Monday, 20 September 2010
Germany is the first country to launch a large scale malware cleaning project backed by the government, Internet service providers and security companies.
The new Anti-Botnet Counseling Center (Anti-Botnet Beratungszentrum) is an organization dedicated to assisting German users with removing botnet infections from their computers. It was established with funding from the Federal Ministry of Interior and the technical assistance is provided by the Federal Office for Information Security (BSI). The initiative was announced late last year as a collaboration between the Federal Government and the German Internet Industry Association (eco).
Thursday, 17 June 2010
Experts from nearly 40 countries gathered in the Estonian capital Tallinn to discuss the latest issues in the fight against virtual attackers. Estonian President Toomas Hendrik Ilves opened the conference with a stark warning about the seriousness of cybercrime. "Our critical infrastructure, electricity grids, transportation networks and mobile phone networks are so enmeshed and tied to the internet that any open society is open to complete and utter failure," he said. "There are no smoking guns, no foot or fingerprints in virtual reality," Estonia's Minister of Defence Jaak Aviksoo added.
Skilled hackers at the conference said malware designed to be used in attacks could be purchased for a few hundred dollars online, or even downloaded for free.
Wednesday, 16 June 2010
Police have arrested 178 people in Europe and the United States suspected of cloning credit cards in an international scam worth over 20 million euros ($24.52 million), Spanish police said on Tuesday. Police in fourteen countries participated a two-year investigation, initiated in Spain where police have discovered 120,000 stolen credit card numbers and 5,000 cloned cards, arrested 76 people and dismantled six cloning labs. The raids were made primarily in Romania, France, Italy, Germany, Ireland and the United States, with arrests also made in Australia, Sweden, Greece, Finland and Hungary.
Thursday, 10 June 2010
Federal chief information officers and chief information security officers will convene Monday, June 14, at an annual information technology conference where they are sure to discuss the Office of Management and Budget's mandate to look toward cloud computing to cut IT costs, increase efficiencies and enable greater government-wide collaboration and data exchange. In examining the potential benefits and vulnerabilities of moving their services to the cloud, government CIOs and CISOs should ask and demand answers to some difficult questions.
Does your provider ensure the confidentiality, integrity and availability with mature processes, proof of past performance, understanding of and mechanisms for disaster recovery options, and encrypted backups?
(Source: GovInfo Security)
Wednesday, 02 June 2010
The number of internet threats coming from the UK has increased in May, according to research by managed security firm, Network Box. The UK is now responsible for nearly six (5.9) per cent of the worlds internet viruses, up from three per cent in April. The only countries that produce more viruses than the UK are Korea (16.26 per cent) and the US (11.68 per cent). The US and India continue to dominate the production of the worlds spam, with the US producing 10.7 per cent, and India 7.1 per cent (similar figures from last month).
Russia has seen a decline in viruses produced from within its borders possibly an early result of Russian hosting service, PROXIEZ-NET notoriously used by criminal gangs being taken down earlier this month.
(Source: Network Box)
Monday, 31 May 2010
According to the latest data by Trend Micro, a leading Internet security company, more than 2 million computers were hacked and 476 million spam e-mails were sent in Turkey between June 2009 and May 2010. With Internet an increasingly integral part of daily life, criminals are finding new playgrounds in cyberspace.
In 2004 there were 680 million Internet users and 3 million malwares globally. Six years later, the number of Internet users increased to around 1.7 billion, but malwares jumped 10-fold to 30 million. The nature of the Internet also makes it harder to track down a criminal of cyber crime, as it crosses borders and is hard to understand. It is not like a bank robbery. There is no eyewitness or video footage,
(Source: Hurriyet Daily News)
Hurriyet Daily News
Friday, 21 May 2010
Carders.cc, a German online forum dedicated to helping criminals trade and sell financial data stolen through hacking, has itself been hacked. The once-guarded contents of its servers are now being traded on public file-sharing networks, leading to the exposure of potentially identifying information on the forums users as well as countless passwords and credit card accounts swiped from unsuspecting victims.
The breach involves at least three separate files being traded on Rapidshare.com: The largest is a database file containing what appear to be all of the communications among nearly 5,000 Carders.cc forum members, including the contents of private, one-to-one messages that subscribers to these forums typically use to negotiate the sale of stolen goods. Another file includes the user names, e-mail addresses and in many cases the passwords of Carder.cc forum
(Source: Krebs on Security)
Krebs on Security
The UAE can lead international efforts to promote global cyber security and cyber peace and to avoid the use of cyberspace for conflict, said a former senior White House adviser on Tuesday. "The UAE can play a leading role in creating an international system for cyber peace. You can do that not just by computers. But you can do that by strategists and diplomats. And there is a great role for the UAE to play in helping the world step back from cyber war to create an international system for cyber peace," said Richard Clarke, who served as a counterterrorism adviser to Presidents Bill Clinton and George W. Bush.
Warning that cyber war is the next threat to UAE national security, Clarke argued physical defences akin to borders such as firewalls will remain essential, but given the high levels of cross-border connectivity in cyber world, new approaches for cyber security must include the international diplomatic dimension.
(Source: Gulf News)
Wednesday, 19 May 2010
Du 17 au 21 mai 2010 se tient à Ouagadougou un atelier sur la cybersécurité. Avec comme objectif de former les acteurs chargés de la sécurisation du cyberespace à la lutte efficace contre les cybermenaces, cette session connaît la participation de délégués de la Côte dIvoire, du Ghana, du Mali et du Nigeria. Les travaux dudit séminaire ont été ouverts par le Secrétaire général du Premier ministère, Paul Marie Compaoré.
