Cybersecurity |
Sponsored by |
|
Over at Krebs on Secrity blog, Brian Krebs reports: "Purveyors of fake anti-virus or 'scareware' programs have aggressively stepped up their game to evade detection by legitimate anti-virus programs, according to new data from Google. In a report being released today, Google said that between January 2009 and the end of January 2010, its malware detection infrastructure found some 11,000 malicious or hacked Web pages that attempted to foist fake anti-virus on visitors." more
Gary Warner over at Cyber Crime and Doing Time has a good post up this week about the CallService.biz website being shut down. I have posted a few good excerpts and added my comments to the end. ... Warner's take on the world of spam, malware, hacking and phishing is that unless people actually go to jail because they are spamming, the problem of spamming will never get better. That's because when the security industry fixes the latest hole or comes up with a new technology to stop the newest threat, spammers simply move onto another. more
Google, which through its Postini email security and archiving service processes over 3 billion email connections a day, reports that despite recent series of major botnet takedowns, spam levels during the first quarter of 2010 have held fairly steady. "This suggests that there's no shortage of botnets out there for spammers to use. If one botnet goes offline, spammers simply buy, rent, or deploy another, making it difficult for the anti-spam community to make significant inroads in the fight against spam with individual botnet takedowns." more
You may have seen media reports a few weeks ago describing how servers behind the so-called Great Firewall of China were found delivering incorrect DNS information to users in the rest of the world, thereby redirecting users to edited Web pages. Reports indicate that this apparently occurred due to a caching error by a single Internet Service Provider. While the problem was fairly limited in scope, it could have entirely been prevented in a world where DNSSEC was fully deployed. more
The year 2010 is turning out to be the "year of DNSSEC" from Registry implementations, Registrar implementations, ISP support, to the Root being signed this summer. Because we are dealing with such critical infrastructure, it is important to not lose sight of careful implementations. more
Brian Krebs has a post up the other day on his blog indicating that the amount of spam ending in .cn has declined dramatically due to steps taken by the Chinese government making it more difficult to get a domain ending in .cn... A cursory glance seems to confirm that the amount of spam from .cn as opposed to .ru has switched places. Indeed, if the CNNIC requires people to start writing in application forms, with a business license and identity card, that is seriously going to slow down the rate at which spammers can sign up and register new domains. more
Neil Schwartzman writes: Steven R. Chabinsky, Deputy Assistant Director, Cyber Division of the Federal Bureau of Investigation gave a keynote at the GovSec/FOSE Conference in Washington, D.C., March 23, 2010. Full text of the speech here. more
Online fakes can be a lucrative business and difficult to crack down on, due to the ease and low-cost of setting up multiple virtual storefronts and the ability to obfuscate an operation's identity. A federal lawsuit filed on March 1, 2010 by Polo Ralph Lauren and VF Corp. illustrates these points and highlights many of the intricacies of an online counterfeit ring. more
A recent study by Symantec Norton and Sperling's Best Places has ranked 50 cities in the United States by "Riskiest Online Cities". The study included investigation of a number of factors including... more
Following in the footsteps of Lethic, Waledac and Mariposa, yet another botnet has been taken offline. Not completely, though, it was only a partial disconnect. The Zeus botnet, also known as Zbot, is a trojan password stealer that captures passwords and sends them to the attacker. more
There are a number of sources talking about the takedown of the Mariposa botnet... Spanish authorities, working with researchers from Panda Labs, Defence Intelligence and a couple of other educational institutions, took down the Mariposa botnet (Mariposa is the Spanish word for "butterfly"). The Mariposa botnet is an absolutely enormous with around 12 million (!) nodes doing its bidding. It was involved in things like credit card phishing and identity fraud. more
The highest court in Germany has ruled against telephone and email data retention used to track criminal networks. Melissa Eddy of the Global and Mail reports: "A law ordering data on calls made from mobile or landline telephones and e-mail exchanges be retained for six months for possible use by criminal authorities violated Germans' constitutional right to private correspondence, the Federal Constitutional Court ruled. In its ruling, the court said the law failed to sufficiently balance the need for personal privacy against that for providing security."
more
Leading US ISP, Comcast, has announced today its aggressive plans to deploy DNSSEC through out its netowrk. Chris Griffiths, Manager of DNS Engineering, writes: "We plan to implement DNSSEC for the websites we manage, such as comcast.com, comcast.net and xfinity.com, by the first quarter of 2011, if not sooner. By the end of 2011, we plan to implement DNSSEC validation for all of our customers." more
Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news... The spread of insecure broadband modems (DSL and Cable) is extremely wide-spread, with numerous ISPs, large and small, whose entire (read significant portions of) broadband population is vulnerable. more
Stéphane Bruno writes: "In the first few hours that followed the earthquake, mobile service was completely disrupted. It was almost impossible to place a call, due to the combination of the damages on the cellular networks and the spike in phone calls. However, on some networks, SMS service was still available. People stuck under rubbles started texting to their friends and family (in Haiti and abroad) to tell them they were still alive and needed help. Those friends and family, not knowing what to do, started posting these SOS messages on their social networks, mainly on Facebook." more
A World-Renowned Source for Internet Developments. Serving Since 2002.