Malware

Malware / Recently Commented

The Distribution of Botnets Since Rustock Went Down

I pulled together some statistics on my collection of botnet statistics for the period of time between Rustock being shut down and Wednesday, April 6. I wanted to see the distribution of botnets per country - now that Rustock is down, which country has the most botnet infections (as measured by unique IP addresses that send us spam)? more

Major International Botnet Disabled Says U.S. Department of Justice

The U.S. Department of Justice and the FBI announced on Wednesday that they have taken actions to disable an international botnet of more than two million infected computers responsible for stealing corporate data including user names, passwords and financial information. more

The Epsilon Phishing Model

Phishing researcher Gary Warner's always interesting blog offers some fresh perspective on clicking links on emails, as the crux of the phishing problem. Gary writes: "There is a saying 'if you give a man a fish, he'll eat for a day, but if you teach a man to fish, he can feed himself for a lifetime.' In the case of the Epsilon email breach the saying might be 'if you teach a man to be phished, he'll be a victim for a lifetime.' In order to illustrate my point, let's look at a few of the security flaws in the business model of email-based marketing, using Epsilon Interactive and their communications as some examples." more

Two Years Later the Conficker Worm Not Entirely Disappeared

In a SecurityWeek article today, Ram Mohan writes: "Just over two years ago, the Internet held its breath. The high-profile, widely proliferated Conficker worm had been in the wild from October 2008; its largest mutation was revealed in February 2009, with a widely publicized activation date of April 1, 2009. ... What we do know: Conficker could have proved much more damaging than it ultimately did, and the threat has not entirely disappeared." more

More Targeted Phishing, Spam and Mobile Attacks; IBM Reports 150K Security Events Per Second

IBM today released the results from its annual X-Force 2010 Trend and Risk Report, identifying more targeted phishing, spam and mobile attacks. The report also finds cloud security continuing to evolve. "From Stuxnet to Zeus Botnets to mobile exploits, a widening variety of attack methodologies is popping up each day," says Tom Cross, threat intelligence manager, IBM X-Force. "The numerous, high profile targeted attacks in 2010 shed light on a crop of highly sophisticated cyber criminals, who may be well-funded and operating with knowledge of security vulnerabilities that no one else has. Staying ahead of these growing threats and designing software and services that are secure from the start has never been more critical." more

New Anti-phishing Initiative Introduced by Yahoo!

Neil Schwartzman writes to report: "The company announced the Yahoo! Mail Anti-Phishing Platform (YMAP) yesterday. The technology is predicated upon the use of both DKIM and Sender Policy Framework (SPF) to identify authentic messages. As part of the initiative, Yahoo! has partnered with email authenticators Authentication Metrics, eCert, Return Path, and Truedomain to provide broad-band coverage of well-known brands." more

Who Has Taken Over As the Most Prolific Botnet Since Rustock Was Taken Down?

Over at the site V3.co.uk, they have an article up today alleging that since the Rustock takedown two weeks ago, the bagle botnet has moved to take over as the botnet that is responsible for sending the most spam. They have not replaced Rustock's total spam volume, only that they are now the number one spam sending botnet. more

Microsoft, Federal Agencies Take Down Rustock Botnet

Neil Schwartzman writes: "There is a lot of press on the profound effect the take-down of the Rustock botnet, affected by Microsoft, some U.S. federal agencies, and countless others working in the background to assist in the effort. CAUCE has aggregated a few of the best stories and data-points. A community congratulations, and thank-you to all those involved!" more

KnujOn Releases New Security, Abuse and Compliance Report

We have just issued a new report detailing abuse of the Domain Name System and Registrar contract compliance issues. The report specifically discusses several items including: Registrars with current legal issues; Illicit Use of Privacy-Proxy WHOIS Registration; A study on the contracted obligation for Bulk WHOIS Access; and more. more

Malware Decrease in February, Trojans Continue to Be Most Prolific

Only 39 percent of computers scanned in February were infected with malware, compared to 50 percent last month, according to recent data gathered by Panda Security. Trojans were found to be the most prolific malware threat, responsible for 61 percent of all cases, followed by traditional viruses and worms which caused 11.59 percent and 9 percent of cases worldwide, respectively. more

Collecting Cybercrime Data: Can Signal Spam Be a Piece of the Puzzle?

The gathering of coherent data on cybercrime is a problem most countries haven't found a solution for. So far. In 2011 it is a well known fact that spam, cybercrime and botnets are all interrelated. The French database Signal Spam may be a significant part of the solution to gather, analyse and distribute data on spam, phishing, cybercrimes and botnets, but also be a forum in which commercial mass e-mail senders and ISPs can work on trust. more

High Level International Coordination Required to Stop Conficker Worm from Spreading

Mathew Schwartz reporting in InformationWeek: "Security researchers detail the high level of international coordination required to hinder the worm's spread. On Monday, the Rendon Group released a report, funded by the Department of Homeland Security, rounding up the 15-person-strong working group's 'lessons learned.' The report highlighted the group's biggest achievement: "preventing the author of Conficker from gaining control of the botnet." Doing so, however, required coordinating with organizations in more than 100 countries..." more

Sopho's Threat Report Focuses on Social Network Spam

The latest Sophos Threat Report shows an upward trend in spam and identity theft through social networks. One of the examples Sophos gives is Facebook. In general Sophos claims that from 2009 to 2010 the spam, phishing and malware containing messages all doubled. more

Cybercriminals Shifting Focus From Windows PCs to Other Systems and Mobile

In a major cybercrime turning point, scammers have begun shifting their focus away from Windows-based PCs to other operating systems and platforms, including smart phones, tablet computers, and mobile platforms in general, according to the Cisco® 2010 Annual Security Report, released today. The report also finds that 2010 was the first year in the history of the Internet that spam volume decreased, that cybercriminals are investing heavily in "money muling," and that users continue to fall prey to myriad forms of trust exploitation. more

CircleID's Top 10 Posts for 2010

Looking back at 2010, here is the list of top ten most popular news, blogs, and industry news on CircleID in 2010 based on the overall readership of the posts (total views as of Jan 1, 2011). Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2011. Happy New Year! more