Face aux spams, scams, virus, vers et autres cyberattaques, il est plus quurgent de développer des stratégies et des dispositifs de pointe à même de sécuriser les systèmes du cyberespace en le protégeant de toutes ces cybermenaces. Cest dans cette optique que lUnion internationale des télécommunications (UIT), en partenariat avec IMPACT et lAutorité de régulation des communications électroniques (ARCE) du Burkina, organise du 17 au 21 mai 2010, un atelier sur la cybersécurité.
(Source: Le Faso)
Tuesday, 18 May 2010
Phishing may not be the most sophisticated form of cyber crime, but it can be a lucrative trade for those who decide to make it their day jobs. Indeed, data secretly collected from an international phishing operation over 18 months suggests that criminals who pursue a career in phishing can reap millions of dollars a year, even if they only manage to snag just a few victims per scam.
Phishers often set up their fraudulent sites using ready-made phish kits collections of HTML, text and images that mimic the content found at major banks and e-commerce sites. Typically, phishers stitch the kits into the fabric of hacked, legitimate sites, which they then outfit with a backdoor that allows them to get back into the site at any time.
(Source: Krebs on Security)
Krebs on Security
Friday, 14 May 2010
Researchers at Imperva have discovered an 'experimental' botnet that uses around 300 hijacked web servers to launch high-bandwidth DDoS attacks. The servers are all believed to be open to an unspecified security vulnerability that allows the attacker, who calls him or herself 'Exeman', to infect them with a tiny, 40-line PHP script. This includes a simple GUI from which the attacker can return at a later date to enter in the IP, port and duration numbers for the attack that is to be launched. Building a Secure and Compliant Windows Desktop: Download nowBut why servers in the first place? Botnets are built from PCs and rarely involve servers.
According to Imperva's CTO, Amachai Shulman, they have no antivirus software and offer high upload bandwidth, typically 10-50 times that of a consumer PC.
Monday, 10 May 2010
With the 2010 FIFA World Cup less than two months away, cybercriminals (as expected) are banking on this prestigious international football event to trick users. TrendLabsSM spotted the latest threat involving this, and it came in the form of an email message currently being spammed in the wild.
The spam carried a .PDF file attachment which was found to contain details about the lottery the recipient allegedly won. It also instructed the recipient to give out personal information and send them to the contact person or email sender before the prize could be claimed. What was interesting about the purported sender of the emailone Mrs. Michelle Matins, Executive Vice Presidentwas also the signatory for the 419 scam, aka the Nigeria scam.
(Source: Trend Micro)
Friday, 07 May 2010
As much heat as Facebook has taken recently for its privacy policies and the freedom with which it shares data across the Web and around the world, Facebook is still not the biggest threat to online privacy--you are. A study by Consumer Reports illustrates that users are really their own worst enemy when it comes to online privacy.
Here are some of the key findings of the Consumer Reports survey: A projected 1.7 million online households had experienced online identity theft in the past year. An estimated 5.4 million online consumers submitted personal information to e-mail (phishing) scammers during the past two years. Among adult social network users, 38 percent had posted their full birth date, including year. Forty-five percent of those with children had posted their children's photos. And 8% had posted their own street address. An estimated 5.1 million online households had experienced some type of abuse on a social network in the past year, including malware infections, scams, and harassment.
(Source: PC World)
Thursday, 29 April 2010
The German government is planning to establish a botnet cleanup helpline for computer users affected by malware infection. ISPs are teaming up with the German Federal Office for Information Security (BSI) to set up an operation geared towards cleansing consumer systems from botnet infestation. ISPs will track down infected machines, before directing users towards a website offering advice and an associated call centre, staffed by around 40.
The project, due to start in 2010, was announced on Tuesday at the German IT summit in Stuttgart. Malware in general, and botnets in particular, are a Windows ecosystem problem. Some bloggers have taken exception to the German plan, and have described it as a state funded subsidy to Microsoft, arguing that the money would be better spent offering advice on how to switch to less virus-infected systems.
(Source: The Register)
Friday, 23 April 2010
Attackers have begun exploiting a design flaw in Adobe's PDF format to spread the Zeus botnet, only days after the publication of a proof-of-concept exploit for the flaw, according to security researchers.
On Wednesday, researchers at M86 Security said they had discovered emails claiming to originate from Royal Mail with PDF attachments exploiting the flaw. The attachment attempts to run an executable file that installs the Zeus Trojan on a user's system. Zeus attempts to steal banking information by logging a user's keystrokes. It also attempts to make a user's system part of the Zeus botnet.
Tuesday, 20 April 2010
A new type of malware infects PCs using file-share sites and publishes the user's net history on a public website before demanding a fee for its removal. The Japanese trojan virus installs itself on computers using a popular file-share service called Winni, used by up to 200m people. It targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime. Website Yomiuri claims that 5500 people have so far admitted to being infected.
"If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware," said Mr Ferguson.
Monday, 19 April 2010
A computer security researcher has released a plugin for Firefox that provides a wealth of data on Web sites that may have been compromised with malicious code. The plugin, called Fireshark, was released on Wednesday at the Black Hat conference. The open-source free tool is designed to address the shortcomings in other programs used to analyze malicious Web sites, said Stephan Chenette, a principal security researcher at Websense, which lets Chenette develop Fireshark in the course of his job. Hackers often target legitimate Web sites with code that can either infect a machine with malicious software or redirect a user to a bad Web page.
Friday, 26 March 2010
One of the world's most notorious computer hackers was sentenced to 20 years in prison on Thursday after he pleaded guilty to helping run a global ring that stole tens of millions of payment card numbers. Albert Gonzalez, a 28-year-old college dropout from Miami, had confessed to helping lead a ring that stole more than 40 million payment card numbers by breaking into retailers including TJX Cos Inc, BJ's Wholesale Club Inc and Barnes & Noble.
