Malware

Malware / News Briefs

U.S. Cybersecurity Faces Challenges, Says GAO

The U.S. federal government cybersecurity team with primary responsibility for protecting the computer networks of government and private enterprise is facing challenges, according to a draft Government Accountability Office (GAO). Keith Epstein, a correspondent in BusinessWeek's Washington bureau reports: "...GAO draft report describes US-CERT as bedeviled by frequent management turnover, bureaucratic challenges that prevent timely sounding of alarms, a lack of access to networks across wide swaths of critical terrain, and an inability to fill large numbers of positions with qualified workers." more

Linking Internet Companies Caught Supporting Criminal Activities

Main Internet data carriers have stopped providing connectivity to Atrivo, an ISP notorious for serving a large number of scammers and spammers. Reporting on Washington Post's Security Fix, Brian Krebs uncovers thousands of domain names linked to spam and illegal activities that are registered through EstDomains, Atrivo's "most important customer". EstDomains is a reseller of Directi's registration services -- the ICANN accredited domain registration company which has also been under scrutiny as a result. more

Majority of Active Malware Attacks Go Undetected, Says New Report

A recent test of leading anti-virus vendors over a thirty-day period has revealed that more than half of all malware threats on the Internet go undetected, according to a report issued today by cyber intelligence firm, Cyveillance. Data for the test was compiled from thousands of active malware threats that Cyveillance says it detects daily and was then fed through each of the vendors' anti-virus solutions in real-time. more

Black Hat Conference: Security Experts Discussing Latest Malware, Rootkits and Hacker Tricks

IT security pros, analysts and researchers are coming together for the meeting of the minds that is Black Hat 2008. The popular security conference officially kicked off Aug. 2 in Las Vegas with a series of training sessions that wrap up Aug. 5. However, the real buzz for many attendees will be the technical briefings Aug. 6-7 at Caesars Palace. The activities Aug. 6 will begin with some words from Black Hat founder Jeff Moss and a keynote from author and London School of Economics professor Ian Angell. From there, the conference launches into two days of briefings on several different tracks such as reverse engineering and rootkits. There is already hype around a number of the sessions, including the much-talked about DNS flaw discovered by security researcher Dan Kaminsky. more

DNS Attack Creator Becomes a Victim of His Own Creation

Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack. It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS traffic to the AT&T server, so when it was compromised, so was HD Moore's company. more

Internationalization of Malware Has Become a Difficult Challenge

Former malware analyst, Wes Brown, has reported on the growing internationalization of malware. He writes: "In the past, an anti-malware company could focus on English-targeted samples. But an increasing percentage of malware samples are international in origin and targeting international machines. I saw numerous cases of Chinese malware targeting Chinese software or hosts. This was quite a challenge to determine if it was malware or not for several reasons." Brown further explains: "One of the most fascinating facets of the increasing internationalization of malware is the cultural assumptions around such software. What is considered malware in the US may be commonly accepted in China or Japan, and this is largely due to the society that it exists in." more

Give Web Browsers Expiry Dates, Say Security Researchers

Computer security researchers from ETH Zurich, Google, and IBM have suggested that computer software would be more secure if it were labeled with an expiration date -- similar to perishable food product. Firefox 2 is considered to be the most secure browser since 83.3% of its users worldwide are running the current version. The issue of browser security matters more these days because more and more malware is targeting Web browser vulnerabilities. Remotely exploitable vulnerabilities have been on the rise since 2000 and accounted for 89.4% of vulnerabilities reported in 2007, according to the study, which claims that a "growing percentage of these remotely exploitable vulnerabilities are associated with Web browsers." more

New Report Found Over Half of Malware-Infected Websites Based on Chinese Network Blocks

The majority of the Internets malware-infected websites are located on Chinese networks, finds a new report released today by StopBadware.org, the university-based research initiative aimed at protecting users from dangerous software. The report also identifies the 10 network blocks that contain the largest number of badware sites. Six of the 10 are located in China. more

New Trojan Horse Silently Alters Wireless Router Settings

Brian Krebs or Washington Post reports that a new Trojan horse masquerading as a video 'codec' required to view content on certain Websites tries to change key settings on the victim's Internet router so that all of the victim's Internet traffic is routed through servers controlled by the attackers. more

Domain Registrars Releasing Suspended Domains to Attackers

Mary Landesman of ScanSafe reports: "A new outbreak of SQL attacks began on the 8th. Not that they ever really go away, but new waves replace the old ones. The attackers are using a much larger number of domains than seen in previous months. Just 11 days into June, and already 54 of these domains have been observed. Many of these are previously suspended domains that registrars have released back to the attackers. more

Russia Becoming a Spam Superpower

Russia might be a country trying to regain superpower status, but it has already reached it in one less welcome area -- the amount of spam it sends to the world. According to Sophos's Q4 2007 spam report, the country now deserves the moniker of 'spam superpower' having seen its share of total volumes rise dramatically over the last year, to put it in firmly in second place behind arch-rival, the US. more

Spam Distribution Infrastructure: New Study Finds 94% of Scams Hosted on Individual Web Servers

Computer scientists, Geoff Voelker and Stefan Savage, from UC San Diego have found striking differences between the infrastructure used to distribute spam and the infrastructure used to host the online scams advertised in these unwanted email messages. This discovery is believed to help aid in the fight to reduce spam volume and shut down illegal online businesses and malware sites. While hundreds or thousands of compromised computers may be used to relay spam to users, most scams are hosted by individual Web servers. more

Businesses Losing Battle Against DNS Attack, Says New Study

According to a new research study, companies are in struggle to keep their DNS (Domain Name Systems) protected from malicious attackers. Many businesses remain vulnerable, as over half the respondents reported having fallen victim to some form of malware attack. Over one third had been hit by a denial-of-service attack while over 44 percent had experienced either a pharming or cache poisoning attack. more