. Trojan Droppers These Trojans are used to install other malware on victim machines without the knowledge of the user. Droppers install their payload either without displaying any notification, or displaying a false message about an error in an archived file or in the operating system. The new malware is dropped to a specified location on a local disk and then launched. Droppers are normally structured in the following way: Main file contains the dropper payload File 1 first payload File 2 second payload ... as many files as the coder chooses to include The dropper functionality contains code to install and execute all of the payload files. In most cases, the payload contains other Trojans and at least one hoax: jokes, games, graphics and so forth. The hoax is meant to distract the user or to prove that the activity caused by the dropper is harmless, whereas it actually serves to mask the installation of the dangerous payload. Hackers using such programs achieve two objectives: Hidden or masked installation of other Trojans or viruses Tricking antivirus solutions which are unable to analyse all components Trojan Proxies These Trojans function as a proxy server and provide anonymous access to the Internet from victim machines. Today these Trojans are very popular with spammers who always need additional machines for mass mailings. Virus coders will often include Trojan-proxies in Trojan packs and sell networks of infected machines to spammers. Trojan Spies This family includes a variety of spy programs and key loggers, all of which track and save user activity on the victim machine and then forward this information to the master. Trojan-spies collect a range of information including: Keystrokes Screenshots Logs of active applications Other user actions These Trojans are most often used to steal banking and other financial information to support online fraud. Trojan Notifiers These Trojans inform the 'master' about an infected machine. Notifiers confirm that a machine has been successfully infected, and send information about IP-address, open port numbers, the email address etc. of the victim machine. This information may be sent by email, to the master's website, or by ICQ. Notifiers are usually included in a Trojan 'pack' and used only to inform the master that a Trojan has been successfully installed on the victim machine. Rootkits A rootkit is a collection of programs used by a hacker to evade detection while trying to gain unauthorized access to a computer. This is done either by replacing system files or libraries, or by installing a kernel module. The hacker installs the rootkit after obtaining user-level access: typically this is done by cracking a password or by exploiting a vulnerability. This is then used to gather other user IDs until the hacker gains root, or administrator, access to the system. The term originated in the Unix world, although it has since been applied to the techniques used by authors of Windows-based Trojans to conceal their actions. Rootkits have been used increasingly as a form of stealth to hide Trojan activity, something that is made easier because many Windows users log in with administrator rights. ArcBombs These Trojans are archived files coded to sabotage the de-compressor when it attempts to open the infected archived file. The victim machine will slow or crash when the Trojan bomb explodes, or the disk will be filled with nonsense data. ArcBombs are especially dangerous for servers, particularly when incoming data is initially processed automatically: in such cases, an ArcBomb can crash the server. There are three types of ArcBombs: incorrect header in the archive, repeating data and a series of identical files in the archive. An incorrect archive header or corrupted data can both cause the de-compressor to crash when opening and unpacking the infected archive. A large file containing repeating data can be packed into a very small archive: 5 gigabytes will be 200 KB when packed using RAR and 480 KB in ZIP format. Moreover, special technologies exist to pack an enormous number of identical files in one archive without significantly affecting the size of the archive itself: for instance, it is possible to pack 10100 identical files into a 30 KB RAR file or a 230 KB ZIP file.

