October 31, 2005

Nasty Punch Worm

Silicon.Com reports that a worm found spreading via America Online's Instant Messenger is carrying a nastier punch than usual, a security company has warned.

The unnamed worm delivers a cocktail of unwanted software, including a so-called rootkit, security experts at FaceTime Communications said on Friday. A rootkit is a tool designed to go undetected by the security software used to lock down control of a computer after an initial hack.

Spam Scams Update

Another story from Silicon, that Spam scams are targeting smaller firms.

Most email users are familiar with large-scale spam broadcasts containing generic offers such as medications or financial services, or notorious scams sent out to random millions of recipients. But one security expert has warned that smaller companies are increasingly being singled out with highly targeted email scams.

For example, during a merger with a larger firm one small company began receiving emails addressed to its employees, apparently coming from the new parent company.

The emails invited employees to register for their HR benefits with their new employer.

With no reason to suspect it could be anything other than a genuine email from their new employers, many staff submitted their personal details including name, date of birth and social security numbers

October 29, 2005

eBay Fraudsters Jailed

The Guardian reports a couple were jailed yesterday after defrauding thousands of customers around the world through the internet auction site eBay. In what one detective described as the biggest online scam he had seen, the pair stole £298,796 from unsuspecting bidders they called idiots.

Nicolae Cretanu, 30, was sentenced to 3½ years and his wife Adriana, 23, was given 30 months for an elaborate scam that lasted two years.

The gang advertised fictitious goods, including cars, motorcycles, war memorabilia, electrical items, tickets to sporting events and then contacted bidders saying they had failed in their attempt to secure the item.

The two offered bidders a "second chance" to purchase similar products, telling the customer to pay by money transfer through Western Union before receiving their purchase which always failed to appear

Detective Chief Superintendent Nigel Mawer, head of Scotland Yard's specialist economic crime unit, said: "The message we are trying to get over to the public is, do not send money by money transfer to a person whose identity you do not know personally."

He said the £300,000 in this case was "but a drop in the ocean" against the estimated £1bn a year conned from people who wired funds in this way, adding: "eBay scams are a substantial part of that."

eBay, which celebrated its 10th birthday this year, made $759m (£427m) profit last year, during which goods worth more than £2bn were sold through its UK website alone

October 27, 2005

Get Safe Online - Get Top Gear

I was at the Get Safe Online launch in London today, where not only did I get to meet Top Gear’s high-speed Richard Hammond over a coffee but also recorded his little speech on internet safety for you.

Research from Get Safe Online has found that over three quarters of the UK’s population (83 per cent) don’t know enough about protecting themselves online. Nearly half (42 per cent) of the population rely on friends and family for online safety advice rather than finding expert information for themselves. This lack of education, which Get Safe Online aims to address, threatens to undermine confidence in an online retail economy is worth £10bn a year. An estimated 14m use online banking

The idea is of course that everyone goes online, checks out the website and learns to avoid all the nasty pitfalls that go hand in hand with the internet. In fact the timing couldn’t be better, as I have to go and help rescue Captain Bob’s PC tomorrow, as he tells me a virus has eaten all his email!

One good quip this morning was from Sharon Lemon, the head of the national Hi-tech Crime Unit, who, referring to the dangers presented by internet chat rooms, said there’s no other place “Where you’ll make up a name for yourself and start talking smut to complete strangers.”

Richard Hammond, BBC Top Gear and Brainiac presenter launches the Get Safe Online Initiative in London on 28th October 2005

October 26, 2005

Safe or Toothless Online?

Silicon reports that the latest UK government-backed initiative to encourage secure computing has come in for criticism over a lack of ISP involvement, with experts suggesting it is hamstrung without them.

BT is the only internet service provider (ISP) to have signed up so far for the Get Safe Online scheme which launches later this week and that has caused some to question the effectiveness of the initiative.

However, a spokesman for the Internet Service Providers Association (ISPA) said this isn't the fault of the ISPs, claiming Get Safe Online has actually shunned any interest from the service providers so far.

The spokesman said: "We know it's silly not to have ISPs involved. But this isn't our fault."

October 24, 2005

Commonwealth Fight Against CyberCrime

The Register reports that London police and industry are teaming up to fight economic crime. The inaugural meeting of the New Scotland Yard Economic Crime Working Group took place at Lord's Cricket ground in London on Thursday.

