Malware

Malware / Recently Commented

APWG: The Internet Has Never Been More Dangerous

Anti-Phishing Working Group (APWG) released its latest Phishing Activity Trends Report today warning that the number of unique phishing websites detected in June rose to 49,084, the highest since April, 2007's record of 55,643, and the second-highest recorded since APWG began reporting this measurement. "The number of hijacked brands ascended to an all-time high of 310 in March and remained, in historical context, at an elevated level to the close of the half in June," says the report. more»

14 ISPs in Netherlands Serving 98% of Consumers Form Anti-Botnet Treaty

Last month 14 ISPs in Netherlands serving 98 percent of the consumer market initiated a joint effort to fight against malware-infected computers and botnets. The effort includes: Exchange of information within the coalition; Quarantine of infected computers; and notification of end-users by their ISP. Gadi Evron over at Dark Reading reports: "In recent years, bot-infected computers have been a growing problem for end-user ISPs as more and more resources are being wasted, and not paid for. And the growing global threat of DDoS attacks and other security concerns have shown ISPs that in order to get help in case of DDoS attack, they need to be a more friendly and reputable service themselves." more»

Latest Study Suggests Computers Remain Infected Far Longer Than Previously Suggested

Contrary to previous security reports suggesting compromised machines remain infected for 6 weeks, experts at Trend Micro say these estimates are far from accurate. In its recent blog post the company said: "During the analysis of approximately 100 million compromised IP addresses, we identified that half of all IP addresses were infected for at least 300 days. That percentage rises to eighty percent if the minimum time is reduced to a month." Additionally the study also indicates that while three quarter of the IP addresses were linked to consumer users, the remaining quarter belonged to enterprise users. more»

Latvian ISP Closure Dents Cutwail Botnet …for a Whole 48 Hours

From MessageLabs' latest report: "Real Host, an ISP based in Riga, Latvia was alleged to be linked to command-and-control servers for infected botnet computers, as well as being linked to malicious websites, phishing websites and 'rogue' anti-virus products. Real Host was disconnected by its upstream providers on 1 August 2009. The impact was immediately felt, where spam volumes dropped briefly by as much as 38% in the subsequent 48-hour period. Much of this spam was linked to the Cutwail botnet, currently one of the largest botnets and responsible for approximately 15-20% of all spam. Its activity levels fell by as much as 90% when Real Host was taken offline, but quickly recovered in a matter of days." more»

Apparently Legitimate Estonian ISP Operating as Large Cybercrime Hub Since 2005

An apparently legitimate ISP in Tartu, Estonian is reported to have been serving as the operational headquarters of a large cybercrime network since 2005 according to TrendWatch, the security research arm of TrendMicro. "An Estonian company is actively administering a huge number of servers in numerous datacenters, which together form a network to commit cybercrime. It appears that the company from Tartu, Estonia controls everything from trying to lure Internet users to installing DNS changer Trojans by promising them special video content, and finally to exploiting victims' machines for fraud with the help of ads and fake virus infection warnings..." more»

Are Phishing and Malware Separate Threats?

Phishing is when bad guys try to impersonate a trusted organization, so they can steal your credentials. Typically they'll send you a fake e-mail that appears to be from a bank, with a link to a fake website that also looks like the bank. Malware offers another more insidious way to steal your credentials, by running unwanted code on your computer... I like VeriSign's characterization of this kind of malware as an insecure endpoint, the PC which is the endpoint of the conversation with the bank isn't actually under the control of the person who's using it. more»

Latvian Hosting Company Shut Down, Linked to World's Biggest Cybercrime Botnet

Swedish telco Telia Sonera has shut down the internet connections of Latvian company Real Host after it was linked with the world's biggest cybercrime botnet. Real Host has been compared to McColo and Atrivo, two hosting companies shut down by authorities because of links to large-scale cybercriminal activities. more»