Virus writers: four general types Virus writers belong to one of four broad groups: cyber-vandals, who can be divided into two categories, and more serious programmers, who can again be split into two groups. Cyber vandalism - stage 1 In the past, most malware was written by young programmers: kids who just had learned to program who wanted to test their skills. Fortunately most of these programs did not spread widely - the majority of such malware died when disks were reformatted or upgraded. Viruses like these were not written with a concrete aim or a definite target, but simply for the writers to assert themselves. Cyber vandalism - stage 2 The second largest group of contributors to malware coding were young people, usually students. They were still learning programming, but had already made a conscious decision to devote their skills to virus writing. These were people who had chosen to disrupt the computing community by committing acts of cyber hooliganism and cyber vandalism. Viruses authored by members of this group were usually extremely primitive and the code contained a large number of errors. However, the development of the Internet provided space and new opportunities for these would-be virus writers.Numerous sites, chat rooms and other resources sprang up where anyone could learn about virus writing: by talking to experienced authors and downloading everything from tools for constructing and concealing malware to malicious program source code. Professional virus writers And then these 'script kiddies' grew up. Unfortunately, some of them did not grow out of virus writing. Instead, they looked for commercial applications for their dubious talents. This group remains the most secretive and dangerous section of the computer underground: they have created a network of professional and talented programmers who are very serious about writing and spreading viruses. Professional virus writers often write innovative code designed to penetrate computers and networks; they research software and hardware vulnerabilities and use social engineering in original ways to ensure that their malicious creations will not only survive, but also spread widely. Virus researchers: the 'proof-of-concept' malware authors The fourth and smallest group of virus writers is rather unusual. These virus writers call themselves researchers, and they are often talented programmers who devote their skills to developing new methods for penetrating and infecting systems, fooling antivirus programs and so forth. They are usually among the first to penetrate new operating systems and hardware. Nevertheless, these virus writers are not writing viruses for money, but for research purposes. They usually do not spread the source code of their 'proof of concept viruses', but do actively discuss their innovations on Internet resources devoted to virus writing. All of this may sound innocent or even beneficial. However, a virus remains a virus and research into new threats should be conducted by people devoted to curing the disease, not by amateurs who take no responsibility for the results of their research. Many proof of concept viruses can turn into serious threats once the professional virus writers gain access to them, since virus writing is a source of income for this group. Why write viruses? Fraud The computer underground has realised that paid for Internet services, such as Internet access, email and web hosting, provides new opportunities for illegal activity with the additional satisfaction of getting something for nothing. Virus writers have authored a range of Trojans which steal login information and passwords to gain free access to other users' Internet resources. The first password stealing Trojans appeared in 1997: the aim was to gain access to AOL. By 1998 similar Trojans appeared for all other major Internet service providers. Trojans stealing log in data for dial-up ISPs, AOL and other Internet services are usually written by people with limited means to support their Internet habit, or by people who do not accept that Internet resources are a commercial service just like any other, and must therefore be paid for. For a long time, this group of Trojans constituted a significant portion of the daily 'catch' for antivirus companies worldwide. Today, the numbers are decreasing in proportion to the decreasing cost of Internet access. Computer games and software license keys are another target for cyber fraud. Once again, Trojans providing free access to these resources are written by and for people with limited financial resources. Some hacking and cracking utilities are also written by so-called 'freedom fighters', who proclaim that all information should be shared freely throughout the computing community. However, fraud remains a crime, no matter how noble the aim is made out to be. Organised cyber crime The most dangerous virus writers are individuals and groups who have turned professional. These people either extract money directly from end users (either by theft or by fraud) or use zombie machines to earn money in other ways, such as creating and selling a spamming platform, or organizing DoS attacks, with the aim here being blackmail. Most of today's serious outbreaks are caused by professional virus writers who organize the blanket installations of Trojans to victim machines. This may be done by using worms, links to infected sites or other Trojans. Bot networks Currently, virus writers either work for particular spammers or sell their wares to the highest bidder. Today, one standard procedure is for virus writers to create bot networks, i.e. networks of zombie computer infected with identical malicious code. In the case of networks used as spamming platforms, a Trojan proxy server will penetrate the victim machines. These networks number from a thousand to tens of thousands of infected machines. The virus writers then sell these networks to the highest bidder in the computer underground. Such networks are generally used as spamming platforms. Hacker utilities can be used to ensure that these networks run efficiently; malicious software is installed without the knowledge or consent of the user, adware programs can be camoflaged to prevent detection and deletion, and antivirus software may be attacked. Financial gain Apart from servicing spam and adware, professional virus writers also create Tojan spies which they use to steal money from e-wallets, Pay Pal accounts and/or directly from Internet bank accounts. These Trojans harvest banking and payment information from local machines or even corporate servers and then forward it to the master. Cyber extortion The third major form of contemporary cyber crime is extortion or Internet rackets. Usually, virus writers create a network of zombie machines capable of conducting an organized DoS attack. Then they blackmail companies by threatening to conduct a DoS attack against the corporate website. Popular targets include estores, banking and gambling sites, i.e. companies whose revenues are generated directly by their on-line presence. Other malware Virus writers and hackers also ensure that adware, dialers, utilities that redirect browsers to pay-to-view sites and other types of unwanted software function efficiently. Such programs can generate profits for the computer underground, so it's in the interests of virus writers and hackers to make sure that these programs are not detected and are regularly updated. In spite of the media attention given to young virus writers who manage to cause a global epidemic, approximately 90% of malicious code is written by the professionals. Although all of four groups of virus writers challenge computer security, the group which poses a serious, and growing threat is the community of professional virus writers who sell their services.