The Economic Crime Working Group will address areas such as cyber crime, data and identity theft, counterfeiting and intellectual property rights as well as money laundering. The initial meeting included British government representatives from the Foreign and Commonwealth Office and Department of Trade and Industry. India, Pakistan, Bangladesh and the Philippines sent diplomatic officials, along with the Indian National Association of Software and Service Companies (NASSCOM). Clearing organisation APACS, the National Hi-Tech Crime Unit and City of London Police were also represented.

UN Should Fight Cybercrime Says MP

The gaps between the jurisdictions of individual countries are being exploited by international cyber criminals, according to internet experts.

The answer to the problem is a UN agency, according to Dr Nick Palmer, Labour MP and secretary of the All Party Parliamentary Internet Group (APIG).

Speaking at the Webroot Spyware Summit in London on Thursday, Palmer said a UN body could, for example, put pressure on ISPs to exclude servers that host criminal websites.

Palmer claimed that pressure needs to be put on countries allowing cyber crime to be perpetrated within their borders. "You need to make it in the country's interest not to allow cyber crime - tell them we'll cut off their internet access if they do." Silicon.Com

A Meeting of Minds and Money

Today marks the beginning of ‘ID Fraud Awareness Week’ and it is also the week that will finally witness the launch of GetSafeOnline, a Home-Office backed meeting of minds and money intended to tackle the now rampant problem of consumer and small-business-focused internet fraud.

With help from BBC Top Gear’s Richard Hammond, Cabinet Office Minister, John Hutton and the National Hi-tech crime Unit’s Sharon Lemon, the initiative will be a public-private partnership supported by the likes of eBay, Yell.Com, Lloyds TSB, HSBC and Microsoft among the prominent sponsors keen to see an end to the online exploitation of Joe and Joanna public.

Only last week, we heard how a retired teacher had £250,000 stolen from her Lloyds TSB savings account following the sale of her home, in one of the most serious cases seen to date of ID fraud, a crime that is close to becoming out of control, with the Home Office estimating £1.3bn is now being stolen every year. According to police figures, computer crime alone cost UK businesses £2.4bn in the last twelve months and many sources would agree, that faced by highly diversified and energetic activities of organised crime groups; this figure is more likely to rise than fall in the short term

Writing this, I’m one of the few security columnists I know who is prepared to risk using an online bank account and that’s only because I have more than one, all with different passcodes. In fact, bank interest rates are so derisory these days, that what little money I do have, I’m inclined to keep away from the banks anyway but in my own view, I’m safer by not placing all my eggs in one basket. In reality though, I’m not as secure as I like to think I am, because anyone of a number of Trojan key logger programs queuing-up at the other side of my internet firewall, are just waiting for the opportunity to harvest anything that looks vaguely like my bank account information, given the opportunity. Miss a patch or an anti-virus update and some gang in Estonia could be living the high-life on a can of baked beans, bought with the contents of my Halifax savings account by the end of the week.

Richard Hammond, with his humour and boyish good-looks set to be the new face of online common-sense from this month, in an effort to try and persuade people not to give away their personal and financial information over the internet to anyone who happens to ask them nicely for it. Behind him will be the online muscle of companies such as eBay and Yell.Com, who, in partnership with the other GetSafeOnline sponsors will be pushing the “Is it Safe” message to customers and visitors at every opportunity.

Will this make a difference? I’m sure it will as after all, good information security is invariably an education problem but encouraging common sense online is a little more of a challenge and you only have to walk into my local PC repair shop to see what I mean, much of his business being devoted to removing viruses from customers computers that are stacked on the floor of his workshop.

If we can’t persuade the general public to ignore the financial risks present in 0990 numbers or ‘Crazy Frog’ ringtones can we persuade to change their online behaviour instead? Over to you Richard Hammond.

October 22, 2005

Identity Crisis - A True Story

As a retired teacher Margaret Wilkinson is not the sort of person to take chances with money, so when she moved home she did everything right. But that wasn't enough to prevent the theft of £250,000 from her bank account reports the Guardian

Margaret Wilkinson is scrupulously careful with her money. She closely guards her banking details and shreds letters and correspondence before throwing them away. In May, sold her north London home and placed £250,000 in a Lloyds TSB savings account.

