Destroy-Adware  

(title unknown)

Malware and Botnet Operators Setting Up Their Own Data Centers  22 Dec 2009, 6:34 am

Dennis Fisher of Thread Post reports: "The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the criminals have taken the next step and begun setting up their own virtual data centers."

www.circleid.com

The Story of Conficker and the Industry Response  7 Nov 2009, 3:18 pm

Shared by JohnH
Links above to full story.

On November 2, 2009, Microsoft released its seventh edition of the Security and Intelligence Report (SIR). The SIR provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications.

The following is an excerpt from the SIR, pp 29-32, about the Conficker worm and the industry response that showed an incredible amount of collaboration across vendors.

(title unknown)

Study Finds Spain Most Bot-Infected Country, Sweden Among Least Infected  5 Nov 2009, 8:24 am

According to a recent security report, Spain and the United States are the leading countries when comes to bot-infected computers. Based on data compiled from October by PandaLabs, the research arm of Panda Security, an alarming 44.49% of computers in Spain are infected with bots and United States—a long way behind—at 14.41%, followed by Mexico 9.37% and Brazil 4.81%. Countries least infected include Peru, the Netherlands and Sweden, all with ratios under 1 percent.

According to Luis Corrons, Technical Director of PandaLabs, "Along with rogueware, botnets and zombie computers have increased by more than 30 percent so far this year. This is the simplest way for a hacker to take control of computers to distribute spam or malware, therefore making it more difficult to trace and detect the real culprit. The problem is that owners of these zombie computers will be committing crimes without realizing it, and could face having their services withdrawn by their ISPs or even prosecution."

(title unknown)

Industry Group Representing Largest Banks Issues Urgent Warning Against Cybercrime  24 Aug 2009, 7:29 pm

Brian Krebs of the Washington Post reports: "A task force representing the financial industry sent out an alert Friday outlining the problem and urging its members to put in place many of the precautions now used to detect consumer bank and credit card fraud. 'In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses...'"

Read full story: Washington Post

(title unknown)

Why Can't We Make the Internet Secure?  9 Aug 2009, 1:39 pm

In a discussion about a recent denial of service attack against Twitter, someone asked,

Some class of suppliers must be making money off of the weaknesses. Anybody out there have a prescription for the cure?

Sure, but you're not going to like it.

The Internet was originally a walled garden, where its operators knew who all the users were and could eject anyone who misbehaved. It's not surprising that its design was robust against technical failures, but not against malicious behavior by people who had access to it, and it had essentially no security other than its physical perimeter. Fortunately or unfortunately, the design was robust enough to scale up many orders of magnitude to the Internet of today without any fundamental changes to the design or security (non-)model.

Similarly, the most popular operating system on the net, Microsoft Windows, was originally designed for standalone computers and then disconnected office LANs, again with wide open access within the LAN, and the security model mostly being a physical perimeter, with utterly predictable results when it was attached to the public Internet.

Popular web applications such as blog hosting and content management systems are riddled with exploitable security holes because people select them for being cheap and full of glitzy features, not because they're secure or reliable.

It's no surprise that retrofitting security to an existing design is really hard, both because of design issues, and because users hate anything that makes their systems harder to use. Even the stuff that doesn't directly annoy users is expensive, and the key to understanding the Internet's economic model is to realize that everyone foists off costs on other parties as much as they can.

Hence we have millions of virus and worm ridden PCs, with nobody from the users who own them to the vendors that sold the insecure software to the ISPs (Internet Service Providers) through which the worms propagate taking responsibility for fixing the damage they enable. We have untraceable DoS attacks, with hosts forging their source IP addresses with impunity, because it's too expensive for networks to do proper ingress filtering.

Irresponsible ISPs and networks, not all of them, but we know who they are, continue to get connections from Network Service Providers (wholesale networks) that don't want to know what their customers are doing. McColo festered for years until the Washington Post named and shamed its providers, who then turned them off overnight.

The basic answer to your question is that the people who run the net, all umpteen million of us, have collectively decided that it's cheaper to live with the damage that criminals cause than to deal with the problems that let them do it. Change that attitude, then we can talk.

Written by John Levine, Author, Consultant & Speaker

(title unknown)

MAAWG Issues ISP Guidelines for End-User Bot Removal  31 Jul 2009, 12:11 pm

Messaging Anti-Abuse Working Group (MAAWG) has issued the first best practices aimed at helping the global ISP industry work more closely with consumers to recognize and remove bot infections on end-users' machines. The paper outlines a three-step approach with recommendations for detecting bots, notifying users that their computers have been compromised, and guiding them in removing the malware.

The new best practices outline various options for alerting customers when their computers are infected and has suggestions for helping end-users clean their systems. The paper discusses bot detection methods, customer notification, and the use of walled gardens to limit infected machines' exposure to the Internet.

