Copycat Web Malware Exploitation Kits are Faddish

or the cheap cybercriminals not wanting to invest a couple of thousand dollars into purchasing a cutting edge web malware exploitation kit with all the related and royalty free updates coming with it (a pirated copy of which they could ironically obtain several moths later), there are always the copycat malware kits... Taking into consideration the proprietary nature of some of the kits, the business model of malware kits was mostly relying on their exclusive nature next to the number, and diversity of the exploits included in order to improve the infection rate. This simplistic assumption on behalf of the coders totally ignored the possibility of their kits leaking to the general public... more»

Public Sharing and a New Strategy in Fighting Cyber Crime

A couple of years ago I started a mailing list where folks not necessarily involved with the vetted, trusted, closed and snobbish circles of cyber crime fighting (some founded by me) could share information and be informed of threats. In this post I explore some of the history behind information sharing online, and explain the concept behind the botnets mailing list... we may not be able to always share our resources, but it is time to change the tide of the cyber crime war, and strategize. One of the strategies we need to use, or at least try, is public information sharing of "lesser evils" already in the public domain. more»

Thoughts on the Best Western Compromise

The Sunday Herald reported on Sunday that Best Western was struck by a trojan attack that lead to the possible compromise of about 8 million victims. There is some debate as to the extent of the breach and not a small amount of rumor going around. I'm not entirely disposed to trust corporate press releases for the facts, nor am I going to blindly accept claims of security researchers whose first call is to the PR team when discovering a problem. That said, here is what seems to be the agreed upon facts... more»

76Service: Cybercrime as Service Going Mainstream

Disintermediating the intermediaries in the cybercrime ecosystem, ultimately results in more profitable operations. Controversial to the concept of outsourcing, some cybercriminals are in fact so self-sufficient, that the stereotype of a mysterious 76service server offered for rent could in fact easily cease to exist in an ecosystem so vibrant that literally everyone can portion their botnet and start offering access to it on a multi-user basis. Evil? Obviously. Extending the lifecycle of a proprietary malware tool? Definitely. more»

Mobilizing Russian Population Attacking Georgia: Similar to the Estonian Incident?

It seems like the online Russian population is getting mobilized. Like a meme spreading on the blogosphere, the mob is forming and starting to "riot", attacking Georgia. This seems very similar to the Estonian incident, only my current guess is natural evolution rather than grass-roots implanted -- but I am getting more and more convinced of the similarities as more information becomes available. Determining exactly when the use of scripts by regular users started, is key to this determination. more»

A Secure Recursive Caching DNS Server

Over the last couple of weeks I have spent some time working on a project to develop a DNS cache for Windows that is intended to be reasonably secure against spoof attacks, in particular in situations where NAT firewalls may prevent port randomization. The program is evolving, but currently uses a couple of ideas to attempt to defeat spoof attacks... The source code is intended to be entirely un-encumbered, that is free in all respects. I would welcome any suggestions or comments on the aims of the project, the source code, the functionality of the program or other ideas. more»

Did Russian Cyber Attacks Precede Military Action?

The RBNexploit blog states that the website 'president.gov.ge' was under DDoS attack since Thursday. That site is now hosted out of Atlanta, Georgia (don't you love coincidence?) by Tulip Systems who is prominently displaying an AP story... "Speaking via cell phone from Georgia, Doijashvili said the attacks, traced to Moscow and St. Petersburg, are continuing on the U.S. servers." Rusisan military surrogates in the form of the criminal Russian Business Network are engaged in attacks against servers on US soil. This point should be brought up as the Group of 8-1 discusses appropriate responses to Russia's attack on Georgia. more»

Updates on the Georgian Cyber Attacks

This is an update of my previous post on the subject. To be honest here, no one truly knows what's going on in Georgia's Internet except for what can be glimpsed from outside, and what has been written by the Georgians on their blog (outside their country). They are probably a bit busy avoiding kinetic bombing... more»

Internet Attacks Against Georgian Websites

In the last days, news and government web sites in Georgia suffered DDoS attacks. While these attacks seem to affect the Georgian Internet, it is still there... Up to the Estonian war, such attacks would be called "hacker enthusiast attacks" or "cyber terrorism" (of the weak sort). Nowadays any attack with a political nature seems to get the "information warfare" tag. When 300 Lithuanian web sites were defaced last month, "cyber war" was the buzzword. Running security for the Israeli government Internet operation and later the Israeli government CERT such attacks were routine... more»

CNN Spam Outbreak Quickly Morphing Into a New Breed

This past week we have been seeing some heavy CNN spam -- that is, spam in the form of breaking news stories from CNN.com... These all look like legitimate news stories, and indeed, they probably are taken straight from an actual CNN news bulletin (I don't subscribe so I wouldn't know). Indeed, the unsubscribe information and Terms of Use actually link to actual CNN unsubscribe pages. However, if you mouse-over all of the news links, they go to a spam web page wherein the payload is either a spam advertisement or you click on another link to download a file and flip your computer into a botnet. more»