It was the harshest sentence ever handed down for a computer crime in an American court, said Mark Rasch, former head of the computer crimes unit at the U.S. Department of Justice. Gonzalez and conspirators scattered across the globe caused some $200 million in damages to those businesses, said Assistant U.S. Attorney Stephen Heymann.
Wednesday, 24 March 2010
Countries in Asia now face the same level and type of sophisticated cyber attack as countries in the West, according to a new report from non-profit US cyber-crime research organisation Team Cymru.
Countries in Asia now face the same level and type of sophisticated cyber attack as countries in the West, according to a new report from non-profit US cyber-crime research organisation Team Cymru. "We would expect to see high concentrations of compromised machines in areas with high concentrations of Internet saturation and urban population," said Team Cymru director, global outreach, and former Scotland Yard detective, Steve Santorelli.
(Source: IDG Connect)
Monday, 22 March 2010
In a bid to cut down on fraud and inappropriate content, the organization responsible for administering Russia's .ru top-level domain names is tightening its procedures. Starting April 1, anyone who registers a .ru domain will need to provide a copy of their passport or, for businesses, legal registration papers.
Loopholes in the domain name system help spammers, scammers and operators of pornographic Web sites to avoid detection on the Internet by concealing their identity. Criminals often play a cat-and-mouse game with law enforcement and security experts, popping up on different domains as soon as their malicious servers are identified. Criminals in eastern Europe have used .ru domains for a while, registering domain names under fake identities and using them to send spam or set up command-and-control servers to send instructions to networks of hacked computers.
(Source: PC World)
Monday, 15 March 2010
The government has added fresh resources to the fight against cybercrime with the launch of a £4.3m programme to help combat fraud, estimated to cost UK consumers £3.5bn per year. The programme, which aims to take down scam websites, was launched by the Department for Business, Innovation and Skills this week. Under the scheme, up to 300 of the UK's approximately 3,000 existing trading standards officers will receive "intermediate" level training in tackling cybercrime.
In addition, a new cyber enforcement team within the Office of Fair Trading (OFT) will be set up. The team will lead investigations into websites selling fake or non-existent goods, tickets or services online, and will have an attached digital forensics lab that will be available to all OFT staff.
Wednesday, 10 March 2010
Twitter launched a new link-screening service on Tuesday aimed at preventing phishing and other malicious attacks against users of the popular microblogging service.
Phishing scams on Twitter usually involve attackers trying to obtain the login credentials of Twitter users, and then sending spam messages from the stolen accounts in a bid to make money, Twitter said on its blog last month. Twitter also fights phishing scams by watching for affected accounts and resetting passwords, it said. Phishing attacks ballooned on Twitter last year as the service grew in popularity. Twitter's new link-screening service comes after it last year started using Google's Safe Browsing API to check for malicious content in links posted by users.
(Source: PC World)
Friday, 05 March 2010
Hackers breaking into businesses and government agencies with targeted attacks have not only stolen intellectual property, in some cases they have corrupted data too, the head of the U.S. Federal Bureau of Investigation said Thursday. The United States has been under assault from these targeted spear-phishing attacks for years, but they received mainstream attention in January, when Google admitted that it had been hit and threatened to pull its business out of China -- the presumed source of the attack -- as a result.
Researchers investigating the Google attack -- thought to have affected at least 100 companies including Intel, Adobe and Symantec -- say that prime targets of the hackers were the source code management systems used by software developers to build code.
(Source: PC World)
Wednesday, 03 March 2010
Authorities have smashed one of the world's biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs. The "botnet" of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators.
Spanish investigators, working with private computer-security firms, have arrested the three alleged ringleaders of the so-called Mariposa botnet, which appeared in December 2008 and grew into one of the biggest weapons of cybercrime. More arrests are expected soon in other countries.
(Source: The New Zealand Herald)
The New Zealand Herald
Friday, 26 February 2010
Security experts are split over the effectiveness of Microsoft's efforts to shut down a network of PCs that could send 1.5 billion spam messages a day. The firm persuaded a US judge to issue a court order to cripple 277 internet domains used by the Waledac botnet. Botnets are usually armies of hijacked Windows PCs that send spam or malware. "We aim to be more proactive in going after botnets to help protect the internet," said Richard Boscovich, the head of Microsoft's digital crime unit.
Security firm Symantec has estimated that over 80% of unsolicited e-mail comes from botnets.
Wednesday, 24 February 2010
Intel was the victim of a cyber attack similar to the one experienced by Google, the company revealed Monday. "We regularly face attempts by others to gain unauthorized access through the Internet to our information technology systems," Intel said in regulatory filings posted by The New York Times. "One recent and sophisticated incident occurred in January 2010 around the same time as the recently publicized security incident reported by Google."
Attacks have included people who masqueraded as authorized users or those who used "surreptitious introduction of software," Intel said. "These attempts, which might be the result of industrial or other espionage, or actions by hackers seeking to harm the company, its products, or end users, are sometimes successful."
(Source: PC Magazine)
Friday, 19 February 2010
A former security researcher turned criminal hacker has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers.
Max Ray Butler, who used the hacker pseudonym Iceman, was sentenced Friday morning in U.S. District Court in Pittsburgh on charges of wire fraud and identity theft. In addition to his 13-year sentence, Butler will face five years of supervised release and must pay US$27.5 million in restitution to his victims, according to Assistant U.S. Attorney Luke Dembosky, who prosecuted the case for the federal government. Dembosky believes the 13 year sentence is the longest-ever handed down for hacking charges.
Thursday, 18 February 2010
A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness. The latest virus -- known as "Kneber botnet" -- gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information back to hackers, NetWitness said in a statement.
A botnet is an army of infected computers that hackers can control from a central machine." The company said the attack was first discovered in January during a routine deployment of NetWitness software.