Sometimes even an experienced user will not realise that a computer is infected with a virus. This is because viruses can hide among regular files, or camoflage themselves as standard files. This section contains a detailed discussion of the symptoms of virus infection, how to recover data after a virus attack and how to prevent data from being corrupted by malware.

Symptoms of infection

There are a number of symptoms which indicate that your computer has been infected. If you notice "strange things" happening to your computer, namely:

• unexpected messages or images are suddenly displayed
• unusual sounds or music played at random
• your CD-ROM drive mysteriously opens and closes
• programs suddenly start on your computer
• you receive notification from your firewall that some applications have attempted to connect to the Internet, although you did not initiate this, then it is very likely that your computer has been infected by a virus

Additionally, there are some typical symptoms which indicate that your computer has been infected via email:

• your friends mention that they have received messages from your address which you know you did not send
• your mailbox contains a lot of messages without a sender's e-mail address or message header

These problems, however, may not be caused by viruses. For example, infected messages that are supposedly coming from your address can actually be sent from a different computer.

There is a range of secondary symptoms which indicate that your computer may be infected:

• your computer freezes frequently or encounters errors
• your computer slows down when programs are started
• the operating system is unable to load
• files and folders have been deleted or their content has changed
• your hard drive is accessed too often (the light on your main unit flashes rapidly)
• Microsoft Internet Explorer freezes or functions erratically e.g. you cannot close the application window

90% of the time the symptoms listed above indicate a hardware or software problem. Although such symptoms are unlikely to be caused by a virus, you should use your antivirus software to scan your computer fully.

What you should do if you notice symptoms of infection

If you notice that your computer is functioning erratically

1. Don't panic! This golden rule may prevent the loss of important data stored in your computer and help you avoid unnecessary stress.
2. Disconnect your computer from the Internet.
3. If your computer is connected to a Local Area Network, disconnect it.
4. If the computer cannot boot from the hard drive (error at startup), try to start the system in Safe Mode or from the Windows boot disk
5. Before taking any action, back up all critical data to an external drive (a floppy disk, CD, flash memory, etc.).
6. Install antivirus software if you do not have it installed.
7. Download the latest updates for your antivirus database. If possible, do not use the infected computer to download updates, but use a friend's computer, or a computer at your office, an Internet cafe, etc. This is important because if you are connected to the Internet, a virus can send important information to third parties or may try to send itself to all email addresses in your address book. You may also be able to obtain updates for your antivirus software on CD-ROM from the software vendors or authorized dealers.
8. Perform a full system scan.

If no viruses are found during a scan

If no viruses are found during the scan and the symptoms that alarmed you are classifed, you probably have no reason to worry. Check all hardware and software installed in your computer. Download Windows patches using Windows Update. Deinstall all unlicensed software from your computer and clean your hard drives of any junk files.

If viruses are found during a scan

A good antivirus solution will notify you if viruses are found during a scan, and offer several options for dealing with infected objects.

In the vast majority of cases, personal computers are infected by worms, Trojan programs, or viruses. In most cases, lost data can be successfully recovered.

1. A good antivirus solution will provide the option to disinfect for infected objects, quarantine possibly infected objects and delete worms and Trojans. A report will provide the names of the malicious software discovered on your computer.
2. In some cases, you may need a special utility to recover data that have been corrupted. Visit your antivirus software vendor's site, and search for information about the virus, Trojan or worm which has infected your computer. Download any special utilities if these are available.
3. If your computer has been infected by viruses that exploit Microsoft Outlook Express vulnerabilities, you can fully clean your computer by disinfecting all infected objects, and then scanning and disinfecting the mail client's databases. This ensures that the malicious programs cannot be reactivated when messages which were infected prior to scanning are re-opened. You should also download and install security patches for Microsoft Outlook Express.
4. Unfortunately, some viruses cannot be removed from infected objects. Some of these viruses may corrupt information on your computer when infecting, and it may not be possible to restore this information. If a virus cannot be removed from a file, the file should be deleted.

