Spear phishing is the unholy love child of email spam and social engineering. It refers to when a message is specifically crafted, using either public or previously stolen information, to fool the recipient into believing that it's legitimate. This personalization is usually fairly general, like mentioning the recipient's employer (easily gleaned from their domain name.) Sometimes they address you by name. Much scarier is when they use more deeply personal information stolen from one of your contacts... more»
A week ago, Paul Vixie wrote a thoughtful piece on the morality of DDos, for both sides of the equation of the Wikileaks issues. In it he summarizes things nicely: "Denial of service is not merely a peaceful protest meant to garner attention for a cause. Denial of service is forcible and it is injurious. It is not like any form of civil disobedience, but rather it is criminal behaviour more like looting." Well said, Paul... more»
eco, the German ISP association, mentions on its website today that the 100,000th PC was cleaned from infection through its PC cleaning program. Since 15 September, German account holders could visit the website to download tools to clean up computers from digital infections. Botfrei ("botfree", translation WdN) is a cooperation between eco and the German government. First figures seem to prove that this is a successful public-private partnership, worth looking into for other countries as a best practice. more»
Following up from my post yesterday, I thought I would take a look at how spammy each particular TLD is. At the moment, I only track 8 TLD's - .cn, .ru, .com, .net, .org, .info, .biz and .name. To check to see which one is the spammiest, I took all of our post-IP blocked mail and determined how many times those messages occurred in email, and how many times that email was marked as spam... more»
A couple of weeks ago, NetworkWorld published an article indicating that the .com TLD was the riskiest TLD in terms of containing code that can steal passwords or take advantage of browser vulnerabilities to distribute malware... It is unclear to me what they mean by TLD's being risky. The number of domains, 31.3% of .com's being considered risky, what does this actually mean? Is it that 31% of .com's are actually serving up malware or something similar? If so, that seems like a lot because for many of us, nearly 1 in every 3 pages that most people visit would be insecure... more»
Kidnap. Rape. There are no lesser words that can be used to describe what happened to the daughter of an anti-spam investigator in Russia. His daughter was recently released, according to Joseph Menn's recent article on Boing Boin, after having been kidnapped from her home five years ago, fed drugs, and made to service men, as a warning to ward off further investigations. The criminals behind these vicious acts were also responsible for large spamming organization associated with Russian Mob activity. more»
Michel van Eeten reports in IGP: "Last week, the Dutch police managed to shut down the 'Bredolab' botnet. At least, that is what they claimed during the worldwide media coverage that followed. A few days later, while the policy was still basking in the praise for its success, the botnet was resurrected. Embarrassing? Yes. Surprising? Not really. It highlights a fundamental misunderstanding about the fight against botnets. Contrary to what the Dutch police claimed and many people think, law enforcement cannot shut down botnets. It is important to understand why and what the implications are of this sobering thought..." more»
A couple of days ago, Threatpost posted an article indicating that the United States is the most bot-infected country... I think that Microsoft's mechanism of measuring bot infections is a good one, not necessarily because it is the most accurate but because it represents the most complete snapshot of botnet statistics. Because Microsoft Windows is installed on so many computers worldwide and because so many users across the world call home to the MSRT, Microsoft is able to collect a very large snapshot of data. more»
Gadi Evron reporting in Dark Reading: "Stuxnet, a Trojan supposedly designed to attack Iran's nuclear program is so technically advanced that it is said to be able to remotely explode a power plant without the controller noticing. Such an advanced weapon was developed by someone with means. But whoever they are, they're amateurs..." more»
Bruce Schneier on the Stuxnet Virus which in his opinion has been mostly speculative: "We don't know who wrote Stuxnet. We don't know why. We don't know what the target is, or if Stuxnet reached it. But you can see why there is so much speculation that it was created by a government. Stuxnet doesn't act like a criminal worm. It doesn't spread indiscriminately. It doesn't steal credit card information or account login credentials. It doesn't herd infected computers into a botnet. It uses multiple zero-day vulnerabilities. A criminal group would be smarter to create different worm variants and use one in each. Stuxnet performs sabotage." more»
On Wednesday September 29th at 1PM there will be a meeting in the Old Executive Building in Washington D.C. with Registries and domain Registrars to discuss illegal Internet sales of prescription drugs. ICANN was originally invited but declined because citing "inappropriateness" . One "U.S." Registrar who definitely will not be in attendance is OnlineNIC more»
This is the first in a series of releases that tie extensive code injection campaigns directly to policy failures within the Internet architecture. In this report we detail a PHP injection found on dozens of university and non-profit websites which redirected visitor's browsers to illicit pharmacies controlled by the VIPMEDS/Rx-Partners affiliate network. This is not a unique problem, however the pharmacy shop sites in question: HEALTHCUBE[DOT]US and GETPILLS[DOT]US should not even exist under the .US Nexus Policy. more»
ICANN is looking into Demand Media's eNom division for answers following complaints from the Internet security group HostExploit. "ENom, the world's second-largest domain name registrar, came under fire last week in a report from HostExploit, a volunteer-run anti-malware research group. According to HostExploit, eNom is host to an unusually large number of malicious websites and is a preferred domain name registrar for pharmaceutical spammers." more»
I was browsing CircleID the other day and came across Bruce Schneier's article on cyberwar. Schneier's article, and the crux of his point, is that the term cyber war and the threat of cyber warfare has been greatly exaggerated. The real problem in cyberspace is not the threat of cyber warfare wherein a foreign government, or possibly non-state actor, conducts a cyber attack on another nation. more»
When it comes to the problem of outbound spam, one of the experiences that I have, and this was reaffirmed at TechEd, is that the number one source of compromised accounts are educational institutions. That is to say, whenever we have an outbound spam problem and have to hunt down where it is coming from, the highest number of these accounts are phished accounts/credentials from users at an educational institution. Why is this? Why does so much spam originate from universities? more»