Wednesday, 17 February 2010
A common Web programming error could give hackers a way to take over Google Buzz accounts, a security expert said Tuesday. The flaw is a "medium-sized problem" with the Buzz for Mobile Web site, said Robert Hansen, CEO of SecTheory, who first reported the issue. This type of Web programming error, called a cross-site scripting flaw, lets the attacker put his own scripting code into Web pages that belong to trusted Web sites such as Google.com. It is a fairly common flaw but one that can have major consequences when exploited on widely used Web sites.
The attacker "can force you to say things you don't want to say, to follow people," he said. "Whatever Google Buzz allows you to do, it allows him to do to you."
(Source: PC World)
Monday, 15 February 2010
Former top US intelligence officials will become cyberwarriors on Tuesday in a simulation of how the US government would respond to a massive cyberattack on the United States. "The scenario itself is secret," said Eileen McMenamin, vice president of communications for the Bipartisan Policy Center (BPC), which is hosting the event dubbed "Cyber ShockWave." "The participants don't even know what it is," McMenamin told AFP. "None of them know what's going to transpire."
Former president George W. Bush's Homeland Security chief Michael Chertoff will play the role of National Security Advisor to the president while former Director of National Intelligence John Negroponte will be Secretary of State.
Tuesday, 09 February 2010
Deep inside millions of computers is a digital Fort Knox, a special chip with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks.
The attack can force heavily secured computers to spill documents that likely were presumed to be safe. This discovery shows one way that spies and other richly financed attackers can acquire military and trade secrets, and comes as worries about state-sponsored computer espionage intensify, underscored by recent hacking attacks on Google Inc.
Monday, 08 February 2010
China has closed what it claims to be the largest hacker training website in the country and arrested three of its members, domestic media reported on Monday.
The "Black Hawk Safety Net" website taught hacking techniques and provided malicious software downloads for its 12,000 members in exchange for a fee, the Wuhan Evening News newspaper reported this weekend, citing police in Huanggang, just east of Wuhan.
Thursday, 04 February 2010
Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said.
For years, a malicious hacker has been setting up file-sharing torrent sites that appear legitimate and then selling them to well-meaning buyers who want to own their own download site, explained Del Harvey, Twitter's director of trust and safety, in a blog post. However, the sites are riddled with malware and backdoors that allow the malicious hacker to steal log-in credentials -- like e-mail addresses, usernames and passwords -- from users who sign up for them.
Tuesday, 02 February 2010
Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.
Fifty-seven percent of users surveyed reported getting spammed via social-networking sites -- an increase of 70.6 percent from 2008. And 36 percent say they have been sent malware via social-networking sites, a 69.8 percent increase.
(Source: NewsFactor Network)
Wednesday, 20 January 2010
Hackers are attacking consumers with an exploit of Internet Explorer (IE) that was allegedly used last month by the Chinese to break into Google's corporate network, a security company said Monday.
That news came on the heels of warnings by the information security agencies of the French and German governments, which recommended that IE users switch to an alternate browser, such as Firefox, Chrome, Safari or Opera, until Microsoft fixes the flaw. In a Monday alert Websense said it identified "limited public use" of the unpatched IE vulnerability in drive-by attacks against users who strayed onto malicious Web sites.
Monday, 18 January 2010
The U.S. Federal Bureau of Investigation is advising people to be careful when evaluating donation programs related to the earthquake in Haiti as one security firm is already seeing scam e-mails circulate. People should apply a "critical eye" to requests for financial donations following Tuesday's earthquake in Haiti, which caused an unknown number of deaths and severe damage to the country's infrastructure.
Scam e-mails are already emerging. Symantec noted a so-called 419-style e-mail that purported to come from the British Red Cross. A 419 scam, named after the number of a statute in Nigeria's criminal code banning the practice, is one in which an e-mail or a letter implores a person to send money for some bogus reason.
Wednesday, 13 January 2010
The cyber threat environment is constantly changing and becoming more challenging with every day that passes. Malware grew last year at the highest rate in 20 years. Multiple security reports showed that more than 25 million new strains of malware were identified in 2009.
Forecasts suggest that 2010 will again see unprecedented growth in malware and the trend is expected to continue for the foreseeable future. Not only will the cyber attack volume escalated dramatically, but the sophistication of malware delivery modalities will also become much more sophisticated and dangerous. In addition, social networking sites will become major targets of choice for cyber criminals.
(Source: Defense Tech)
Thursday, 07 January 2010
The new year will usher in some interesting new changes in the world of malware and cyber-attacks, according to one company's predictions for 2010. Watchful eyes will have to be kept on mobile phone apps, Google Wave accounts, file sharing and peer-to-peer networks -- cyber-criminals will target those in greater numbers, according to predictions released by Kaspersky Labs, a provider of Internet threat management solutions for combating malware.
"Given the growing sophistication of threats -- it's no longer just an e-mail saying, Please click on this attachment,' and you get infected with something -- the schemes are much more elaborate than that," said Roel Schouwenberg, the company's senior malware researcher.
(Source: Government Technology)
Thursday, 17 December 2009
A court in east China has handed down jail sentences of up to three years to 11 people for their roles in online gaming scams that netted them around 140,000 dollars, state media said. Lu Yizhong and Zeng Yifu wrote malicious Trojan horse viruses to steal 5.3 million user names and passwords from online gamers, which were then used for "illegal gains", the Xinhua news agency reported late Wednesday. Defendants Yan Renhai, his girlfriend Chen Huiting and other accomplices sold or used the viruses to steal online credits, the Gulou District People's Court in Jiangsu province found, according to Xinhua.
The number of Internet gamers in China reached 217 million at the end of June, or 64.2 percent of the nation's total online population.