(title unknown)

New Software Capable of Identifying Spam Before It Hits Mail Servers  29 Jul 2009, 11:38 am

Rachel Kremen of Technology Review reports: "New software developed at the Georgia Institute for Technology can identify spam before it hits the mail server. The system, known as SNARE (Spatio-temporal Network-level Automatic Reputation Engine), scores each incoming e-mail based on a variety of new criteria that can be gleaned from a single packet of data. The researchers involved say the automated system puts less of a strain on the network and minimizes the need for human intervention while achieving the same accuracy as traditional spam filters."

Read full story: Technology Review

(title unknown)

Malware Discovered at Network Solutions Servers Hits 573,000 Debit, Credit Accounts  24 Jul 2009, 4:30 pm

Brian Krebs from the Washington Post reports: "Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months… Network Solutions discovered in early June that attackers had hacked into Web servers the company uses to provide e-commerce services—a package that includes everything from Web hosting to payment processing—to at least 4,343 customers, mostly mom-and-pop online stores."

Read full story: Washington Post

(title unknown)

Malware Production Continues at Record-Setting Pace; 6000 Unique Pieces Per Day  24 Jul 2009, 3:48 pm

Security researches report seeing as much unique malware in the first half of 2009 as seen in all of 2008. "This is quite something when you consider that in 2008 we saw the greatest ever growth in malware," says David Marcus of McAfee Avert Labs.

More specifically, Marcus in a blog post writes that the numbers add up to an average of 200,000 unique pieces malware monthly or more than 6,000 a day. "Bear in mind these are malware we consider unique (something we had to write a driver for) and does not count all the other malware we detect generically or heuristically… When you add in the generic and heuristic detections the number becomes truly mind boggling," writes Marucs.

(title unknown)

Kaminsky Bug One Year Later: DNS Still Vulnerable  24 Jul 2009, 3:22 pm

Carolyn Duffy Marsan of Network World reporting: "A year has passed since security researcher Dan Kaminsky disclosed a serious flaw in the DNS that makes it possible for hackers to launch cache poisoning attacks… Experts say more has been done to bolster the security of the DNS in the past 12 months than in the previous decade, thanks to Kaminsky's discovery. Yet, the DNS remains as vulnerable as ever to cache poisoning attacks."

Read full story: Network World

(title unknown)

Trojans Fastest Growing Category of Data-Stealing Malware  30 Jun 2009, 1:17 pm

The Anti-Phishing Working Group (APWG) recently reported that the number of sites infecting PCs with password-stealing crimeware reached an all time high of 31,173 in December 2008 - an 827 percent increase from January. And according to a report just released by Trend Micro's Focus Report, 93 percent of data-stealing malware have been identified as Trojans in the first quarter of 2009.

From the report: "While the term "data-stealing malware" is a relatively new one, its sole purpose for existence is a familiar story: To steal proprietary information such as online banking credentials, credit card numbers, social security numbers, passwords, and more from compromised networks and PCs in order to fuel an underground cyber crime economy driven by profit-seeking criminal networks that cross geopolitical boundaries."

(title unknown)

Kaspersky Impressed with Overall Conficker Botnet Operation  21 May 2009, 1:07 pm

Cybercrime fighter Eugene Kaspersky can't help but be impressed by the slick operations behind the Conficker botnet, and says that it could have been worse had the botnet been after more than just money.

"They are high-end engineers who write code in a good way ... They use cryptographic systems in the right way, they don't make mistakes—they are really professional." Kaspersky says he's "60 per cent certain" that Conficker is being controlled from the Ukraine, but can't be certain…

Read full story: ZDNet

CNET News.com

'Gumblar' attacks spreading quickly  19 May 2009, 7:04 am

RSSmeme

Botnet master hits the kill switch, takes down 100,000 PCs  8 May 2009, 11:21 am

http://www.rssmeme.com/story/11198575/botnet-master-hits-the-kill-switch-takes-down-100000-pcs Shared 11 times. Tagged botnet (81) Internet (2026) Malware (99) News (5424) Security (581) Security/News (83) zeus (11) .

Botnets aren't just dangerous because they can steal massive amounts of personal data and launch denial-of-service attacks—they can also self-destruct, leaving the owners of affected machines in the dust. The controllers of one such botnet recently hit the kill switch for one reason or another, taking down some 100,000 infected computers with it.

The Washington Post recently profiled the case of Zeus/Zbot—a software kit that sprung up in March that harvests financial and personal data from PCs through the use of a Trojan. Zeus, unlike many other malware programs, managed to make each installation appear different to virus trackers so that it would be more difficult to remove. But Zeus had another interesting feature—one that isn't terribly uncommon among botnet software, it turns out. A command was built into the software to kos—or "kill operating system"—and it was apparently executed some time last month.

PhysOrg.com - latest science and technology news stories

Conficker worm hits hospital devices  30 Apr 2009, 3:23 pm

PhysOrg.com - latest science and technology news stories

Conficker worm dabbling with mischief  28 Apr 2009, 7:44 am

PhysOrg.com - latest science and technology news stories

Downadup Worm Hits Over 3.5 Million Computers  16 Jan 2009, 6:18 am