Malware

Malware / Most Commented

Internationalization of Malware Has Become a Difficult Challenge

Former malware analyst, Wes Brown, has reported on the growing internationalization of malware. He writes: "In the past, an anti-malware company could focus on English-targeted samples. But an increasing percentage of malware samples are international in origin and targeting international machines. I saw numerous cases of Chinese malware targeting Chinese software or hosts. This was quite a challenge to determine if it was malware or not for several reasons." Brown further explains: "One of the most fascinating facets of the increasing internationalization of malware is the cultural assumptions around such software. What is considered malware in the US may be commonly accepted in China or Japan, and this is largely due to the society that it exists in." more

Give Web Browsers Expiry Dates, Say Security Researchers

Computer security researchers from ETH Zurich, Google, and IBM have suggested that computer software would be more secure if it were labeled with an expiration date -- similar to perishable food product. Firefox 2 is considered to be the most secure browser since 83.3% of its users worldwide are running the current version. The issue of browser security matters more these days because more and more malware is targeting Web browser vulnerabilities. Remotely exploitable vulnerabilities have been on the rise since 2000 and accounted for 89.4% of vulnerabilities reported in 2007, according to the study, which claims that a "growing percentage of these remotely exploitable vulnerabilities are associated with Web browsers." more

New Report Found Over Half of Malware-Infected Websites Based on Chinese Network Blocks

The majority of the Internets malware-infected websites are located on Chinese networks, finds a new report released today by StopBadware.org, the university-based research initiative aimed at protecting users from dangerous software. The report also identifies the 10 network blocks that contain the largest number of badware sites. Six of the 10 are located in China. more

New Trojan Horse Silently Alters Wireless Router Settings

Brian Krebs or Washington Post reports that a new Trojan horse masquerading as a video 'codec' required to view content on certain Websites tries to change key settings on the victim's Internet router so that all of the victim's Internet traffic is routed through servers controlled by the attackers. more

Coders, Crackers and Bots, Oh My!

There are more than just blue, black and white hat hackers. There are a few more types of folks out there that don't fit into the above categories. This article is taken from Stratfor with some commentary by myself... Many of the hackers described in my previous post are also coders, or "writers," who create viruses, worms, Trojans, bot protocols and other destructive "malware" tools used by hackers... more

Russia Becoming a Spam Superpower

Russia might be a country trying to regain superpower status, but it has already reached it in one less welcome area -- the amount of spam it sends to the world. According to Sophos's Q4 2007 spam report, the country now deserves the moniker of 'spam superpower' having seen its share of total volumes rise dramatically over the last year, to put it in firmly in second place behind arch-rival, the US. more

Facebook Apps on Any Website: A Clever Move? Or a Security Nightmare?

Well, given the amount of malicious JavaScript, malware, and other possibilities to use Facebook (and other similar social networking platforms) for abuse, I certainly wouldn't categorize this news as a "clever move"... In fact, I foresee this as an extraordinarily short-sighted move with far-reaching security implications -- which will allow the levels of malicious abuse to reach new heights. more

How Big is the Storm Botnet?

The Storm worm has gotten a lot of press this year, with a lot of the coverage tending toward the apocalyptic. There's no question that it's one of the most successful pieces of malware to date, but just how successful is it? Last weekend, Brandon Enright of UC San Diego gave a informal talk at the Toorcon conference in which he reported on his analysis of the Storm botnet. According to his quite informative slides, Storm has evolved quite a lot over the past year... more

Spam Distribution Infrastructure: New Study Finds 94% of Scams Hosted on Individual Web Servers

Computer scientists, Geoff Voelker and Stefan Savage, from UC San Diego have found striking differences between the infrastructure used to distribute spam and the infrastructure used to host the online scams advertised in these unwanted email messages. This discovery is believed to help aid in the fight to reduce spam volume and shut down illegal online businesses and malware sites. While hundreds or thousands of compromised computers may be used to relay spam to users, most scams are hosted by individual Web servers. more

Businesses Losing Battle Against DNS Attack, Says New Study

According to a new research study, companies are in struggle to keep their DNS (Domain Name Systems) protected from malicious attackers. Many businesses remain vulnerable, as over half the respondents reported having fallen victim to some form of malware attack. Over one third had been hit by a denial-of-service attack while over 44 percent had experienced either a pharming or cache poisoning attack. more

Ready or Not… Here Come the IRC-Controlled SIP/VoIP Attack Bots and Botnets!

A story... ZZZ Telemarketing (not a real name) is locked in a heated fight with their bitter rival, YYY Telemarketing (also not a real name), to win a very large lead generation contract with Customer X. Customer X has decided to run a test pitting the two companies against each other for a week to see who can generate the most leads. The ZZZ CEO has said to his staff that it is "do or die" for the company. If they fail to win the contract, they will have to shut down -- they need to do "whatever it takes" to win over YYY. A ZZZ staffer discovers that part of why YYY has consistently underbid them is because they are using SIP trunks to reduce their PSTN connection costs. But the staffer also discovers that YYY is using very cheap voice service providers who run over the public Internet with no security... more

What is 'Pharming' and Should You Be Worried?

The sky is falling! The sky is falling! ...or is it? What is this thing called "pharming"? Put simply, it's redirection of web traffic, so that the server you think you're talking to actually belongs to a criminal. For example: you think you're talking to www.examplebank.com because it says so in the browser's address bar, but actually you're connected to www.mafia-R-us.ru. This can happen in three main ways: 1. DNS Hijack: a social engineering attack on the Internet infrastructure... more

Industry Updates

How Cyber Threat Intelligence Feeds Can Support MSSPs

What Cyber Threat Intelligence Tools Can Reveal about a Targeted Attack

Threat Intelligence: The First Line of Defense Against Data-Stealing Ransomware

Using Threat Intelligence Feeds to Prevent Orcus RAT Infections

BriansClub & PoS Malware Attacks: How Threat Intelligence Solutions Help Prevent Payment Card Theft

How Reverse WHOIS Search Can Help Protect Against MegaCortex and Other Ransomware

DIY Threat Intelligence Gathering If Your Security Solutions Seem Lacking

The Era of Malware: 3 Techniques to Detect and Stay Protected

Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of Attacks

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

Defending Against Layer 7 DDoS Attacks

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Is Your TLD Threat Mitigation Strategy up to Scratch?

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

The Framework for Resilient Cybersecurity (Webinar)