If your computer has suffered a severe virus attack

Some viruses and Trojans can cause severe damage to your computer:

1. If you cannot boot from your hard drive (error at startup), try to boot from the Windows rescue disk. If the system can not recognize your hard drive, the virus has damaged the disk partition table. In this case, try to recover the partition table using scandisk, a standard Windows program. If this does not help, contact a computer data recovery service. Your computer vendor should be able to provide contact details for such services.

If you have a disk management utility installed, some of your logical drives may be unavailable when you boot from the rescue disk. In this case, you should disinfect all accessible drives, reboot from the system hard drive and disinfect the remaining logical drives.

2. Recover corrupted files and applications using backup copies after you have scanned the drive containing this data.

Diagnosing the problem using standard Windows tools

Although this is not recommended unless you are an experience user, you may wish to:

• check the integrity of the file system on your hard drive (using CHKDSK program) and repair file system errors. If there are a large number of errors, you must backup the most important files to removable storage media before fixing the errors
• scan your computer after booting from the Windows rescue disk
• use other standard Windows tools, for example, the scandisk utility

For more details on using these utilities, refer to the Windows Help topics.

If nothing helps

If the symptoms described above persist even after you have scanned your computer, and checked all installed hardware and software and your hard drive using Windows utilities, you should send a message with a full description of the problem to your antivirus vendor's technical support department.

Some antivirus software developers will analyse infected files submitted by users.

After you have eradicated the infection

Once you have eradicated the infection, scan all disks and removable storage media that may be infected by the virus.

Make sure that you have appropriately configured antivirus software installed on your computer.

Practice safe computing.

All of these measures will help prevent your computer getting infected in the future.

A teenage resident of Tallinn has been arrested by Estonian police in connection with a wave of Denial of Service attacks that disrupted the functioning of the country's Internet servers. The attacks were linked to a diplomatic stand-off between Estonia and Russia over the relocation of a Soviet-era war memorial in the Baltic state's capital. Protests from the local Russian minority spilled over from the streets of Tallinn, where one person died and more than 150 were arrested, onto the Internet: official web portals were hacked and access to them blocked.

Following days of disturbances a tense calm has now descended over Tallinn, and Estonian police have now reported their first arrest in connection with the Internet attacks. According to a spokesperson for the prosecutor's office, a 19-year-old of Russian origin has been arrested in Tallinn. The teenager was allegedly involved in posting calls for DoS attacks on Estonian sites and providing IP addresses for official sites that he wanted targeted.

Despite the fact that many attacks may have have come from abroad, Estonia intends to use all means at its disposal to bring those responsible for blocking the country's key Internet portals to justice. This means that this first arrest may certainly not be the last in the Estonian investigation - the authorities are still trying to find the perpetrators, and according to official sources many leads can be traced to Russia. Ivo Kolk, from the Central Criminal Police, said that the main attack routes were traced by his department in cooperation with other state services and private security professionals.

The UK’s largest ever credit card fraud gang has been dismantled in London. The fraudsters, who could have netted an estimated £17m, received jail sentences from a judge who called their offences “very serious. A total of five people, all from Eastern Europe, were involved in the scam.

Gang leader Roman Zykin, an illegal immigrant from Russia, was jailed for five and a half years and recommended for deportation at the end of serving his sentence. Two Polish men were also jailed for three and four years respectively, while Estonian “link man” Hannes Pajasalu will serve two years. At a previous hearing Zykin’s wife, Malgorzata, received a six month sentence. The investigation into the gang’s activities lasted for 18 months and spanned several continents, as the FBI, Europol, Estonian police and other authorities and banking bodies, aided UK police in the task of bringing the five to justice. The search for the five culprits was hampered by the gang using sophisticated encryption techniques to hide their electronic traces. Interestingly, the investigation was triggered by a routine stop and search of Roman Zykin by an anti-terrorist patrol at Victoria Station in London, when dozens of mobile phone top-up cards were found in his possession.

The authorities believe the group, which was highly organized and skilled, had access to tens of thousands of stolen credit card numbers, which were held on their state-of-the-art computer systems. According to the police, these numbers were mainly sourced from the US, where hackers stole them in a major attack on a database. Prosecutors have so far tracked some £150,000 in criminal transactions but expect the losses to be much higher, as these fraudsters could afford a lavish life in Britain and abroad, staying in £900,000 mansions and going on five-star holidays abroad. However, for the next few years these cybercriminals will have to holiday in jail.