Just three weeks ago her offer on a new home in Surrey was accepted and she went to transfer the money.

Only then did she discover that the whole lot had been stolen from her account in one of the most serious cases yet documented of ID fraud.

October 21, 2005

Top of the Spies

The UK had the third highest rate of spyware infections last quarter, according to research by anti-spyware company Webroot Software which lumps tracking cookies in with far more malicious risks such as Trojans and keylogging programs. The UK has 18 "spies" on an average PC if you include cookies but only 4.5 if you exclude these lesser threats, a figure which puts the UK outside the top 10 of spyware infested nations. The US - either with or without cookies - tops Webroot's spyware poll. –The Register

October 20, 2005

UK Computer Crime Policing

Computer crime cost UK businesses £2.4bn last year and this figure is likely to rise unless companies do more to protect themselves.

On 1 April next year, the UK’s National Hi-tech Crime Unit (NHTCU) will become part of the newly created Serious and Organised Crime Agency (SOCA). The move illustrates how technology is becoming an everyday part of crime detection.

It will work with the National Criminal Intelligence Service, the National Crime Squad and parts of HM Customs & Excise, and the Home Office, involved in combating drugs and immigration. – PCW Magazine

Hackers Will Target VoIP

Hackers will attack voice over IP (VoIP) telephone conversations with spam and malicious code within two years, equipment manufacturer Nortel has claimed.

Companies using VoIP and other multimedia services, such as videoconferencing, should plan to defend against unsolicited adverts appearing mid-conversation, the company said. – Silicon.Com

October 19, 2005

Get Safe Online

Richard Hammond of the BBC's Top Gear will be fronting the launch of the government and business-sponsored GetSafeonline programme this month to warn people over the risk from online ID theft.

Nice billboard Richard, I’ll be going along for the launch but you might like to visit the website and watch the Netcrime report for the latest news on the problem.

UK ID Card A recipe for Massive Fraud Says Microsoft

Microsoft UK National Technology Officer Jerry Fishenden has warned that the UK ID card scheme could trigger "massive identity fraud on a scale beyond anything we have seen before." Writing in today's Scotsman, Fishenden says that the security implications of storing biometrics centrally are enormous. "Unlike other forms of information such as credit card details," he says, "if core biometric details such as your fingerprints are compromised, it is not going to be possible to provide you with new ones." The Register.

Time for The Banks to Sort Out Their Security

While not quite phishing-specific, here's a funny one for you. Sometimes a con-artist is so slick he can convince a senior people at several major European banks to hand over hundreds of thousands of dollars (or rather, Euros) in the bathroom stall at a public bar. "Psst, I'm a secret agent and I need your help." When they caught up with this guy, he was already suntanning on a beach.

Read more about two factor banking in this Register column.

October 18, 2005

We Don't Trust the Web

The Register reports that Americans are more worried than Europeans about identity theft and online fraud.

Overall transactions are still increasing and mid-price purchases are the most popular, but spending in some areas is shrinking.

Research carried out in Germany, France, the UK and US by Momentum, found that almost half US consumers have little or no confidence that their private information is adequately protected.

Average monthly online spending in September was €153 with the UK in top slot with €231 and US spending least at €129

Patch the Patch Patch

I wonder if this is why my wireless connection has died?

Silicon reports Security-conscious Windows users who tweaked the operating system to protect their PCs better are getting hit hardest by a flawed Microsoft patch, experts said on Monday.

Microsoft has acknowledged that a patch released last week can cause trouble for some users. It could lock them out of their PC, prevent the Windows Firewall from starting, block certain applications from running or installing, and empty the network connections folder, among other things.

My Space.Com Knocked-Out by Worm

The Register reports it's been a rough weekend for Tomorrow's People. A JavaScript exploit that has been called the first "Web 2.0 worm" knocked out MySpace.com - and the $500m-valued website, recently acquired by Rupert Murdoch's News Corp - was still struggling to get back on its feet two days later.

The cunning JavaScript exploit added a million users as "friends", forcing the site offline. Service was restored on Friday but two days later the site was still struggling with the consequences, serving pages at a glacial pace.

October 16, 2005

No End to Card Fraud

Anyone using a chip and Pin card to withdraw money from cash machines will continue to be at risk from fraud, despite being forced to use Pins for all transactions from next February.

