Malware

Malware / Recently Commented

Outlawing Botnets

The European Commission is apparently considering the promulgation and adoption of a directive that would, at least in part, criminalize botnets. As I understand it, the premise behind adopting such a directive is that since botnets are capable of inflicting "harm" on a large scale, we need to separately criminalize them. I decided to examine the need for and utility of such legislation in this post. more»

Average Daily Malware at All Time High, Spam Lowest Since 2008

McAfee, Inc. today unveiled its McAfee Threats Report: Third Quarter 2010, which uncovered that average daily malware growth has reached its highest levels, with an average of 60,000 new pieces of malware identified per day, almost quadrupling since 2007. At the same time, spam levels decreased in volume this quarter, both globally and in local geographies. Spam hit a two year low this quarter while malware continued to soar. More than 14 million unique pieces of malware were identified in 2010, one million more than Q3 2009. more»

New Fear, Uncertainty and Doubt about Canada's Anti-Spam Bill C-28

From time to time, we see unenlightened comments about the efficacy of laws in the fight against spam. "Laws won't stop spam" being the most common. No, they won't. What laws do is dissuade some people from undertaking shoddy mailing practices or even outright spam campaigns. Laws don't stop murder, rape and robbery either, but for those un-dissuaded who undertake such heinous crimes, we, as a society, have laws for punitive effect. They pay the price society exacts for their actions. C-28 will attenuate spam in Canada, and help us to fight spam internationally. more»

Study Reports .COM Domain as Riskiest, .JP Safest Country Domain

Latest research suggests the world's most popular top-level domain, .COM, is also the riskiest. According to McAfee's fourth annual 'Mapping the Mal Web' report released today, 56% of all risky sites end in .COM! The study, which according to the company analyzed more than 27 million websites, also reports that while .COM is the riskiest top-level domain, the riskiest country domain is Vietnam (.VN). Japan's .JP ranks as the safest country domain for the second year in a row. more»

China Behind Hijacked U.S. Internet Data, Says New Report

Lance Whitney reporting in CNet News: "A Chinese state-run telecom provider was the source of the redirection of U.S. military and corporate data that occurred this past April... The current draft of the U.S.-China Economic and Security Review Commission's (USCC's) 2010 annual report, which is close to final but has not yet been officially approved, finds that malicious computer activity tied to China continues to persist following reports early this year of attacks against Google and other companies from within the country." more»

Q3 Saw Massive Virus Volumes While Spam Remained Steady

Spam and virus trends in Q3'10 confirm that spammers are still hard at work distributing malicious content in new and creative ways, according to the latest reports. The latest spam and virus trends report is produced by Postini, Google's email security and archiving service that, according to the company, processes more than 3 billion email messages per day and more than 50,000 businesses. more»

ZeuS Botnet Takes a Hit But Already on the Rebound

Brian Krebs reporting in Krebs on Security: "Authorities in the United States, United Kingdom and Ukraine launched a series of law enforcement sweeps beginning late last month against some of the world's most notorious gangs running botnets powered by ZeuS, a powerful password-stealing Trojan horse program. ZeuS botnet activity worldwide took a major hit almost immediately thereafter, but it appears to be already on the rebound..." more»

Over Half of Critical Infrastructure Providers Report Politically Motivated Cyber Attacks

A recent study released today suggests 53 percent of critical infrastructure providers have experienced what they perceived as politically motivated cyber attacks. According to Symantec's 2010 Critical Information Infrastructure Protection (CIP) Survey, participants claimed to have experienced such an attack on an average of 10 times in the past five years, incurring an average cost of $850,000 during a period of five years to their businesses. more»

Spam Volumes Down But Exact Cause Unknown

Brian Krebs reporting in Krebs on Security: "Spam trackers are seeing a fairly dramatic drop in junk e-mail sent over the past few days, specifically spam relayed by the one of the world's largest spam botnets -- although security experts disagree on exactly which botnet may be throttling back or experiencing problems." more»

Zeus-Related Charges in NY to Be Announced Today

Garth Bruen writes: "Federal and state authorities have charged more than 60 people in connection with a global cybercrime scheme that relied on Internet viruses to steal millions of dollars from U.S. bank accounts. Federal prosecutors say the defendants are accused of using the Zeus Trojan and other Internet viruses to steal money. Authorities planned to announce the charges at a news conference Thursday afternoon." more»

Researchers Find Russian Spam Domains on the Rise

Jeremy Kirk from IDG News reports: "Researchers are seeing an uptick in the number of spam-related domains from Russian registrars, a sign that cybercriminals are choosing those providers due to lax enforcement. An analysis of spam messages over the last month showed that more than a third of domain names connected with spam are ".ru" ccTLDs (country code Top Level Domains), according to email security vendor M86." more»

Microsoft Releases a Cybersecurity eBook, Free Download

Micorsoft has released a 253 page cybersecurity ebook primarily intended for teens but also serves as a useful resource for adults interested in overall understanding of various Internet security topics. more»

BBC Creates Smartphone Malware to Expose Vulnerabilities

BBC News has shown how straightforward it is to create a malicious application for a smartphone. Over a few weeks, the BBC put together a crude game for a smartphone that also spied on the owner of the handset. The application was built using standard parts from the software toolkits that developers use to create programs for handsets. more»

GlavMed Hacks U.S. Government Website

Garth Bruen writes: A report in LegitScript takes a look at Russian rogue Internet pharmacy hacking US government website. "As rogue Internet pharmacy networks become more sophisticated, even US government websites are at risk. Today, we're taking a look at how a rogue Internet pharmacy linked to a criminal network operating out of Russia and Eastern Europe has hacked into a US government website. The Millennium Challenge Corporation, a US foreign aid agency, utilizes a ".gov" top-level domain, which is assigned to the control of the US government. Domain names ending in .gov are typically administered by the General Services Administration." more»

Vulnerability Broker to Enforce a Six-Month Deadline

Ryan Naraine reporting in ThreatPost: "Looking to put pressure on software vendors who procrastinate on fixing security flaws, the world's biggest broker of vulnerability data is drawing a line in the sand. Starting tomorrow (August 4, 2010), TippingPoint's Zero Day Initiative (ZDI) will enforce a six-month deadline for patches on all vulnerabilities bought from the security research community and reported to software vendors." more»