Source:

A 47 year old computer technician has been sentenced to four years in jail after being found guilty of using malware to gain control of webcams and to take pictures of the webcam's owners without their knowledge or consent.

The Cypriot man, who has not been named, used a Trojan program to control a 17 year old's webcam and take illicit pictures of her. He then attempted to blackmail the victim, saying he would make the pictures public unless she posed naked for him in front of her webcam. The victim, whose machine became infected after she opened an email attachment, responded to the blackmail demands by going to the local police.

The man was initially arrested in 2005, the same year in which two Spanish men were arrested in separate incidents for similar crimes. One of them, a computer science student, was ordered to pay 3,000 euros compensation to his victim, and a 1,000 euro fine.

Eleven people, including three U.S. citizens, have been indicted by the U.S. Department of Justice on charges relating to identity theft and hacking. The suspects were allegedly involved in the theft of more than 40 million debit and credit card accounts in the last three years, including the high-profile case in which the retail giant TJX claimed that over 46.5 million credit cards had been stolen.

U.S. Attorney General Michael Mukasey commented that the group "used sophisticated computer hacking techniques, breaching security systems and installing programs that gathered enormous qunatities of personal financial data, which they then allegedly sold to others or used themselves." They identified vulnerable commercial networks and collected credit card numbers, PIN numbers and other account data using network sniffers. Some of the information was then sold on via servers in Eastern Europe and the United States.

Albert Gonzalez, one of the defendants, has been charged with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy. Two other Miami men, Christopher Scott and Damon Patrick Toey were also charged. The remaining members of the group (one of whom is only known by an online pseudonym), from countries which include Estonia, Ukraine, the People's Republic of China and Belarus, have been indicted for running and international distribution ring for stolen debit and credit card accounts. If Gonzalez is convicted, he could be sentenced to life in jail.

Mukasey characterized the case as "the single largest and most complex identity theft case ever charged in this country." He also commented that the outcome "shows that, with the cooperation of our law enforcement partners around the world, we can identify, charge and apprehend even the most sophisticated international computer hackers".

This Trojan has a malicious payload. It is a Windows PE EXE file. It is 23552 bytes in size.

Installation

The Trojan copies its executable file as follows:

In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan adds a link to its executable file in the system registry:

Payload

The Trojan adds its executable file to the Windows firewall list of trusted applications. It then launches the “iexplore.exe” process and injects its code into this process.

It also attempts to terminate the following processes:

avesvc.exe
ashdisp.exe
avgrsx.exe
bdss.exe
spider.exe
avp.exe
nod32krn.exe
cclaw.exe
dvpapi.exe
ewidoctrl.exe
mcshield.exe
pavfires.exe
almon.exe
ccapp.exe
pccntmon.exe
fssm32.exe
issvc.exe
vsmon.exe
cpf.exe
ca.exe
tnbutil.exe
avp.exe
mpfservice.exe
npfmsg.exe
outpost.exe
tpsrv.exe
pavfires.exe
kpf4ss.exe
persfw.exe
vsserv.exe
smc.exe

It also attempts to disable the following services associated with antivirus and firewall programs:

The Trojan also harvests passwords to web sites saved to the cache of the browsers shown below:

It also harvests passwords and account data for the following IM clients:

Trillian
Miranda
Yahoo Messenger
MySpace IM
Gaim

The Trojan has a built-in keylogger and can make screenshots of the user’s desktop. These screenshots are saved to the Temporary directory as with being a decimal number.

Harvested data is sent to the malicious user’s server:

212.158.160.***

Propagation via removable media

The Trojan copies its executable file to the root of each removable drive under the following name:

:\wlan.exe, with X being the disk

In addition to its executable file, the Trojan also places the file shown below in the root directory of every disk:

This file will launch the Trojan executable file each time the user opens an infected disk using Explorer.

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

1. Use Task Manager to terminate the malicious program’s process.
2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
3. Delete the following system registry key parameter:
   [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "WSVCHO" = "%WinDir%\system\svhost.exe"
4. Delete the following file:
   %WinDir%\system\svhost.exe
5. Empty the temporary directory (%Temp%).
6. Delete the files shown below from all removable storage media:
   :\autorun.inf
   :\wlan.exe,
   with X being the disk
7. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).