Wednesday, 16 December 2009
Internet users are being warned to watch out for a computer virus targeting popular social networking sites in the run up to Christmas.
Security experts say the new virus is "particularly nasty" and compels its victims to participate manually in creating a new Facebook account to help spread the worm. "The more people who use an application such as Facebook, or any other means of social networking, the more likely they are to be targeted by bad guys to send out malicious threats such as Koobface." The internet security company recommends that users do not reply to or follow links included in unsolicited Facebook messages and users should always carefully check that the URL they are entering is really that of the site they want to access.
(Source: FOX News)
Tuesday, 15 December 2009
They're the scourge of the Internet right now and the U.S. Federal Bureau of Investigation says they've also raked in more than $150 million for scammers. Security experts call them rogue antivirus programs.
The FBI's Internet Crime Complaint Center issued a warning over this fake antivirus software Friday, saying that Web surfers should be wary of sudden pop-up windows that report security problems on their computers. This software can appear almost anywhere on the Web. Typically, the scam starts with an aggressive pop-up advertisement that looks like some sort of virus scan. Often it's nearly impossible to get rid of the pop-up windows.
Thursday, 10 December 2009
A "friendly" hacker called c0de.breaker claims to have broken into two secure internal sites at NASA's Instrument Systems and Technology and Software Engineering divisions, and snapped screen shots to prove the protected sites were intruded.
"I didn't want to make something bad!" c0de.breaker wrote in a web posting. "Only to show NASA (has) many vulnerable subdomains to SQLI (SQL injection), XSS (cross-site scripting), etc." The hacker gained access through a combination of a SQL injection and poor access controls. The National Aeronautics and Space Administration has had major problems securing its websites for years.
(Source: Gov Info Security)
Gov Info Security
Wednesday, 09 December 2009
What do phishing, instant messaging malware, DDoS attacks and 419 scams have in common? According to Cisco Systems, they're all has-been cybercrimes that were supplanted by slicker, more menacing forms of cybercrime over the past year.
In its 2009 Annual Security Report, due to be released Tuesday, Cisco says that the smart cyber-criminals are moving on. "Social media and the data-theft Trojans are the things that are really in their ascent," said Patrick Peterson, a Cisco researcher. "You can see them replacing a lot of the old-school things."
Friday, 04 December 2009
The U.S. government and private businesses need to overhaul the way they look at cybersecurity, with the government offering businesses new incentives to fix security problems, the Internet Security Alliance said.
The alliance, in a report released Thursday, also called for permanent international cybersecurity collaboration centers, new security standards for VoIP (voice over Internet Protocol) communications and programs to educate corporate leaders about the benefits of enhanced cybersecurity efforts. Lots of groups have called for better information security education for students, but education for enterprise leaders is often overlooked, said Joe Buonomo, president and CEO of Direct Computer Resources, a data security products vendor.
Wednesday, 02 December 2009
If your iPhone has been jailbroken, change your passwords now, advised Paul Ducklin, Sophos Australia's chief of technology. Ducklin said the writers of this virus included a program call "Duh", which added malicious capabilities not present in last month's ikee release.
The new password installed by this virus was "ohshit", which can be used to remove the threat of further remote attacks on an infected device. Ducklin said to clean up the device by searching the file "directory/private/var/mobile/home", type in "passwd" to initiate the command, and change the password. "Otherwise the buggers can get back in anytime they want," said Ducklin.
(Source: ZDNet Australia)
Tuesday, 01 December 2009
Its not good news for IT cities. According to a report prepared by the Computer Emergency Research Team from the Union IT ministry, a total of 692 websites have been affected in September alone.
The unit has now asked the respective state governments to secure their own websites. We have instructed all state governments to instal security measures, especially for those sites which contain sensitive data, said a senior ministry official. Of the websites hacked, a whopping 74% belong to the dotin domain Most common hacking method is to steal password from administrator Hackers also enter web server and destroy the site Another method is to try and poison the URL.
(Source: The Economic Times)
The Economic Times
A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee.
The original Panda worm, also known as Fujacks, caused widespread damage at a time when public knowledge about online security was low, and led to the country's first arrests for virus-writing in 2007. The new worm variant, one of many that have appeared since late 2006, adds a malicious component meant to make infection harder to detect.
(Source: PC World)
Monday, 30 November 2009
Diners who frequent a popular Downtown restaurant should review their charge-card statements because hackers broke into its computer system to loot debit- and credit-card numbers, police said today.
Between 30 and 50 people have reported fraudulent charges on their accounts, and Columbus detectives said that anyone who used a charge card at Tip Top Kitchen and Cocktails in July or August is at risk. The hackers have been traced to an overseas Internet address, and no Tip Top employees are involved, police said. The hackers found a weak point in the restaurant's computer defenses, wormed their way in, and installed "malware" that stripped the numbers.
(Source: The Columbus Dispatch)
The Columbus Dispatch
Tuesday, 24 November 2009
Four men, including the self-proclaimed "Godfather of Spam," were sentenced to prison on Monday for their roles in an email stock fraud scheme, the Justice Department said. FBI special agent said Ralsky, the self-proclaimed "Godfather of Spam," flooded email boxes with unwanted spam email and attempted to use a botnet to hijack computers to assist them in the scheme. A botnet is a network of computers infected by malicious software.
"Today's sentencing sends a powerful message to spammers whose goal is to manipulate financial transactions and the stock market through illegal email advertisements," said assistant attorney general Lanny Breuer.
Thursday, 19 November 2009
A self-proclaimed geek from the age of 14, Andre DiMino had always been interested in computers and networking. But it wasn't until he entered his professional life many years later that he became interested in the security side of that world.
