Malware

Malware / Featured Blogs

Internet Population Passes 1 Billion, and We're Still Afraid

We're learning this week that we have officially passed the one billion number in terms of people using the Internet. Eric Schonfeld writes in his article on TechCrunch that the number is probably higher than that. One billion is a staggering number, even though it makes up only 15 to 22 percent of the world's population. Nevertheless, those one billion Internet users give us a lot to deal with on their own in terms of social and security issues on the web. more»

Embedding Malicious IFrames Through Stolen FTP Accounts

The practice of using stolen or data mined &ndash from a botnet's infected population – FTP accounts is nothing new. In March, 2008, a tool originally published in February, 2007, got some publicity once details of stolen FTP accounts belonging to Fortune 500 companies were found in the wild. Interestingly, none of the companies were serving malicious iFrames on their compromised hosts back then. Despite the fact that 2008 was clearly the year of the massive SQL injection attacks... more»

PIR's Anti-Abuse Policy for .ORG Offers No Due Process for Innocent Domain Registrants

PIR, the registry operator for .org, has sent notices to registrars that it is implementing an anti-abuse policy that offers no due process for innocent domain registrants... While it's good intentioned, there is great potential for innocent domain registrants to suffer harm, given the lack of appropriate safeguards, the lack of precision and open-ended definition of "abuse", the sole discretion of the registry operator to delete domains, and the general lack of due process. more»

The Report on "Securing Cyberspace for the 44th Presidency"

A report "Securing Cyberspace for the 44th Presidency" has just been released. While I don't agree with everything it says (and in fact I strongly disagree with some parts of it), I regard it as required reading for anyone interested in cybersecurity and public policy. The analysis of the threat environment is, in my opinion, superb; I don't think I've seen it explicated better. Briefly, the US is facing threats at all levels, from individual cybercriminals to actions perpetrated by nation-states. The report pulls no punches... more»

Yet Another Web Malware Exploitation Kit in the Wild

With business-minded malicious attackers embracing basic marketing practices like branding, it is becoming increasingly harder, if not pointless to keep track of all XYZ-Packs currently in circulation. How come? Due to their open source nature allowing modifications, claiming copyright over the modified and re-branded kit, the source code of core web malware exploitation kits continue representing the foundation source code for each and every newly released kit. more»

Localizing Cybercrime

It's where you advertise your services, and how you position yourself that speak for your intentions, of course, "between the lines". There's a common misunderstanding that in order for a malware campaigner or scammer to launch a localized attack, they need to speak the local language. This misconception is largely based on the fact that a huge number of people remain unaware on how core strategic business practices have been in operation across the cybercrime underground for the last couple of years. more»

The Harsh Reality of Spam and Online Security… Should I Stay or Should I Go?

Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Kreb's fantastic 'Security Fix' blog on the Washington Post site... Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! more»

Massive SQL Injection Attacks: The Chinese Way

From copycats and "localizers" of Russian web malware exploitation kits, to suppliers of original hacking tools, the Chinese IT underground has been closely following the emerging threats and the obvious insecurities on a large scale. They are either filling the niches left open by other international communities, or coming up with tools and setting new benchmarks for massive SQL injection attacks. more»

The Growing Security Concerns… Don't Have Nightmares

Anyone concerned about the security of their computers and the data held on them might sleep a little uneasily tonight. Over the past few weeks we've heard reports of serious vulnerabilities in wireless networking and chip and pin readers, and seen how web browsers could fall victim to 'clickjacking' and trick us into inadvertently visiting fake websites. The longstanding fear that malicious software might start infecting our mobile phones was given a boost... And now a group of researchers have shown that you can read what is typed on a keyboard from twenty metres away... more»

Peering into Fast Flux Botnet Activity

Together with Thorsten Holz, I recently published a paper on fast flux botnet behaviors, "As the Net Churns: Fast-Flux Botnet Observations," based on data we gathered in our ATLAS platform. Fast flux service networks utilize botnets to distribute the web servers to the infected PCs... One of the most well known fast flux botnets has been the Storm Worm botnet, which uses the zombies to spam, send out new enticements to infect users, and to host the malicious website which delivers the malcode. more»