Malware

Malware / News Briefs

Automated Web Application Attacks Can Peak at 25,000 an Hour

Web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes, according to the newly released Imperva Web Application Attack Report. Report also notes that when websites came under automated attack they received up to 25,000 attacks in one hour, or 7 attacks every second.

ICM Registry to Provide Free Malware Scanning for .XXX Domains

ICM Registry announced this week it has struck a deal with McAfee for a free malware scan for every .XXX domain. The deal would include McAfee's "trustmark" and date stamp, ICM said. Every .XXX domain will be scanned for vulnerabilities such as SQL injection, browser exploits and phishing sites, reputational analysis and malware, Stuart Lawley, CEO of ICM Registry, said in a statement.

Researchers Use Social Graphs to Detect Spammers, Attackers

A project named S-GPS or Spammer Global Positioning System, by Microsoft researchers uses spammer identification rather than spam identification to identify zombie-based spammers.

Microsoft Data Suggests 1 Out of Every 14 Downloads is Malware

Microsoft Program Manager, Jeb Haber, reports in a blog post that from browser data collected on user downloads, 1 out of every 14 programs downloaded is later confirmed as malware. Haber says: "Consumers need information to make better decisions. That said, IE9 adds another layer of defense against socially engineered attacks that now looks at the application being downloaded -- this is in addition to the URL-based protection described above. This new layer of protection is called SmartScreen Application Reputation."

Canada Becoming the New Cybercrime Hub, Quickly Replacing China, Eastern Europe

A recently conducted analysis of Canada's cyber security risk profile by Websense has detected trends indicating Canada is becoming the new launchpad for cybercriminals. Sr. Manager, Security Research at Websense in a blog post writes: "Cybercriminals are on the move again. And, this time, Canada is the prime target. IP addresses in China and Eastern Europe are highly scrutinized and undergoing intense evaluation. So hackers are on a quest to move their networks to countries, like Canada, that have better cyber reputations."

Major International Botnet Disabled Says U.S. Department of Justice

The U.S. Department of Justice and the FBI announced on Wednesday that they have taken actions to disable an international botnet of more than two million infected computers responsible for stealing corporate data including user names, passwords and financial information.

Two Years Later the Conficker Worm Not Entirely Disappeared

In a SecurityWeek article today, Ram Mohan writes: "Just over two years ago, the Internet held its breath. The high-profile, widely proliferated Conficker worm had been in the wild from October 2008; its largest mutation was revealed in February 2009, with a widely publicized activation date of April 1, 2009. ... What we do know: Conficker could have proved much more damaging than it ultimately did, and the threat has not entirely disappeared."

Garth Bruen Discussing Whois, DNSSEC and Domain Security

NameSmash has interviewed Garth Bruen, Internet security expert and creator of Knujon, on some key issues under discussion during the recent ICANN meetings in San Francisco. Topics include Whois, DNS Security Extensions (DNSSEC) and generic Top-Level Domains (gTLDs) -- issues of critical importance particularly with ICANN's expected roll-out of thousands of new gTLDs in the coming years.

More Targeted Phishing, Spam and Mobile Attacks; IBM Reports 150K Security Events Per Second

IBM today released the results from its annual X-Force 2010 Trend and Risk Report, identifying more targeted phishing, spam and mobile attacks. The report also finds cloud security continuing to evolve. "From Stuxnet to Zeus Botnets to mobile exploits, a widening variety of attack methodologies is popping up each day," says Tom Cross, threat intelligence manager, IBM X-Force. "The numerous, high profile targeted attacks in 2010 shed light on a crop of highly sophisticated cyber criminals, who may be well-funded and operating with knowledge of security vulnerabilities that no one else has. Staying ahead of these growing threats and designing software and services that are secure from the start has never been more critical."

New Anti-phishing Initiative Introduced by Yahoo!

Neil Schwartzman writes to report: "The company announced the Yahoo! Mail Anti-Phishing Platform (YMAP) yesterday. The technology is predicated upon the use of both DKIM and Sender Policy Framework (SPF) to identify authentic messages. As part of the initiative, Yahoo! has partnered with email authenticators Authentication Metrics, eCert, Return Path, and Truedomain to provide broad-band coverage of well-known brands."

Microsoft, Federal Agencies Take Down Rustock Botnet

Neil Schwartzman writes: "There is a lot of press on the profound effect the take-down of the Rustock botnet, affected by Microsoft, some U.S. federal agencies, and countless others working in the background to assist in the effort. CAUCE has aggregated a few of the best stories and data-points. A community congratulations, and thank-you to all those involved!"

Malware Decrease in February, Trojans Continue to Be Most Prolific

Only 39 percent of computers scanned in February were infected with malware, compared to 50 percent last month, according to recent data gathered by Panda Security. Trojans were found to be the most prolific malware threat, responsible for 61 percent of all cases, followed by traditional viruses and worms which caused 11.59 percent and 9 percent of cases worldwide, respectively.

Cybercriminals Shifting Focus From Windows PCs to Other Systems and Mobile

In a major cybercrime turning point, scammers have begun shifting their focus away from Windows-based PCs to other operating systems and platforms, including smart phones, tablet computers, and mobile platforms in general, according to the Cisco® 2010 Annual Security Report, released today. The report also finds that 2010 was the first year in the history of the Internet that spam volume decreased, that cybercriminals are investing heavily in "money muling," and that users continue to fall prey to myriad forms of trust exploitation.

Average Daily Malware at All Time High, Spam Lowest Since 2008

McAfee, Inc. today unveiled its McAfee Threats Report: Third Quarter 2010, which uncovered that average daily malware growth has reached its highest levels, with an average of 60,000 new pieces of malware identified per day, almost quadrupling since 2007. At the same time, spam levels decreased in volume this quarter, both globally and in local geographies. Spam hit a two year low this quarter while malware continued to soar. More than 14 million unique pieces of malware were identified in 2010, one million more than Q3 2009.

Study Reports .COM Domain as Riskiest, .JP Safest Country Domain

Latest research suggests the world's most popular top-level domain, .COM, is also the riskiest. According to McAfee's fourth annual 'Mapping the Mal Web' report released today, 56% of all risky sites end in .COM! The study, which according to the company analyzed more than 27 million websites, also reports that while .COM is the riskiest top-level domain, the riskiest country domain is Vietnam (.VN). Japan's .JP ranks as the safest country domain for the second year in a row.