Destroy-Adware  

gadgetwise.blogs.nytimes.com

Apple Issues Fix to Combat Virus - NYTimes.com  1 Jun 2011, 9:34 pm

The update removes known versions of the “scareware” program, which is known as MacDefender. The update also adds detection capabilities to Apple’ s built-in malware monitoring feature to try to stop users from downloading the fake program in the first place. If the updated software sees an attack, it will cause a pop-up warning with a big red stop sign and white exclamation point.

(title unknown)

Major International Botnet Disabled Says U.S. Department of Justice  14 Apr 2011, 10:41 am

The U.S. Department of Justice and the FBI announced on Wednesday that they have taken actions to disable an international botnet of more than two million infected computers responsible for stealing corporate data including user names, passwords and financial information. From the announcement:

"Department of Justice and FBI announced the filing of a civil complaint, the execution of criminal seizure warrants, and the issuance of a temporary restraining order as part of the most complete and comprehensive enforcement action ever taken by U.S authorities to disable an international botnet.

The botnet is a network of hundreds of thousands of computers infected with a malicious software program known as Coreflood, which installs itself by exploiting a vulnerability in computers running Windows operating systems. Coreflood allows infected computers to be controlled remotely for the purpose of stealing private personal and financial information from unsuspecting computer users, including users on corporate computer networks, and using that information to steal funds."

domain name - Google News

US targets ring of thieves who infected over 2.3 million computers in biggest ... - mysask.com (press release)  13 Apr 2011, 3:47 pm

MSN Philippines News

US targets ring of thieves who infected over 2.3 million computers in biggest ... mysask.com (press release) The investigators were trying to contain a malware program called Coreflood by obtaining search warrants for computer servers around the country and by executing a court order to seize 29 domain names. The malware exploits a vulnerability in computers ... Govt targets ring infecting 2.3 million computersSunHerald.com all 221 news articles »

domain name - Google News

Busting the Botnets - MIT Technology Review  11 Apr 2011, 9:02 pm

MIT Technology Review

Busting the Botnets MIT Technology Review The researchers looked at the domain name queries issued by many different machines. "If the names were closer to a random distribution, we declared them anomalous," says AL Narasimha Reddy, a Texas A&M engineering professor who developed the technique ... and more »

"domainers" via JohnH in Google Reader - PostRank (PostRank: Good)

The Epsilon Phishing Model  9 Apr 2011, 11:06 am

Phishing researcher Gary Warner's always interesting blog offers some fresh perspective on clicking links on emails, as the crux of the phishing problem. Gary writes:

"There is a saying 'if you give a man a fish, he'll eat for a day, but if you teach a man to fish, he can feed himself for a lifetime.'

In the case of the Epsilon email breach the saying might be 'if you teach a man to be phished, he'll be a victim for a lifetime.'

In order to illustrate my point, let's look at a few of the security flaws in the business model of email-based marketing, using Epsilon Interactive and their communications as some examples."

Click here to read Gary's post, "The Epsilon Phishing Model".

Written by Neil Schwartzman, Executive Director, CAUCE North America

(title unknown)

Two Years Later the Conficker Worm Not Entirely Disappeared  6 Apr 2011, 12:00 pm

In a SecurityWeek article today, Ram Mohan writes: "Just over two years ago, the Internet held its breath. The high-profile, widely proliferated Conficker worm had been in the wild from October 2008; its largest mutation was revealed in February 2009, with a widely publicized activation date of April 1, 2009. ... What we do know: Conficker could have proved much more damaging than it ultimately did, and the threat has not entirely disappeared."

(title unknown)

DDoS Attack Size Breaks 100 Gbps for First Time, Up 1000% Since 2005  1 Feb 2011, 12:50 pm

"2010 should be viewed as the year distributed denial of service (DDoS) attacks became mainstream as many high profile attacks were launched against popular Internet services and other well known targets," reports Arbor Networks in its just released Sixth Annual Worldwide Infrastructure Security Report. According to the report, the year also witnessed a sharp escalation in the scale and frequency of DDoS attack activity on the Internet. The 100 Gbps attack barrier was reached for the first time while application layer attacks hit an all-time high. Service providers experienced a marked impact on operational expense, revenue loss and customer churn as a result.

