Malware

Malware / Most Viewed

Why Vint Cerf is Wrong

At the Internet Governance Forum in Baku, I made an intervention on behalf of NL IGF, reporting on the recommendations given by the participants of Workshop 87... I concluded that more regulatory and law enforcement bodies need to become part of the IGF discussions, as they are an integral part of governing the Internet from a safety and security perspective. Mr. Cerf responded with a one-liner: "I can't help observing, if we keep the regulatories confused, maybe they will leave us alone". more

Paul Vixie on How the Openness of the Internet Is Poisoning Us

In a video interview conducted during the NSCS ONE conference, Paul Vixie CEO of Farsight Security further discusses the topic of his presentation titled: "Defective by Design -- How the Internet's Openness is Slowly Poisoning Us". more

New Wave of Ransomware Spreading Rapidly Through Russia, Ukrain and Other Nations

A new wave of ransomware called "BadRabbit" is targeting Russia and Eastern Europe, affecting Russian Interfax news agency and reported flight delays at Ukraine’s Odessa airport. more

Access Logs Reveal 12M Visits to .CM Typosquatted Sites Just in 2018 So Far

An anonymous tip has lead security experts Brian Krebs and Matthew Chambers to four years of access logs for the entire network of more than 1,000 dot-cm typosquatting domains. more

Patching is Hard

There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more

2.6 Billion Records Were Stolen, Lost or Exposed Worldwide in 2017, an 88% Increase From 2016

Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. more

Wikileaks DDoS of Spamhaus: Political Activism at Its Dumbest

A week ago, Paul Vixie wrote a thoughtful piece on the morality of DDos, for both sides of the equation of the Wikileaks issues. In it he summarizes things nicely: "Denial of service is not merely a peaceful protest meant to garner attention for a cause. Denial of service is forcible and it is injurious. It is not like any form of civil disobedience, but rather it is criminal behaviour more like looting." Well said, Paul... more

UK’s Government Websites Infected by Cryptocurrency Mining Malware

Thousands of websites are reported to have been infected by malware over the weekend forcing visitors' computers to mine cryptocurrency while using the sites. more

CircleID’s Top 10 Posts of 2009

Looking back at the year that just ended, here are the top ten most popular news, blogs, and industry news on CircleID in 2009 based on the overall readership of the posts. Congratulations to all the participants whose posts reached top readership in 2009 and best wishes to the entire community in 2010. more

Independence and Security Online Have Not Yet Been Won

As we, here in the United States celebrate our independence this Fourth of July, we are reminded that the liberties and freedoms that come with that independence have yet to be won online. As citizens of this country we are blessed with safety and security from threats both foreign and domestic, but those guarantees have not yet extended to our citizenship in the global Internet community. This is true not just for American citizens, but for all Internet users throughout the world. more

CircleID’s Top Ten Posts of 2012

Here are the top ten most popular news, blogs, and industry updates featured on CircleID during 2012 based on the overall readership of the posts for the past 12 months. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2013. more

Gold Dragon Helps Olympics Malware Attacks Gain Permanent Presence on Systems, Reports McAfee

A report recently released by McAfee Advanced Threat Research (ATR) revealed a fileless attack targeting organizations involved with the Pyeongchang Olympics. more

Why Isn’t Mobile Malware More Popular?

This is a followup to Wout de Natris' as usual excellent piece on the Enisa botnet report -- pointing out the current state of mobile malware and asking some questions I started off answering in a comment but it grew to a length where I thought it'd be better off in its own post. Going through previous iterations of Mikko's presentations on mobile malware is a fascinating exercise. more

The ENISA Botnet Report: Thoughts on the State of Play in Smart Phones

At the ENISA presentation on her botnet report at eco in Cologne, 9 and 10 March, one of the slots was dedicated to threats to the mobile environment. The message I was supposed to come home with was: we can still count the numbers of mobile viruses manually, <600; the problem will never be the same as on a fixed network as traffic is monitored and metered: We detect it straight away. We are studying the problem seriously. Are mobile operators really prepared for what is coming? more

Typosquatted Domain Names Pose Plenty of Risk But Surprisingly Little Malware

A recent study took an in-depth look at the scale and the risk of domain name typosquatting -- the practice of registering mis-spellings of popular domain names in an attempt to profit from typing mistakes. "Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos," Paul Ducklin, Sophos' Asia Pacific head of technology collected HTTP data and browser screenshots from 1502 web sites and 14,495 URLs. In this report, Ducklin analyses the data revealing unexpected results within the typosquatting ecosystem. more