Half-yearly update

• The economic crisis has not impacted the volume of spam: spam averaged 85.5% of email traffic.
• Malicious attachments were found in 0.3% of messages.
• 0.6% of all messages contained links to phishing sites.
• Asian and Latin American countries became the main sources of spam, with a shift away from Western European countries, the US and Russia.
• The amount of spam advertising small and medium businesses declined during the reces-sion.
• Spam advertising spammer services has partly replaced messages containing offers for concrete goods and services.

Spam in mail traffic

Spam in mail traffic, 1H2009

Spam averaged 85.5% of mail traffic over the first half of 2009. The lowest figure was 72.8% on April 26th, while the highest percentage was 93%, recorded on February 22nd. 0.3% of spam messages included malicious attachments.

The financial crisis, which began in autumn last year, has not had an impact on the overall volume of spam in mail traffic: the figures do not differ significantly in comparison with figures for 1H 2008.

Phishing

Phishing-related spam is experiencing an overall decline.

Phishing emails, 1H 2009

Phishing emails accounted for 0.6% of mail traffic in 1H2009. The number of phishing emails has fallen from month to month (with May being the exception). During Q1 2009, phishing emails made up 0.78% of mail traffic, dropping to 0.49% in Q2 2009.

Anti-phishing systems now offer users better protection than ever against this type of fraud. Consequently, cybercriminals now find phishing a less profitable and less attractive tactic.

The main targets of phishing attacks

Organizations targeted by phishing attacks, 1H 2009

The primary target of phishers is still PayPal, with eBay ranking second among the most popular targets. Over 60% of phishing emails imitate messages from these two organizations. PayPal, eBay, and major banks have been active in providing users with information about the dangers of phishing. As a result, users of such systems have become more cautious, and the phishing attacks targeting them have become less effective. Meanwhile, phishing attacks which target less commonly-used services have not been particularly lucrative. These factors may be contributing to the gradual decline in phishing spam.

Sources of spam on the Russian Internet: regrouping from the West to the East

Countries

The top ten countries which are major sources of spam have changed considerably over the past six months. Less and less spam is coming from Spain and Italy, which previously took 3rd and 4th places, respectively. These countries are no longer in the top ten, with Germany and Ukraine also departing from the ranking. More spam now originates in India, Thailand, Romania, and Poland, all of which are now included in the top ten.

Top ten sources of spam (2H 2008; 1H 2009)

Russia and the US are still the leading sources of spam, but in 2H 2009, they may be dis-placed as the amount of spam sent from these countries is falling. In the second six months of 2008, 22% of all spam was sent from Russia in 2H 2008, but only 11% was sent in 1H 2009. The figures for the US also fell from 16% to 10%.

By June, only 8% of spam was being sent from Russia. Although the fight against spam in Russia has been successful, there has not been an ultimate victory, and it's likely that spam sent from Russia will account for a stable 8 –10% of all spam.

India has seen a boom in spam mailings. In 2008, this country was the source of 2% of less of all spam, jumping to 4% in Q1 2009. In June, India was responsible for a record 10% of spam on the Russian Internet, and an average of 7% over 1H 2009. The spammers' focus on India may be due to a range of factors: on one hand, as a developing economy, the country is beginning to enjoy the latest Internet technologies, including widespread Internet access. On the other hand, Indian users are poorly protected, resulting in mass malware infections designed to create botnets for sending spam.

The amount of spam originating from Turkey has also increased: in 2H 2008, spam from Turkey represented just 3% of all spam, but during 1H 2009, this figure more than doubled to 6.6% of all spam.

The list of European countries which are the top sources of spam has also changed. In 2008, the top three sources of spam in Europe were Spain, Italy, and Ukraine. This list is now headed by Poland, Romania and Italy.

Table 1. Top ten European sources of spam

Poland	4,30%	2,30%
Romania	3,00%	2,00%
Italy	2,60%	-2,40%
Ukraine	2,00%	-1,00%
Spain	1,90%	-3,30%
Germany	1,90%	-1,30%
Great Britain	1,60%	-0,40%
Czech Republic	1,10%	0,70%
France	1,00%	-1,60%
Hungary	0,90%	0,50%

In general, the amount of spam coming from Western European countries has decreased no-ticeably, while the amount of spam sent from Eastern European countries has increased.