Related Links:
Arbor Networks' Sixth Annual Worldwide Infrastructure Security Report Arbor Networks
DDoS Attacks Exceed 100 Gbps, Attack Surface Continues to Expand SecurityWeek
Poor firewall implementations pave wave for DDoS attacks Infosecurity

www.circleid.com

The Dark Internet  26 Jan 2011, 12:47 am

• DDoS attacks first arose to attack anti-spam efforts
• Malware specifically designed to steal personal information and credentials appeared around 2005
• In 2007 nation states got into the dark game

In an effective demonstration, Rodney brought up a false FBI web site by typing in an IP address corresponding to www.fbi.gov. The cache had been poisoned, and that morning a fake web site was announcing to the world it was the real site of the FBI. Many in the room were clearly surprised by how easy it is to poison the cache of such a high profile government site.

www.circleid.com

Cybercriminals Shifting Focus From Windows PCs to Other Systems and Mobile  25 Jan 2011, 12:37 am

(title unknown)

eco: 100K PCs Cleaned Through Anti-Botnet Center  6 Dec 2010, 10:15 am

eco, the German ISP association, mentions on its website today that the 100,000^th PC was cleaned from infection through its PC cleaning program. Since 15 September, German account holders could visit the website www.botfrei.de to download tools to clean up computers from digital infections.

Botfrei ("botfree", translation WdN) is a cooperation between eco and the German government. First figures seem to prove that this is a successful public-private partnership, worth looking into for other countries as a best practice.

Remember the 30,000 infections per day Australia's ACMA reported recently? As we see eco's figures and consider that the figures eco gives are only of people who have visited the botfrei website, we again see some staggering figures on computer infections.

Written by Wout de Natris, Consultant international cooperation cyber crime

www.circleid.com

Phishing Attack: An Open Letter to the Anti-Spam and Mailbox Operator Community  29 Nov 2010, 2:00 am

(title unknown)

ZeuS Botnet Takes a Hit But Already on the Rebound  14 Oct 2010, 3:50 pm

Brian Krebs reporting in Krebs on Security: "Authorities in the United States, United Kingdom and Ukraine launched a series of law enforcement sweeps beginning late last month against some of the world's most notorious gangs running botnets powered by ZeuS, a powerful password-stealing Trojan horse program. ZeuS botnet activity worldwide took a major hit almost immediately thereafter, but it appears to be already on the rebound..."

Read full story: Krebs on Security

(title unknown)

Spamhaus Uncovers Fake DNSBL: nszones.com  31 Mar 2010, 8:25 am

Neil Schwartzman writes: Spamhaus has uncovered a fake spam filter company which was pirating and selling DNSBL data stolen from major anti-spam systems including Spamhaus, CBL and SURBL, republishing the stolen data under the name "nszones.com".

Read full story: External Source

(title unknown)

Malware and Botnet Operators Setting Up Their Own Data Centers  22 Dec 2009, 6:34 am

Dennis Fisher of Thread Post reports: "The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the criminals have taken the next step and begun setting up their own virtual data centers."

www.circleid.com

The Story of Conficker and the Industry Response  7 Nov 2009, 3:18 pm

Shared by JohnH
Links above to full story.

On November 2, 2009, Microsoft released its seventh edition of the Security and Intelligence Report (SIR). The SIR provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications.

The following is an excerpt from the SIR, pp 29-32, about the Conficker worm and the industry response that showed an incredible amount of collaboration across vendors.

(title unknown)

Study Finds Spain Most Bot-Infected Country, Sweden Among Least Infected  5 Nov 2009, 8:24 am

According to a recent security report, Spain and the United States are the leading countries when comes to bot-infected computers. Based on data compiled from October by PandaLabs, the research arm of Panda Security, an alarming 44.49% of computers in Spain are infected with bots and United States—a long way behind—at 14.41%, followed by Mexico 9.37% and Brazil 4.81%. Countries least infected include Peru, the Netherlands and Sweden, all with ratios under 1 percent.