Just five years ago, hunting botnets, said DiMino, was a much different game. The botnets were fairly straightforward, he said, and the primary method of communication was the IRC (Internet Relay Chat). DiMino and other volunteers were able to act like criminals by joining a botnet, watching its traffic to get an understanding of how it was architected and learn more its particular function. They found their efforts were worthwhile as they began contacting network hosts, alerting them that were supporting the botnets and seeing them shutdown.
Friday, 13 November 2009
Testing a brand new copy of Windows 7 shows that malware still finds its way around inbuilt preventative measures.
Got Windows 7? Yes, we know an increasing number of you have. But you'll still need antivirus protection. A test by the security company Sophos has found that Windows 7 is, out of the box, vulnerable to 8 out of 10 viruses that dropped into its feed (its feed being gnarly viruses picked from the internet). But of those 8, the User Account Control (UAC) - meant to save you from yourself, you button-clicking obsessive, you - did stop one.
Thursday, 12 November 2009
For the last few days, some jailbroken iPhone users have found their home screen background a little different than they remembered. A hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH.
Simply jailbreaking your iPhone will not make you vulnerable to this sort of hack. The iPhone OS, in general, is also immune to this hack. On jailbroken iPhones, SSH is installable with a package from Cydia that allows you to connect to your phone and make changes to the filesystem.
(Source: TUAW News)
Australian internet provider BigPond has become the latest internet company to be targeted by hackers on Twitter, after one of its accounts was hijacked as part of a phishing scam.
Affected users received a private message from BigPondTeam saying "Hey, look at this," and directing them to follow a link that asked them to enter their Twitter password. The attack was part of an attempt to steal their credentials and potentially gain access to other services they use - such as their bank accounts or email services.
Wednesday, 04 November 2009
An expert on cable modem hacking has been arrested by federal authorities on computer intrusion charges. According to the U.S. Department of Justice (DOJ), Ryan Harris, 26, ran a San Diego company called TCNISO that sold customizable cable modems and software that could be used to get free Internet service or a speed boost for paying subscribers.
Hackers have known for years that certain models of cable modem, such as the Motorola Surfboard 5100, can be hacked to run faster on a network, a process known as uncapping.
Monday, 02 November 2009
If your cash card gets eaten by the automated-teller machine, it may not end up in the hands of a bank employee. European financial institutions are seeing a sharp rise in card "trapping," where criminals use various tricks in order to capture and retrieve a person's ATM card for fraudulent use.
For the first half of this year, financial institutions reported 1,045 trapping incidents, according to a new report from the European ATM Security Team (EAST), a nonprofit group composed of financial institutions and law enforcement. The figure, which covers 20 countries within the Single Euro Payments Area (SEPA), represents a 640 percent increase over the first half of 2008.
Friday, 30 October 2009
Twitter warned users Tuesday of a new phishing scam on the social networking site. It's the latest in a series of scams that have plagued the site over the past year, designed to trick victims into giving up their user names and passwords.
"We've seen a few phishing attempts today, if you've received a strange DM and it takes you to a Twitter login page, don't do it!," Twitter wrote on its Spam message page. The message reads, "hi. this you on here?" and includes a link to a fake Web site designed to look like a Twitter log-in page. After entering a user name and password, victims enter an empty blogspot page belonging to someone named NetMeg99.
Tuesday, 27 October 2009
The Swiss Foreign Ministry says it was the victim of a "professional" cyber attack aimed at obtaining information from its computer network. Spokesman Georg Farago says the ministry cut the connection between its network and the Internet after the attack was discovered on Thursday. He says specialists are trying to determine the source of the attack and whether any information was stolen.
Farago said Monday it appeared the Foreign Ministry was specifically targeted. Switzerland frequently plays host to international peace talks and other high-level negotiations.
Monday, 26 October 2009
Networks of hacked computers are being used more than ever to click on advertisements, a scam known as click fraud that cheats search engines, publishers and ad networks out of revenue.
For the third quarter of the year, 42.6% of fraudulent clicks came from botnet-infected computers, according to Click Forensics, a company that produces tools to detect and filter out fraudulent clicks. The figure is the highest in four years, when Click Forensics began producing reports. For the same quarter a year ago, botnets accounted for 27.5% of bad clicks. Botnets are a powerful tool for hackers.
Wednesday, 21 October 2009
Microsoft admitted Hotmail users had been tricked into revealing their passwords, 10,000 of which had been published online.
The spam is being sent from users' accounts to contacts in their address books - so recipients will think it came from one of their friends. While the new spam is not malicious in itself, it does point the contact in the direction of something that is a "shopping" website. The trick is, the shopping site is not a real one. The scam persuades victims to order goods online by credit card, leaving them vulnerable to identity theft and fraud.
(Source: Fox News)
Hotmail and several other Web e-mail providers were recently hit by phishing attacks that gleaned usernames and passwords.It's terribly insecure, but the string of digits 1234567 is a popular password on Hotmail, according to security researcher Bogdan Calin, who analyzed 9,843 stolen Windows Live Hotmail passwords that were posted on a Web site.
In a blog post, Calin said the following were the most common passwords in the Hotmail collection: 123456, 123456789, alejandra, 111111, alberto, tequiero, alejandro and 12345678.
Monday, 19 October 2009
Tens of millions of U.S. computers are loaded with scam security software that their owners may have paid for but which only makes the machines more vulnerable, according to a new Symantec report on cybercrime.
Cyberthieves are increasingly planting fake security alerts that pop up when computer users access a legitimate website. The "alert" warns them of a virus and offers security software, sometimes for free and sometimes for a fee. "Lots of times, in fact they're a conduit for attackers to take over your machine. They'll take your credit card information, any personal information you've entered there and they've got your machine,"
Friday, 16 October 2009
Cyber-crime just doesn't pay like it used to. Security researchers say the cost of criminal services such as distributed denial of service, or DDoS, attacks has dropped in recent months. The reason? Market economics.
