Malware

Malware / Recently Commented

Peering into Fast Flux Botnet Activity

Together with Thorsten Holz, I recently published a paper on fast flux botnet behaviors, "As the Net Churns: Fast-Flux Botnet Observations," based on data we gathered in our ATLAS platform. Fast flux service networks utilize botnets to distribute the web servers to the infected PCs... One of the most well known fast flux botnets has been the Storm Worm botnet, which uses the zombies to spam, send out new enticements to infect users, and to host the malicious website which delivers the malcode. more

Google Chrome: Cloud Operating Environment

Rather than blathering on to the blogosphere about the superficial features of Google's new Chrome browser I've spent some time studying the available material and [re]writing a comprehensive Wikipedia article on the subject which I intend for anyone to be free to reuse under a Creative Commons Attribution 3.0 license rather than Wikipedia's usual strong copyleft GNU Free Documentation License (GFDL). This unusual freedom is extended in order to foster learning and critical analysis, particularly in terms of security. more

Public Sharing and a New Strategy in Fighting Cyber Crime

A couple of years ago I started a mailing list where folks not necessarily involved with the vetted, trusted, closed and snobbish circles of cyber crime fighting (some founded by me) could share information and be informed of threats. In this post I explore some of the history behind information sharing online, and explain the concept behind the botnets mailing list... we may not be able to always share our resources, but it is time to change the tide of the cyber crime war, and strategize. One of the strategies we need to use, or at least try, is public information sharing of "lesser evils" already in the public domain. more

Coders, Crackers and Bots, Oh My!

There are more than just blue, black and white hat hackers. There are a few more types of folks out there that don't fit into the above categories. This article is taken from Stratfor with some commentary by myself... Many of the hackers described in my previous post are also coders, or "writers," who create viruses, worms, Trojans, bot protocols and other destructive "malware" tools used by hackers... more

Facebook Apps on Any Website: A Clever Move? Or a Security Nightmare?

Well, given the amount of malicious JavaScript, malware, and other possibilities to use Facebook (and other similar social networking platforms) for abuse, I certainly wouldn't categorize this news as a "clever move"... In fact, I foresee this as an extraordinarily short-sighted move with far-reaching security implications -- which will allow the levels of malicious abuse to reach new heights. more

How Big is the Storm Botnet?

The Storm worm has gotten a lot of press this year, with a lot of the coverage tending toward the apocalyptic. There's no question that it's one of the most successful pieces of malware to date, but just how successful is it? Last weekend, Brandon Enright of UC San Diego gave a informal talk at the Toorcon conference in which he reported on his analysis of the Storm botnet. According to his quite informative slides, Storm has evolved quite a lot over the past year... more

Ready or Not… Here Come the IRC-Controlled SIP/VoIP Attack Bots and Botnets!

A story... ZZZ Telemarketing (not a real name) is locked in a heated fight with their bitter rival, YYY Telemarketing (also not a real name), to win a very large lead generation contract with Customer X. Customer X has decided to run a test pitting the two companies against each other for a week to see who can generate the most leads. The ZZZ CEO has said to his staff that it is "do or die" for the company. If they fail to win the contract, they will have to shut down -- they need to do "whatever it takes" to win over YYY. A ZZZ staffer discovers that part of why YYY has consistently underbid them is because they are using SIP trunks to reduce their PSTN connection costs. But the staffer also discovers that YYY is using very cheap voice service providers who run over the public Internet with no security... more

An Unnatural .Bond: A Study of a ‘Megacluster’ of Malware Domains

A recent news story, following research from security provider Infoblox, highlighted the case of the 'Revolver Rabbit' cybercriminal gang, who have registered more than half-a-million domains to be used for the distribution of information-stealing malware. The gang make use of automated algorithms to register their domains, but unlike the long, pseudo-random ('high entropy') domain names frequently associated with such tools, the Revolver Rabbit domains instead tend to consist of hyphen-separated dictionary words (presumably so as to obfuscate their true purpose), with a string of digits at the end. more

South Korean Telecom Giant KT Corporation Accused of Infecting 600,000 Users with Malware Over Torrent Use

South Korean telecom giant KT Corporation has been implicated in deliberately infecting over 600,000 users with malware due to their use of torrent services, as reported by JTBC. more

Mystery Malware Takes Down 600,000 Windstream Routers in Coordinated Attack

In late October, subscribers of Windstream's Kinetic broadband service reported widespread router failures, affecting approximately 600,000 devices across 18 states. Users flooded online forums with complaints, noting their ActionTec T3200 routers displayed a persistent red light and were unresponsive to resets. more

Unsolicited Smartwatches Bearing Malware Target U.S. Service Members: Army CID Raises Alarm

U.S. military service members around the country have reported receiving unsolicited smartwatches by mail, triggering warnings from the Department of the Army Criminal Investigation Division (CID). more

Gigabyte Motherboard Firmware Exposes Millions of PCs to Potential Cybersecurity Threats

In a potentially damaging cybersecurity revelation, researchers from the cybersecurity company Eclypsium have identified a hidden mechanism in the firmware of motherboards manufactured by Taiwanese company Gigabyte. more

U.S. Targets Russian Mastermind Behind Dominant Ransomware Landscape, Offers $10 Million Reward

The U.S. government has declared criminal charges, economic sanctions, and a $10 million reward for information leading to the arrest of a Russian citizen, Mikhail Matveev. Accused of a series of ransomware attacks, Matveev's alleged operations, known as Babuk, have targeted entities such as the D.C. police, an airline, and other American industries. more

US Justice Department and FBI Dismantle Long-Running Russian State-Sponsored Cyber-Espionage Operation Targeting NATO

The United States Department of Justice has announced that it has neutralized a global network of computers compromised by malware called "Snake," which the U.S. government attributes to a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB). more

Microsoft, Fortra, and Health-ISAC Take Legal Action Against the Abuse of Cobalt Strike to Combat Ransomware Attacks

A group of companies, including Microsoft, have collaborated to launch a major action to disrupt the use of cracked, legacy copies of the security tool Cobalt Strike which cybercriminals have abused to deploy ransomware. more