But Apacs has told revealed that the majority of ATMs will continue to read the magnetic stripe on the back of a card instead of the chip, meaning cardholders will still be open to fraud from cash machine 'skimming'.

The fraud typically works by con artists using a false front on a cash machine to clone a card's magnetic strip and recording details of the Pin by using a tiny camera. It has not been halted by chip and Pin technology because most ATMs still read the magnetic strip on the back of the card as an alternative to the chip, enabling cloned cards that just have the strip to be used around the country.

Fraud by skimming at cash machines grew by almost 85 per cent in the year to December 2004, according to Apacs figures, and was the fastest-growing form of fraud over the 18 months to June.

October 14, 2005

Lloyds TSB Trys Two Factor Device

The BBC reports that Lloyds TSB is to trial a new security system for online banking customers, in an attempt to beat internet fraud.

About 30,000 customers will receive keyring-sized security devices, which generate a six-digit code to be used alongside usernames and passwords.

The code, which changes every 30 seconds, could help fight fraudsters who hack people's PCs or use "phishing" emails to steal login details.

October 13, 2005

Clever Bots

Bot software that infects vulnerable computers has evolved and now typically consists of modular architectures into which new functionality can be plugged quickly and easily. For example, the latest exploits for Microsoft's operating system are incorporated into such bot software in weeks, if not days.

Security Focus reports the Zotob worms compromise systems by sending data on port 445. If a computer is infected with the program, the worm starts a file-transfer protocol (FTP) server and attempts to spread further. The worm still has some bot functionality: Computers infected with the worm will join an Internet relay chat (IRC) session at a predefined addresses. An attacker who knows the IRC channel password can command the bot to disconnect or reconnect to the IRC channel, obtain system information, clean itself from the system, modify security settings, and download or execute files.

One Time Password Phished

The Register reports that a Swedish internet bank was forced to shut down its website for a short time last week after its one-time password security system was targeted by a new type of phishing scam. Last  week, according to a blog posting by Finnish security firm F-Secure, fraudsters targeted customers of online bank, part of Nordic financial services group Nordea.

Recipients were directed to several fake websites, thought to be based in South Korea, and asked not only for their account details, but also for the next password on their list of one-time passwords.

F-Secure explains that Nordea’s online banking customers are given a scratch sheet, which contains a certain number of hidden passwords. As customers use the service they uncover the next password in the list, which gives them access to their account.

According to F-Secure: “Regardless of what you entered, the site would complain about the scratch code and asked you to try the next one. In reality the bad boys were trying to collect several scratch codes for their own use.”

The bank discovered the attack last Monday night, and shut the site for around twelve hours.

This is said to be the first time that a phishing scam has targeted such a password system, which is intended to be more secure than a normal fixed-password scheme.

October 12, 2005

Conman Nets £1.5 million with eMail Scam

The Times reports how a 'ruthless computer conman netted £1.5m with e-mail scam'

Peter Francis-Macrae, 23, spent a fortune on designer clothes and learning to fly helicopters after allegedly tricking thousands of innocent victims in e-mail and website frauds run from the bedroom of his father’s terraced house.

Macrae sent unsolicited “spam” e-mails to thousands of people around the world offering to register them for new “.eu” European domain names. The money rolled in at the rate of £200,000 a fortnight, people thinking that he was a genuine registrar, the court was told.

Spyware Threat Escalates

Silicon.Com reports that Spyware is becoming increasingly pernicious and sophisticated, according to security experts who are warning that users are still failing to take basic steps to protect themselves against the threat.

“It's a problem”, writes Silicon, “which should scare big businesses as they face up to the fact that important data could be leaking out of their organisations daily. And yet too many organisations are failing to properly educate or protect their employees.”

A more advanced Spyware application which is programmed to kick in when any one of hundreds of websites are visited and certain words encountered on the page, such as credit card number, name, expiry date, billing address, shipping address."

October 11, 2005

Google Fixes Phishing Flaw

Google has fixed a security flaw on its website that opened the door to phishing scams, account hijacks and other attacks.

The flaw, known as a cross-site scripting vulnerability, existed on the website for Google's AdWords advertising program and a customer training site, according to security company Finjan Software, which discovered the problem.

Attackers could have exploited the flaw to hijack Google accounts, launch phishing scams or even download malicious code onto users' computers.