Criminals have gotten better at hacking into unsuspecting computers and linking them together into so-called botnet networks, which can then be centrally controlled. Botnets are used to send spam, steal passwords, and sometimes to launch DDoS attacks, which flood victims' servers with unwanted information.
Wednesday, 14 October 2009
Twitter users should refrain from changing their log-in data until further notice or else risk getting locked out of their accounts. Twitter is investigating instances of users who have lost access to their accounts after modifying their usernames, passwords or e-mail addresses, the microblogging company said on Tuesday.
Until the problem is resolved, Twitter users shouldn't modify their log-in data, according to an official posting on Twitter's Status Web site. "This seems to affect new users as well as long term users," the note reads.
Monday, 12 October 2009
For the fourth time this year, Adobe has admitted that hackers used malicious PDF documents to break into Windows PCs.
The bug in the popular Reader PDF viewer and the Acrobat PDF maker is being exploited in "limited targeted attacks," Adobe said yesterday. That phrasing generally means hackers are sending the rigged PDF documents to a short list of users, oftentimes company executives or others whose PCs contain a treasure trove of confidential information.
Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before.
The best defense against data theft, malware and viruses in the cloud is self defense, researchers at the Hack In The Box (HITB) security conference said. But getting people to change how they use the Internet, such as what personal data they make public, won't be easy.
Friday, 09 October 2009
Scammers have grabbed the Hotmail passwords that leaked to the Web and are using them in a plot involving a fake Chinese electronics seller to bilk users out of cash and their credit card information, a security researcher said.
"We've seen a 30% to 40% increase in these types of spam messages in the last several days," said Patrik Runald, senior manager of Websense's security research team. "By 'these types of spam,' I mean messages that are advertising great consumer electronics bargains, such as cameras and computers."
The head of the U.S. Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came "just a few clicks away from falling into a classic Internet phishing scam" after receiving an e-mail that appeared to be from his bank.
In phishing scams, criminals send spam e-mails to their victims, hoping to trick them into entering sensitive information such as usernames and passwords at fake Web sites.
Thursday, 08 October 2009
IPhone lovers and other smartphone users should take heed: A security researcher showed ways to spy on a BlackBerry user during a presentation Wednesday, including listening to phone conversations, stealing contact lists, reading text messages, taking and viewing photos and figuring out the handset's location via GPS.
And ironically, Sheran Gunasekera, head of research and development at ZenConsult, said the BlackBerry is one of the most secure smartphones available, in some ways better than the iPhone.
Investigators in the United States and Egypt have smashed a computer "phishing" identity theft scam described as the biggest cyber-crime investigation in US history, officials said Wednesday.
The Federal Bureau of Investigation said 33 people were arrested across the United States early Wednesday while authorities in Egypt charged 47 more people linked to the scam. A total of 53 suspects were named in connection with the scam in a federal grand jury indictment, the FBI said.
Tuesday, 06 October 2009
Microsoft blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online.
Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free Web-based email service into revealing account and access information, according to the US technology giant. Phishing is an Internet bane and involves using what hackers refer to as "social engineering" to trick people into revealing information online or downloading malicious software onto computers.
In a somewhat unusual data breach, hackers recently stole the login credentials of an unknown number of customers of payroll processing company PayChoice Inc., and then attempted to use the data to steal additional information directly from the customers themselves.
Hackers broke into the site and managed to access the real legal name, username and the partially masked passwords used by customers to log into the site. They then used the information to send very realistic looking phishing e-mails to PayChoice's customers directing them to download a Web browser plug-in to be able to continue using the onlineemployer.com service.
Friday, 02 October 2009
US Homeland Security Secretary Janet Napolitano said Thursday that her department has received the green light to hire up to 1,000 cybersecurity experts over the next three years.
Kicking off "National Cybersecurity Awareness Month," she said the new recruits would "help fulfill the department's broad mission to protect the nation's cyber infrastructure, systems and networks." "Effective cybersecurity requires all partners -- individuals, communities, government entities and the private sector -- to work together to protect our networks and strengthen our cyber resiliency," Napolitano said.
Wednesday, 30 September 2009
Cybersecurity researchers often scare the IT world with tales of brilliant and devious hacks: encryption cracking techniques, wi-fi booby-traps and undetected vulnerability data sold on the black market. But the most common path cybercriminals use to gain access to victims' PCs today, according to a new report, is far more mundane: buggy software that users and IT administrators fail to patch for months, long after fixes are publicly available.
The study to be released Tuesday by the security-focused SANS Institute states that the cybersecurity community is facing an epidemic of unpatched software, particularly widely used applications like Adobe Flash, Java and Microsoft programs like Word and PowerPoint.
Monday, 28 September 2009
A network of Russian malware writers and spammers paid hackers 43 cents for each Mac machine they infected with bogus video software, a sign that Macs have become attack targets, a security researcher said yesterday.
In a presentation Thursday at the Virus Bulletin 2009 security conference in Geneva, Switzerland, Sophos researcher Dmitry Samosseiko discussed his investigation of the Russian "Partnerka," a tangled collection of Web affiliates who rake in hundreds of thousands of dollars from spam and malware, most of the former related to phony drug sites, and much of the latter targeting Windows users with fake security software, or "scareware."
Tuesday, 22 September 2009
A new botnet has caused a sharp spike in click fraud because it is skirting the most sophisticated filters of search engines, Web publishers and ad networks, according to Click Forensics. The company, which provides services to monitor ad campaigns for click fraud and reports on click fraud incidence every quarter, said on Thursday that the botnet's architects have figured out a way to mask it particularly well as legitimate search ad traffic.