Regions

In terms of the top regional sources of spam, there has been a general transition from West to East. Nearly twice as much spam is now being sent from Asian countries, with an increase of 18% in 2H 2008 to 35% during 1H 2009. There has also been an increase in spam from Latin American and Eastern European countries (excluding Russia). Over the same period the amount of spam sent from Western European countries, compared to 2H 2008, decreased by almost half. In the second half of 2008, Roughly 20% of all spam was sent from Western European countries in 2H 2008, with just 12% in 1H 2009.

Sources of spam: 2H 2008, 1H 2009

This transition from the West to the East results from a number of factors: on one hand, the US and Western European countries have become more proactive in fighting spam. These coun-tries have closed down spammer hosting sites, improved relevant legislation, and some spammers have even been held liable for their actions. This makes sending spam from Western Europe and the US a risky business for spammers. Meanwhile, Asia and Latin America — and Eastern Eu-ropean countries, to some extent (excluding Russia) — are becoming more attractive to spammers; the number of Internet users in these locations is beginning to increase significantly and Internet access is becoming more prevalent. Furthermore, Internet users in these countries tend to be less well protected against malicious programs and less aware of cyber threats.

Essentially, the main sources of spam have more or less transitioned from Western European countries, the US, and Russia to Asia and Latin America. This is probably good news for end-users, i.e. those who do not have any partners in these regions can simply choose not to open messages originating from Latin American or Asian countries. For these people, simple modifi-cations to spam filter configuration could cut the amount of incoming spam by half.

Spam by category

Spam on the Russian Internet by category

Most common spam categories, 1H 2009

1. Medications and health-related goods and services – 22.1% (+2.4%)
2. E-advertising services – 16.6% (+10.9%)
3. Adult content spam – 11% (-8.8%)
4. Education – 10.4% (+0.8%)
5. Fake luxury goods – 7.4% (+1.2%).

For the fourth year in a row, the most common type of spam is still Medications and health-related goods and services. Most messages in this category advertise medications such as Viagra and Cialis, as well as diet pills and supplements.

The second place is taken by E-advertising services, replacing the usual leading categories. This category was in seventh place in 2008.

Adult content spam is still in third place, in spite of a considerable decrease in the number of such messages. Compared to last year, the figure almost halved. This is probably due to the fact that most of this type of spam consists of emails designed to lure users to fraudulent websites, where attempts are then made to get money by persuading the visitors to send SMS messages to short, premium pay numbers. This type of trick works well until it is uncovered; consequently, the life span of such scams is limited and the amount of Adult content spam is now on the de-cline.

The economic crisis and its impact on spam

While the primary categories of spam remain unaffected, the economic crisis has affected the distribution of spam categories.

Categories on the rise

First and foremost, the crisis has led to an increase in spammers advertising their own ser-vices. It would appear that the crisis has caused spammers to lose some of their regular clients and have directed their newly available resources at advertising their own services in hopes of finding new clients.

Spam advertising spammer services, 1H 2008/1H 2009

During 1H 2008, before the economic crisis began to affect Russia, e-advertising spam made up approximately 4.3% of all spam. During 1H 2009, this figure skyrocketed to 16.6%.

The amount of Real estate spam has also increased notably in comparison to last year. For the most part, this type of spam advertises rental properties. In April, such offers accounted for 69% of all spam in the Real estate category.

Real estate spam, 1H 2008/ 1H 2009

Having lost tenants due to the recession, landlords have actively been advertising their va-cant properties. Some reputable real estate firms may now be using spam as a relatively inexpen-sive means of advertising their services.

Categories on the decline

Small and mid-sized businesses (a subgroup which falls into the Other goods and services category) appear to have cut spending on spam advertising

Other goods and services spam, 1H 2008/ 1H 2009

On average, the volume of spam in this category fell 4% compared to the same period in 2008.

Prior to the economic crisis, there were a reasonable number of clients ordering travel and tourism spam mailings. Spam in this category account for 8% of all spam in 2008. During 1H 2009, the amount of spam in this category halved, and now represents just 4%. This drop is clearly related to the global crisis. Many people's financial situation is now worse than in 2008, and they have found themselves cutting spending on travel and vacations.

