Malware

Malware / Recently Commented

Google Reveals Top 10 Malware Sites From Its Index

While scanning its index, Google in the last two months reports to have found more than 4,000 different websites suspected of distributing malware by massively compromising popular websites. "Of these domains more than 1,400 were hosted in the .cn TLD. Several contained plays on the name of Google such as goooogleadsence.biz, etc.," says Google's security team member, Niels Provos, in a blog post today. more»

Mass Hacker Attack Reported on 40,000 Legitimate Websites

Hackers have compromised about 40,000 legitimate Websites, infecting them with malicious JavaScript that ultimately redirects users to a malicious site, says Websense. Security researchers at Websense say the tactics are reminiscent of the notorious RBN group. Although Websense would not name any of the compromised sites, researchers said the victims did not include any "big-name government or business sites." The compromised sites are redirecting users to typo-squatted misspellings of legitimate Google Analytics domains... more»

Obama: From Now On Digital Infrastructure Treated As Strategic National Asset

In a speech today from the White House, President Obama declared that the United States' computers and digital networks are strategic national assets and that he will personally appoint a cybersecurity coordinator to oversee the effort to protect this critical infrastructure. more»

Kaspersky Impressed with Overall Conficker Botnet Operation

Cybercrime fighter Eugene Kaspersky can't help but be impressed by the slick operations behind the Conficker botnet, and says that it could have been worse had the botnet been after more than just money. "They are high-end engineers who write code in a good way ... They use cryptographic systems in the right way, they don't make mistakes -- they are really professional." Kaspersky says he's "60 per cent certain" that Conficker is being controlled from the Ukraine, but can't be certain... more»

Cybersecurity Groups Start New Initiative to Combat Malware

Three of the world's leading cybersecurity groups today launched a new initiative to combat malicious software (malware) by establishing a "Chain of Trust" among all organizations and individuals that play a role in securing the Internet. Developed by the Anti-Spyware Coalition (ASC), National Cyber Security Alliance (NCSA) and StopBadware.org, the Chain of Trust Initiative will link together security vendors, researchers, government agencies, Internet companies, network providers, advocacy and education groups in a systemic effort to stem the rising tide of malware. more»

Most Websites Harbor at Least One Major Vulnerability, Says Report

Most Websites harbor at least one major vulnerability, and over 80 percent of Websites have had a critical security flaw, according to new data released today by WhiteHat Security. The Website vulnerability statistics, based on Website vulnerability data gathered from WhiteHat's own enterprise clients, show that 63 percent of Websites have at least one high, critical, or urgent vulnerability issue, and there's an average of seven unfixed vulnerabilities in a Website today... more»

US Military Shopping for Email Defense System to Scan 50 Million Inbound Messages a Day

The Defense Information Systems Agency asked technology companies on Wednesday for ideas on how to build an email defense system on the perimeter of its networks that can scan 50 million inbound messages a day to catch spam, viruses and cyberattacks. In a notice to industry, DISA said it needs to protect 700 unclassified network domains and that, while there are many individual e-mail domains administered by Defense Department units, "there is a possibility these may be combined into one enterprise DoD e-mail domain."... NSA Director Lt. Gen. Keith B. Alexander said 65-70% of the emails sent each day are spam. more»

One in Five Online Consumers Victims of Cybercrime Past Two Years, Estimated at $8B, Survey Says

According to the latest Consumer Reports National Research Center “State of the Net” survey, one in five online consumers have been victims of cybercrime in the last two years to the tune of an estimated $8 billion dollars. The overall rate of the crime has remained consistent over the five years says Consumer Reports. Report also notes that the problem stands to get worse as rising unemployment and foreclosures fuel a wave of recession-orientated Internet scams, and as the popularity of social networking services grow, creating more openings for identity thieves. more»

Canadian Spam Law Update

As you may know, there are two laws currently being discussed in Canadian legislative assemblies: Senate Bill S-220, a private member’s bill with private right of action and criminal remedies; Parliamentary Bill C-27, tabled by the government, with private right of action, coordination between various enforcement agencies... more»

Cyber Breaches Even Worse Than You Think

It may seem as if a new breach of some computer system or network is reported every couple of months; but actually, one security expert says it's worse than that. According to James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, reports of about 17 significant security incidents were released in the last two years - which averages to one report every 6 weeks... more»

Rustock, Xarvester Spambots Capable of Sending 25,000 Messages Per Hour, Says New Study

A recent study suggests Rustock and Xarvester malware provided the most efficient spambot code, enabling individual zombie computers to send 600,000 spam messages each over a 24 hour period. "Over the past few years, botnets have revolutionized the spam industry and pushed spam volumes to epidemic proportions despite the best efforts of law enforcement and the computer security industry. Our intention was to better understand the origins of spam, and the malware that drives it," said Phil Hay, senior threat analyst, TRACElabs (a research arm of security company Marshal8e6)... more»

A Few More Thoughts on Email Authentication… errr… Trust

Mike Hammer's thoughtful article, A Few Thoughts on the Future of Email Authentication, should trigger thoughtfulness in the rest of us. Email abuse has been around a long time. Anti-abuse efforts have too. Yet global abuse traffic has grown into the 90+% range, with no hint of trending downward. The best we hear about current effectiveness is for last-hop filtering, if you have the money, staff and skills to apply to the problem... more»

Is It Time to Supplement Desktop Security Protections?

Internet users are acutely aware of their exposure on the Internet and clearly concerned about their safety. Increased downloads of scareware as Conficker made headlines in the mainstream media are only the latest evidence. Desktop software is often viewed as a one-stop shop for fighting Internet threats such as viruses, worms and other forms of malware and phishing. These solutions have served us well but more protections are needed to address the dynamic and increasingly sophisticated web based exploits being launched... more»

Malware Found on US Electrical Grid Installed by Chinese and Russian Spies, Say Reports

Siobhan Gorman reporting on the Wall Street Journal today: "Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war." more»

Asia, Europe Top the Charts on Conficker Worm Infections

Amidst hype and anticipation of the Conficker worm which is expected to become active in millions of Windows system within the next few hours, IBM Internet Security Systems team reports they have been able to locate infected systems across the world by reverse-engineering the communications mechanisms. Holly Stewart, X-Force Product Manager at IBM Internet Security Systems, writes: "... the details are still unfolding, but we can tell you from a high level where most infections are as of today. Asia tops the charts so far. By this morning, it represented nearly 45% of all of the infections from our view. Europe was second at 31%. The rest of the geographies held a much smaller percentage overall." more»