Safety & Security in a Networked World Webcasts

A selection of webcasts from the recent 'Safety and Security in a Networked World' Conference are now available online.

These include recordings of the first and last plenary sessions, keynote speeches and interviews with selected speakers.

To view these webcasts please go to: http://webcast.oii.ox.ac.uk/?view=Category&CatID=5

The New Software Morality

When, two years ago, Microsoft purchased Romanian anti-virus vendor, GeCAD, as part of its Trustworthy Computing initiative, I warned the result might lead to a queue of anti-trust lawyers gathering around the Capitol building in Washington, as the thriving and lucrative anti-virus industry protested at the very notion of Microsoft including better security in its products.

Time has passed and the mutters of discontent seemed to have subsided following diplomatic expressions of co-existence with the Redmond giant from the largest Anti-virus companies. However, this month, Europe decided that the prospect of Microsoft marketing consumer security was an oxymoron that demanded further investigation and the Brussels anti-trust regulators have reportedly invited Symantec to volunteer its opinions on Microsoft OneCare a plan for comprehensive, subscription-based consumer PC health check service that will offer automatically updated anti-virus, anti-spyware and firewall protection.

There is however a moral slant on this story that makes me uncomfortable. In a rational world, a company, such a Microsoft, which many would regard as directly or indirectly responsible for the mess we now find ourselves in, might reasonably be expected to offer inclusive measures that would make the Windows platform more robust from a security perspective. Two years ago after a number of conversations with people at Microsoft, I was fairly satisfied that a number of people in the Trustworthy Computing group, would have been quite happy to bundle better and better security into Windows entirely free of charge. “The trouble is”, one person told me, “is that the anti-virus industry would scream anti-trust if we did. We would have to charge”, he said, referring to GEcAD, “because the rules won’t let us give it away free.”

Whether Microsoft has changed its position and would now prefer to milk the consumer instead I don’t know but I doubt it. In my own experience, Microsoft wants to be able to deliver the best possible security to the weakest link in its business, the millions upon millions of consumers who are unwittingly breeding tens of thousands of botnets and other nasties that threaten the economic fabric of the internet on a daily basis. But if I’m right, Microsoft can’t because the law won’t allow it for free software when you are as big as they are.

In some way, this is rather like saying that if you buy a new house; the builder is not permitted to make it burglar-proof. Of course you can have basic locks but double-glazing is certainly not permitted, neither is an inclusive burglar or fire-alarm. You have to go to the aftermarket for these and perhaps pay through the nose on a subscription basis if you want any peace of mind.

Without a doubt, Microsoft, through previous anti-trust actions which very nearly saw it broken-up, has created a moral dilemma which the courts cannot easily resolve. Instead, through vigorously protecting society against the risks of a software monopoly, the courts have unwittingly created something approaching a cartel of commercial security interests which run contrary to the interests of a billion or so internet users.

In theory, internet security should be free and transparent to the end user in much the same way as one takes for granted one’s television or telephone won’t be hacked. But this is an industry now worth in excess of $20 billion annually and it’s not one that you can expect to be given away to the man in the street or even Microsoft without a fight.

October 10, 2005

The Brain Sees All

CyberTrust's application known as 'The Brain' tracks and monitors the activity of hackers and hacker groups who are involved in everything from virus writing to around 3,000 website defacements each day. This screenshot (shown in more detail on the next page) shows the members of a group called 'hackweiser' and their links to other groups.
– Silicon.Com

Hackers - We Know Who They Are

The police should be talking more to the security companies who in the course of their operations gather vast amounts of data on the activities, impact and whereabouts of hackers and virus writers, according to one security expert.

Dr Peter Tippett, CTO at CyberTrust, claims information provided by his company lead to the successful arrests of the writers of the Melissa and Kournikova viruses, yet he says the police still rarely ask him for intelligence. Silicon.Com

Anti-spam is Useless

The Register reports that claims that user authentication schemes will reduce spam are not just wrong but "wrongheaded.

User authentication schemes such as SPF (Sender Policy Framework) and Sender ID check if machines are allowed to send email from a claimed domain - a kind of caller line identification but "this doesn't tell you who the actual sender was or the spaminess of a message," Nick FitzGerald, of Computer Virus Consulting in New Zealand.

