Malware

Malware / Most Commented

Spam Peaked at 200 Billion per Day in 2008, Botnets Nexus of Criminal Activity, Says Cisco

In a 52 page security report released by Cisco, the company has confirmed what has been consistently been observed through out this year: "the Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers." The 2008 edition of the report has specified the year's top security threats and offers recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect, and exploiting technological and human vulnerabilities. more

The Report on “Securing Cyberspace for the 44th Presidency”

A report "Securing Cyberspace for the 44th Presidency" has just been released. While I don't agree with everything it says (and in fact I strongly disagree with some parts of it), I regard it as required reading for anyone interested in cybersecurity and public policy. The analysis of the threat environment is, in my opinion, superb; I don't think I've seen it explicated better. Briefly, the US is facing threats at all levels, from individual cybercriminals to actions perpetrated by nation-states. The report pulls no punches... more

The Harsh Reality of Spam and Online Security… Should I Stay or Should I Go?

Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Kreb's fantastic 'Security Fix' blog on the Washington Post site... Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! more

Energy Industry Number One Target by Cyber Criminals, According to New Study

Web security company, ScanSafe reports that, in the past quarter, companies in the Energy industry faced the greatest risk of Web-based malware exposure, at a 196% heightened risk compared to other verticals. The Pharmaceutical and Chemicals industry faced the second highest risk of exposure at 192% followed by the Construction & Engineering industry at 150%. The Media and Publishing industry were also among those at highest risk, with a 129% heightened risk compared to other verticals. more

The Growing Security Concerns… Don’t Have Nightmares

Anyone concerned about the security of their computers and the data held on them might sleep a little uneasily tonight. Over the past few weeks we've heard reports of serious vulnerabilities in wireless networking and chip and pin readers, and seen how web browsers could fall victim to 'clickjacking' and trick us into inadvertently visiting fake websites. The longstanding fear that malicious software might start infecting our mobile phones was given a boost... And now a group of researchers have shown that you can read what is typed on a keyboard from twenty metres away... more

Cyber Security Forecast for 2009: Data and Mobility Key Part of Emerging Threats

Georgia Tech Information Security Center (GSTISC) today held its annual Security Summit on Emerging Cyber Security Threats and released the GTISC Emerging Cyber Threats Report for 2009, outlining the top five areas of security concern and risk for consumer and enterprise Internet users for the coming year... According to the report, data will continue to be the primary motive behind future cyber crime-whether targeting traditional fixed computing or mobile applications. "It's all about the data," says security expert George Heron -- whether botnets, malware, blended threats, mobile threats or cyber warfare attacks. more

Peering into Fast Flux Botnet Activity

Together with Thorsten Holz, I recently published a paper on fast flux botnet behaviors, "As the Net Churns: Fast-Flux Botnet Observations," based on data we gathered in our ATLAS platform. Fast flux service networks utilize botnets to distribute the web servers to the infected PCs... One of the most well known fast flux botnets has been the Storm Worm botnet, which uses the zombies to spam, send out new enticements to infect users, and to host the malicious website which delivers the malcode. more

Google Chrome: Cloud Operating Environment

Rather than blathering on to the blogosphere about the superficial features of Google's new Chrome browser I've spent some time studying the available material and [re]writing a comprehensive Wikipedia article on the subject which I intend for anyone to be free to reuse under a Creative Commons Attribution 3.0 license rather than Wikipedia's usual strong copyleft GNU Free Documentation License (GFDL). This unusual freedom is extended in order to foster learning and critical analysis, particularly in terms of security. more

Public Sharing and a New Strategy in Fighting Cyber Crime

A couple of years ago I started a mailing list where folks not necessarily involved with the vetted, trusted, closed and snobbish circles of cyber crime fighting (some founded by me) could share information and be informed of threats. In this post I explore some of the history behind information sharing online, and explain the concept behind the botnets mailing list... we may not be able to always share our resources, but it is time to change the tide of the cyber crime war, and strategize. One of the strategies we need to use, or at least try, is public information sharing of "lesser evils" already in the public domain. more

Coders, Crackers and Bots, Oh My!

There are more than just blue, black and white hat hackers. There are a few more types of folks out there that don't fit into the above categories. This article is taken from Stratfor with some commentary by myself... Many of the hackers described in my previous post are also coders, or "writers," who create viruses, worms, Trojans, bot protocols and other destructive "malware" tools used by hackers... more

Facebook Apps on Any Website: A Clever Move? Or a Security Nightmare?

Well, given the amount of malicious JavaScript, malware, and other possibilities to use Facebook (and other similar social networking platforms) for abuse, I certainly wouldn't categorize this news as a "clever move"... In fact, I foresee this as an extraordinarily short-sighted move with far-reaching security implications -- which will allow the levels of malicious abuse to reach new heights. more

How Big is the Storm Botnet?

The Storm worm has gotten a lot of press this year, with a lot of the coverage tending toward the apocalyptic. There's no question that it's one of the most successful pieces of malware to date, but just how successful is it? Last weekend, Brandon Enright of UC San Diego gave a informal talk at the Toorcon conference in which he reported on his analysis of the Storm botnet. According to his quite informative slides, Storm has evolved quite a lot over the past year... more

Ready or Not… Here Come the IRC-Controlled SIP/VoIP Attack Bots and Botnets!

A story... ZZZ Telemarketing (not a real name) is locked in a heated fight with their bitter rival, YYY Telemarketing (also not a real name), to win a very large lead generation contract with Customer X. Customer X has decided to run a test pitting the two companies against each other for a week to see who can generate the most leads. The ZZZ CEO has said to his staff that it is "do or die" for the company. If they fail to win the contract, they will have to shut down -- they need to do "whatever it takes" to win over YYY. A ZZZ staffer discovers that part of why YYY has consistently underbid them is because they are using SIP trunks to reduce their PSTN connection costs. But the staffer also discovers that YYY is using very cheap voice service providers who run over the public Internet with no security... more

What is ‘Pharming’ and Should You Be Worried?

The sky is falling! The sky is falling! ...or is it? What is this thing called "pharming"? Put simply, it's redirection of web traffic, so that the server you think you're talking to actually belongs to a criminal. For example: you think you're talking to www.examplebank.com because it says so in the browser's address bar, but actually you're connected to www.mafia-R-us.ru. This can happen in three main ways: 1. DNS Hijack: a social engineering attack on the Internet infrastructure... more