Malware

Malware / Recently Commented

GlavMed Hacks U.S. Government Website

Garth Bruen writes: A report in LegitScript takes a look at Russian rogue Internet pharmacy hacking US government website. "As rogue Internet pharmacy networks become more sophisticated, even US government websites are at risk. Today, we're taking a look at how a rogue Internet pharmacy linked to a criminal network operating out of Russia and Eastern Europe has hacked into a US government website. The Millennium Challenge Corporation, a US foreign aid agency, utilizes a ".gov" top-level domain, which is assigned to the control of the US government. Domain names ending in .gov are typically administered by the General Services Administration." more»

Vulnerability Broker to Enforce a Six-Month Deadline

Ryan Naraine reporting in ThreatPost: "Looking to put pressure on software vendors who procrastinate on fixing security flaws, the world's biggest broker of vulnerability data is drawing a line in the sand. Starting tomorrow (August 4, 2010), TippingPoint's Zero Day Initiative (ZDI) will enforce a six-month deadline for patches on all vulnerabilities bought from the security research community and reported to software vendors." more»

2010 Data Breach Report from Verizon, US Secret Service

A study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service has found that breaches of electronic records in 2009 involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups. more»

Engaging Consumers in Cyber Security: It's Up to You

In a perfect world, consumers recognize authentic emails from fake, update their operating system, browser and anti-virus software, and have a healthy skepticism about the safety of the Internet. The bad guys hate perfect, so we should be working with consumers to stop them. ... Organizations like mine are joining forces to recruit consumers -- who are also your customers and employees -- in the fight against cybercrime. more»

New Ways Cybercriminals are Thwarting Security

M86 Security today released it's bi-annual security report for the first half of 2010, highlighting the evolution of obfuscation through combined attacks. From the report: "This threat trend is the latest to emerge as cybercriminals seek new ways to limit the effectiveness of many proactive security controls. Because existing techniques for 'covering their tracks' are becoming less effective, cybercriminals have begun using combined attacks, which are more complex and difficult to detect. By splitting the malicious code between Adobe ActionScript language - built into Adobe flash - and JavaScript components on the webpage, they limit the effectiveness of many of the the proactive security detection mechanisms in place today." more»

Clarke and Knake's "Cyberwar"

I just finished reading Richard Clarke and Robert Knake's book Cyberwar. Though the book has flaws, some of them serious, the authors make some important points. They deserve to be taken seriously. I should note that I disagree with some of my friends about whether or not "cyberwar" is a real concept. Earlier, I speculated that perhaps it might be a useful way to conduct disinformation operations, but it need not be so limited. more»

MAAWG Overview of DNS Security - Port 53 Protection

J.D. Falk writes: Last week, MAAWG quietly published a new document titled "Overview of DNS Security - Port 53 Protection." [PDF] The paper discusses cache poisoning and other attacks on the local DNS, including likely effects of such a compromise and what access providers may be able to do to prevent it. more»

Canadian "Fighting Internet and Wireless Spam Act" Introduced Into the House of Commons

Neil Schwartzman writes to report: "The long-anticipated Canadian Anti-spam bill (a re-tabling of ECPA, now entitled FISA), and a bill amending PIPEDA passed first reading in the Canadian House of Commons yesterday. The bill must be read and passed twice, then referred to parliamentary committee to survive the summer recess of parliament (mid-June), it is anticipated that it will do so. The actual text of bills 28 & 29 is yet to be forthcoming, it should be a matter of a day or two until they are published." more»

Study Reveals 76% of Internet Users Vulnerable to Browser History Detection

A recent study reveals a browser history detection method, largely dismissed as an issue with minimal impact, can in fact be used against a vast majority of Internet users with significant malicious potential. Researchers, Artur Janc and Lukasz Olejnik, analyzed real-world results obtained from 271,576 Internet users and have reported the results in a paper titled, "Feasibility and Real-World Implications of Web Browser History Detection"more»

Malware and Search Warrant

A recent decision from a federal district court addresses an issue I hadn't seen before: whether searching malware on the suspect's computer was outside the scope of the search warrant issued for that computer. It seems a narrow issue, and unfortunately the opinion issued in the case doesn't tell us a whole lot about what happened; but I thought the issue was worth writing about, if only to note that it arose. more»

ICANN Security Team Reports on Conficker Post-Discovery Analysis

A paper released today by ICANN provides a chronology of events related to the containment of the Conficker worm. The report, "Conficker Summary and Review," is authored by ICANN's Dave Piscitello, Senior Security Technologist on behalf of the organization's security team. more»

Fake Anti-Virus Peddlers Taking Aggressive Steps to Avoid Detection

Over at Krebs on Secrity blog, Brian Krebs reports: "Purveyors of fake anti-virus or 'scareware' programs have aggressively stepped up their game to evade detection by legitimate anti-virus programs, according to new data from Google. In a report being released today, Google said that between January 2009 and the end of January 2010, its malware detection infrastructure found some 11,000 malicious or hacked Web pages that attempted to foist fake anti-virus on visitors." more»

CallService.biz Shut Down by the FBI

Gary Warner over at Cyber Crime and Doing Time has a good post up this week about the CallService.biz website being shut down. I have posted a few good excerpts and added my comments to the end. ... Warner's take on the world of spam, malware, hacking and phishing is that unless people actually go to jail because they are spamming, the problem of spamming will never get better. That's because when the security industry fixes the latest hole or comes up with a new technology to stop the newest threat, spammers simply move onto another. more»

Botnet Takedowns Having Limited Impact on Overall Spam Volumes, Says Google

Google, which through its Postini email security and archiving service processes over 3 billion email connections a day, reports that despite recent series of major botnet takedowns, spam levels during the first quarter of 2010 have held fairly steady. "This suggests that there's no shortage of botnets out there for spammers to use. If one botnet goes offline, spammers simply buy, rent, or deploy another, making it difficult for the anti-spam community to make significant inroads in the fight against spam with individual botnet takedowns." more»

China Rejects Allegations of Major Hacking Attack Targeting India

China on Tuesday rejected "insinuations" of involvement by its government in cyberattacks after North American researchers exposed a China-based cyber-espionage ring that targeted computers in the Indian military and elsewhere. "We often hear news in this area, or insinuations and criticisms against the Chinese government. I do now know what evidence these people have or what their motives are," Foreign Ministry spokeswoman Jiang Yu said at a regular news briefing. more»