Survey Suggests Strained Budgets Causing Security Cutbacks on Known Threats

A recent survey of security professionals by RSA Conference with regards to critical security threats and infrastructure issues currently faced, revealed budgetary constrains as the top challenge currently faced. According to reports, the study suggests that even though practitioners are most concerned about email phishing and securing mobile devices, technologies addressing these needs are at risk of being cut from IT budgets. 72% percent of respondents indicated a rise in email-borne malware and phishing attempts since Fall 2008, with 57% stating they have seen an increase in Web-borne malware. Concerns about zero-day attacks and rogue employees as a result of layoffs were cited by 28% and 26% of survey respondents, respectively. more»

Malware Production Continues at Record-Setting Pace; 6000 Unique Pieces Per Day

Security researches report seeing as much unique malware in the first half of 2009 as seen in all of 2008. "This is quite something when you consider that in 2008 we saw the greatest ever growth in malware," says David Marcus of McAfee Avert Labs. More specifically, Marcus in a blog post writes that the numbers add up to an average of 200,000 unique pieces malware monthly or more than 6,000 a day. "Bear in mind these are malware we consider unique (something we had to write a driver for) and does not count all the other malware we detect generically or heuristically... When you add in the generic and heuristic detections the number becomes truly mind boggling," writes Marucs. more»

Alarming Developments in Mobile Malware Found by Security Analysts

The first worm that spreads between mobile devices by spamming text messages has developed a new communications capability that one security vendor says signals the arrival of mobile botnets. Trend Micro has analyzed a piece of mobile malware known as "Sexy Space," which is a variant of another piece of mobile malware called Sexy View, which targets devices running the Symbian S60 OS. Sexy View, which was detected by vendors such as F-Secure six months ago, is significant because it is the first known malware sample that spreads by SMS... more»

Global Recession Appears to Have Also Hit the Malware Industry

According to reports by German software security company G Data, since the beginning of summer, the malware community appears to have been scaling back its activities. This considerable reduction is, according to the estimates of G Data security expert Ralf Benzm├╝ller, not solely due to the forthcoming holiday season. The global recession appears to have also hit the eCrime economy. "This phenomenon emerges every year as something new. At the start of the holiday season, the number of malware programs falls. One reason for this is the worldwide onset of the travel season, which, based on experience, causes a drop in the number of active Internet users. However, this does not explain a collapse of more than 30 percent," says Ralf Benzm├╝ller. more»

Trojans Fastest Growing Category of Data-Stealing Malware

The Anti-Phishing Working Group (APWG) recently reported that the number of sites infecting PCs with password-stealing crimeware reached an all time high of 31,173 in December 2008 - an 827 percent increase from January. And according to a report just released by Trend Micro's Focus Report, 93 percent of data-stealing malware have been identified as Trojans in the first quarter of 2009. more»

FTC Shuts Down US Web Hosting Firm Involved in Massive Global Spam Operation

Brian Krebs of the Washington Post reports: "In an unprecedented move, the Federal Trade Commission has taken legal steps to shut down a Web hosting provider in Northern California that the agency says was directly involved in managing massive global spam operations. Sometime on Tuesday, more than 15,000 Web sites connected to San Jose, Calif., based Triple Fiber Network (3FN.net) went dark. 3FN's sites were disconnected after a Northern California district court judge approved an FTC request..." more»

Google Reveals Top 10 Malware Sites From Its Index

While scanning its index, Google in the last two months reports to have found more than 4,000 different websites suspected of distributing malware by massively compromising popular websites. "Of these domains more than 1,400 were hosted in the .cn TLD. Several contained plays on the name of Google such as goooogleadsence.biz, etc.," says Google's security team member, Niels Provos, in a blog post today. more»

Mass Hacker Attack Reported on 40,000 Legitimate Websites

Hackers have compromised about 40,000 legitimate Websites, infecting them with malicious JavaScript that ultimately redirects users to a malicious site, says Websense. Security researchers at Websense say the tactics are reminiscent of the notorious RBN group. Although Websense would not name any of the compromised sites, researchers said the victims did not include any "big-name government or business sites." The compromised sites are redirecting users to typo-squatted misspellings of legitimate Google Analytics domains... more»