Worse, botnets - networks of "zombie" PCs controlled by hackers - "screw anti-spam authentication". he noted. "User authentication is worse than nothing at all. For example, SPF is broken before implementation because it's not just breakable but trivial to break," he said. The Register

October 08, 2005

Visa Calls for Tougher Anti-fraud Measures

Credit card giant Visa is to spend $200m on what it calls 'anti-fraud measures', as criminal activity online continues to rise.

Data from the Anti-Phishing Working Group shows the total number of attacks around the world peaked in May at almost 15,000, and fell to 14,135 in July. However, the use of Spyware has risen - in April, 77 attacks contained password stealing programs, a figure which rose to 174 in July.

Earlier this year, 40 million card accounts were reported exposed to potential fraud as the result of a data breach. Twenty-two million of those were Visa cards. – Silicon.Com

Dutch Smash 100,000-Zombies

Dutch police have arrested three people for building a worldwide zombie network of more than 100,000 PCs used to launch internet attacks on companies and to hack into bank and Paypal accounts.

The main suspect, a 19 year-old man, and his alleged accomplices, a 22 year-old and a 27 year-old, were collared in raids on their homes. Police seized "several computers, documents, a bank account, bare cash and a sports car". More arrests are expected.

The compromised PCs were hacked using a trojan horse, called W 32.Toxbot, according to the police, who say that "some thousands" of the victims were based in the Netherlands. – The Register
.

October 07, 2005

THr34t Krew Binned

Two UK men, a 22 year-old electrician and a 23 year-old who is currently unemployed were sentenced today at Newcastle Crown Court for their part in an international hacking group.

Jordan Bradley and Andrew Harvey were identified as members of the hacking group “THr34t Krew” and conspired to create a computer worm which infected thousands of computers around the world.   They received three months and six months respectively.

Following an investigation by officers from the UK’s National Hi-Tech Crime Unit and the US multi-agency CATCH team (Computer and Technology Crime Hi-Tech Response Team) based in Southern California, Jordan Bradley and Andrew Harvey were arrested in February 2003.  

Detective Superintendent, Mick Deats, Deputy Head of the NHTCU, said:  

“Over the past year, the National Hi-Tech Crime Unit has seen a sustained increase in the professionalism of cybercriminals.  Companies are taking the brunt of their attempts to steal money and data, but consumers are also being hit.

“This year, 166 companies responding to our survey into the cost of hi-tech crime said that they had lost over £70 million to viruses, worms or Trojans.  

Al Qaeda Job Opportunity

Al Qaeda has put job advertisements on the Internet asking for supporters to help put together its Web statements and video montages, an Arabic newspaper reported. - Reuters

Digital Risk - The Big Issue

Almost two-thirds of companies have suffered "significant" financial damage as a result of IT systems failures in the last year, according to research by the Economist Intelligence Unit (EIU).

The Digital Risk survey of 218 senior risk managers found 60 per cent have incurred losses due to systems failure, while a third suffered financial damage as a result of hacking and phishing attacks.

More than half (55 per cent) said the biggest challenge companies face in tackling IT risks is the growing sophistication of hackers and cyber criminals, and slightly less than half (48 per cent) said IT and security problems pose a high risk to their business operations. Silicon.com

October 06, 2005

Botnets March On

Online bookmakers who become victims of online extortion attacks more often than not pay up, according to an IBM security researcher. Martin Overton of IBM Global Services said those at the receiving end of denial of service attacks also often fail to report assaults to police despite improved policy procedures to guard the anonymity of victims in the UK and elsewhere.

Common and widespread bot families include SDbot, Agobot, Spybot, Polybot and Mytob. Upwards of 12,800 variants of SDbot have been created, a figure which has doubled in the last six months.  – The Register

October 04, 2005

The Enemy Within

The Register reports that a  significant proportion (12 per cent) of all scanning attacks found on a broadband service provider's network are launched from the machines of its own subscribers. That's according to a study by traffic management firm Sandvine which says its findings dispel the idea the broadband security involves only policing the borders between external and internal networks. Subscribers need to be protected from each other as well as external malicious hosts, it concludes.

Bot Capital of the World

The UK has around one-third of the world’s one to two million infected “bot” computers, which help to relay viruses, spam and other malware across the globe.

Computer Weekly reports that Security software company Symantec has estimated the extent of the UK’s bot presence in its latest internet security threat report, and says London has 8% of the world’s infected bot computers.