The Travel and tourism spam category is always susceptible to seasonal changes; however, given the economic background, these were less marked this year.

Travel and tourism spam, 1H 2008/ 1H 2009

Education spam dropped by approximately 25% in the first five months of 2009. In June, however, this type of spam returned to pre-crisis levels due to exams at schools and universi-ties.

Education spam, 1H 2008/ 1H 2009

The economic crisis has clearly had an impact on spam advertising goods and services of-fered by legitimate businesses. This category represents roughly 35% of all spam. In comparison, in 1H 2008 (i.e. before the recession hit), this type of spam accounted for approximately 45% of all spam. Despite the increasing amount of real estate spam, overall the amount of spam advertis-ing goods and services from legitimate businesses has fallen by nearly one-fourth.

Economic conditions have affected the remaining 65% of spam, which includes advertising of grey market goods and services and, to a lesser extent, fraudulent spam. The reasons are clear: firstly, anonymity makes it less risky for cybercriminals to find clients using spam than by other means, and they are unlikely to be bothered by moral concerns. Secondly, some types of fraud (such as phishing) simply could not exist without spam, since spam is an integral component of these schemes. Finally, many cybercriminal groupings have their own botnets and therefore the capability to conduct mass mailings at minimal cost.

Size and type of spam emails

Distribution of spam emails by size

Most spam messages are still 10 kb or less in size. The amount of the smallest spam emails (up to 5 kb) has increased: in 1H 2009, messages of this size represented 58% of all spam, up from 46% in 2006. The overwhelming majority of such emails provide links to websites. The text of the emails and the sites they link to can differ from message to message, even if the messages are all sent in the same spam mailing. Advertising sites are either located on cheap domains (such as .cn), or domains which use free hosting services. Spammers use such tactics in an attempt to by-pass spam filters.

As before, most spam emails (45%) are sent in plain text format.

Distribution of spam emails by type

Graphical spam

Spam containing images now makes up nearly 15% of spam. This is due to the upswing in spammers advertising their own services; most such advertisements are sent in image form. Spammers are striving to achieve two things: to evade spam filters, and make their advertising attractive. It should be emphasized that not only programmers, but also professional designers and marketing experts work on spam mailings.

Images often offer the (fake) opportunity to unsubscribe from mailing lists.

Extract from a spam message

Most emails containing images also contain text. In some cases, the advertising message and contact information are part of the image, and the text is included merely to create “noise” in or-der to increase the chances of evading spam filters. In other cases, the text in the message con-tains contact information (usually a link to a website) and the image is used to draw the reader’s attention and relay the spammer’s own advertising message.

Conclusion

The countries which act as the main sources of spam are now located in the East rather than the West. Countries in Asia and Latin America, as well as countries in Eastern Europe (excluding Russia), are becoming more attractive to spammers since users in these countries are poorly pro-tected against cyber threats.

It is difficult to say just how long this trend will continue. However, it can be assumed that as users in Eastern countries become more aware of security issues, the distribution of infected machines sending spam will level out. Given that computer technologies (thanks to the openness and accessibility of information) are evolving faster than the economy (due to greater transpa-rency and access to information) it is likely that the playing field will level out even before de-veloping regions become highly developed.

In spite of predictions to the contrary, the share of phishing emails has declined. Some may remember that in light of the crisis, these fraudulent emails were expected to increase; as a rule, phishers attempt to use negative situation to frighten users and persuade them into providing per-sonal information. However, it seems that the anti-phishing measures that have been taken by major payment systems and banks and increased awareness of cyber threats have begun to the Internet scammers.

Although the crisis has not affected the overall amount of spam in mail traffic, it has had a considerable impact on the distribution of spam by category. This primarily affects spam adver-tising spammer services, which now makes up a record 16.6% of all spam. Meanwhile, the total amount of spam offering goods and services in the real sector has dropped 10%. The 2008 annual spam report noted that this type of spam acts as an indicator of the ecomonic health of small and medium-size businesses during financially difficult times. And in fact, compared to the same period in 2008, spam mailings contained fewer offers from tourism and educational companies and advertisements for various goods and services. (However, the percentages of these spam cat-egories increased slightly in June). Only time will tell how long these trends will last.