According to Luis Corrons, Technical Director of PandaLabs, "Along with rogueware, botnets and zombie computers have increased by more than 30 percent so far this year. This is the simplest way for a hacker to take control of computers to distribute spam or malware, therefore making it more difficult to trace and detect the real culprit. The problem is that owners of these zombie computers will be committing crimes without realizing it, and could face having their services withdrawn by their ISPs or even prosecution."

(title unknown)

Industry Group Representing Largest Banks Issues Urgent Warning Against Cybercrime  24 Aug 2009, 7:29 pm

Brian Krebs of the Washington Post reports: "A task force representing the financial industry sent out an alert Friday outlining the problem and urging its members to put in place many of the precautions now used to detect consumer bank and credit card fraud. 'In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses...'"

Read full story: Washington Post

(title unknown)

Why Can't We Make the Internet Secure?  9 Aug 2009, 1:39 pm

In a discussion about a recent denial of service attack against Twitter, someone asked,

Some class of suppliers must be making money off of the weaknesses. Anybody out there have a prescription for the cure?

Sure, but you're not going to like it.

The Internet was originally a walled garden, where its operators knew who all the users were and could eject anyone who misbehaved. It's not surprising that its design was robust against technical failures, but not against malicious behavior by people who had access to it, and it had essentially no security other than its physical perimeter. Fortunately or unfortunately, the design was robust enough to scale up many orders of magnitude to the Internet of today without any fundamental changes to the design or security (non-)model.

Similarly, the most popular operating system on the net, Microsoft Windows, was originally designed for standalone computers and then disconnected office LANs, again with wide open access within the LAN, and the security model mostly being a physical perimeter, with utterly predictable results when it was attached to the public Internet.

Popular web applications such as blog hosting and content management systems are riddled with exploitable security holes because people select them for being cheap and full of glitzy features, not because they're secure or reliable.

It's no surprise that retrofitting security to an existing design is really hard, both because of design issues, and because users hate anything that makes their systems harder to use. Even the stuff that doesn't directly annoy users is expensive, and the key to understanding the Internet's economic model is to realize that everyone foists off costs on other parties as much as they can.

Hence we have millions of virus and worm ridden PCs, with nobody from the users who own them to the vendors that sold the insecure software to the ISPs (Internet Service Providers) through which the worms propagate taking responsibility for fixing the damage they enable. We have untraceable DoS attacks, with hosts forging their source IP addresses with impunity, because it's too expensive for networks to do proper ingress filtering.

Irresponsible ISPs and networks, not all of them, but we know who they are, continue to get connections from Network Service Providers (wholesale networks) that don't want to know what their customers are doing. McColo festered for years until the Washington Post named and shamed its providers, who then turned them off overnight.

The basic answer to your question is that the people who run the net, all umpteen million of us, have collectively decided that it's cheaper to live with the damage that criminals cause than to deal with the problems that let them do it. Change that attitude, then we can talk.

Written by John Levine, Author, Consultant & Speaker

(title unknown)

MAAWG Issues ISP Guidelines for End-User Bot Removal  31 Jul 2009, 12:11 pm

Messaging Anti-Abuse Working Group (MAAWG) has issued the first best practices aimed at helping the global ISP industry work more closely with consumers to recognize and remove bot infections on end-users' machines. The paper outlines a three-step approach with recommendations for detecting bots, notifying users that their computers have been compromised, and guiding them in removing the malware.

The new best practices outline various options for alerting customers when their computers are infected and has suggestions for helping end-users clean their systems. The paper discusses bot detection methods, customer notification, and the use of walled gardens to limit infected machines' exposure to the Internet.

(title unknown)

New Software Capable of Identifying Spam Before It Hits Mail Servers  29 Jul 2009, 11:38 am

Rachel Kremen of Technology Review reports: "New software developed at the Georgia Institute for Technology can identify spam before it hits the mail server. The system, known as SNARE (Spatio-temporal Network-level Automatic Reputation Engine), scores each incoming e-mail based on a variety of new criteria that can be gleaned from a single packet of data. The researchers involved say the automated system puts less of a strain on the network and minimizes the need for human intervention while achieving the same accuracy as traditional spam filters."

Read full story: Technology Review