Click Forensics is calling this the "Bahama botnet" because it was initially redirecting traffic through 200,000 parked domains in the Bahamas, although it is now using sites in Amsterdam, the U.K. and Silicon Valley.
Monday, 21 September 2009
Microsoft filed lawsuits against five companies Thursday, accusing them of using malicious advertisements to trick victims into installing software on their computers.
Typically, when a scareware ad pops up on a victim's screen, it looks like a Windows utility running some kind of security scan. It will then warn that it has found a critical security problem and direct the victim to a Web site where they can buy a product to fix the issue. DirectAd Solutions, Soft Solutions, qiweroqw.com, ote2008.info and ITmeter have used ads to "distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users".
Tuesday, 15 September 2009
A computer hacker who was once a federal informant and was a driving force behind one of the largest cases of identity theft in U.S. history pleaded guilty Friday in a deal with prosecutors that will send him to prison for up to 25 years.
Albert Gonzalez, 28, of Miami, admitted pulling off some of the most prominent hacking jobs of the decade. Federal authorities say tens of millions of credit and debit card numbers were stolen. Gonzalez entered guilty pleas in U.S. District Court in Boston to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft.
Monday, 14 September 2009
Cyber criminals are taking advantage of swine flu fears with e-mails promising news on the illness which then infect computers with a virus, a Spanish computer security firm warned Friday.
The e-mails invite recipients to open a document with information claiming the H1N1 flu virus was developed by pharmaceutical firms seeking to make huge profits from the outbreak, Pandasecurity said in a statement. But if the document is opened, a virus is installed on the person's computer which can steal personal information like bank account data.
South Korea plans to train 3,000 "cyber sheriffs" by next year to protect businesses after a spate of attacks on state and private websites, a report said Sunday. The "cyber sheriffs" would be tasked with "protecting corporate information and preventing the leaks of industrial secrets," Yonhap news agency said.
In the event of cyber attacks, the National Intelligence Service, the country's main spy agency, would set up a taskforce including civilian and government experts to counter the online threats, it added. The country already has a military cyber unit. South Korea, where 95 percent of homes have broadband, is among the top countries in terms of access to the high-speed Internet.
Thursday, 10 September 2009
Hong Kong is under siege from legions of "zombies" attacking people with spam and leaving in their wake a trail of destruction costing millions of dollars a year, analysts have warned.
There are an estimated 4,000 zombies active in Hong Kong and their criminal puppet masters use them to fire off thousands of messages offering products ranging from jewellery to pornography. According to the 2008 Annual Security Report by Internet security firm MessageLabs 81.3 percent of emails sent to Hong Kong computer users last year were spam, more than in any other territory or country in the world.
Wednesday, 09 September 2009
Anonymous hackers have attacked a Taiwan film festival over plans to screen a documentary on the US-based leader of China's predominantly Muslim Uighur minority, festival organisers said Tuesday. A message, posted on a blog run by one of the organisers of the Kaohsiung Film Festival, blamed Rebiya Kadeer for recent bloody unrest in northwest China's Xinjiang region, which is home to the Turkic-speaking Uighurs.
The film festival, which takes place in Taiwan's second largest city Kaohsiung, is scheduled to show "Ten Conditions of Love" on World Uighur Congress leader Kadeer in October.
Tuesday, 01 September 2009
If Google Inc. digitizes the world's books, how will it keep track of what you read? That's one of the unanswered questions that librarians and privacy experts are grappling with as Google attempts to settle a long-running lawsuit by publishers and copyright holders and move ahead with its effort to digitize millions of books, known as the Google Books Library Project.
Librarians and the online world have different standards for dealing with user information. Many libraries routinely delete borrower information, and organizations such as the American Library Association have fought hard to preserve the privacy of their patrons.
Monday, 31 August 2009
There's still plenty of room for innovation today, yet the openness fostering it may be eroding. While the Internet is more widely available and faster than ever, artificial barriers threaten to constrict its growth. Call it a mid-life crisis. A variety of factors are to blame. Spam and hacking attacks force network operators to erect security firewalls.
"There is more freedom for the typical Internet user to play, to communicate, to shop more opportunities than ever before," said Jonathan Zittrain, a law professor and co-founder of Harvard's Berkman Center for Internet & Society. "On the worrisome side, there are some longer-term trends that are making it much more possible (for information) to be controlled."
Friday, 28 August 2009
A software developer, a U.K.-based search optimization specialist, Slater recommended that, until Twitter patches the vulnerability, users should stop following any Twitterers they don't personally know or trust. "Who's to say they're not already stealing your details? If you don't see their tweets, they can't harm you,"
Wednesday, 26 August 2009
Fans searching for "Jessica Biel" or "Jessica Biel downloads," "Jessica Biel wallpaper," "Jessica Biel screen savers," "Jessica Biel photos," and "Jessica Biel videos" have a one in five chance of landing at a Web site that has tested positive for online threats such as spyware, adware, spam, phishing, viruses and other malware. McAfee's conclusion: Searching for the latest celebrity news and downloads can cause serious damage to personal computers.
"Consumers' obsession with celebrity news and culture is harmless in theory, but one bad download can cause a lot of damage to a computer."
Monday, 24 August 2009
Albert Gonzalez, the man described by federal authorities as the kingpin of a gang responsible for stealing more than 130 million payment cards, is a computer addict constantly looking for ways to challenge his abilities, according to his lawyer. He has had an unhealthy obsession with computers since the age of 8. "He was self-taught, He didn't go out in the sandbox or play baseball. The computer was his best friend."
"It wasn't healthy. It's a sickness. It's a problem that has not been addressed in our society."
Wednesday, 19 August 2009
US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards. Officials say it is the biggest case of identity theft in American history.
They say Albert Gonzalez, 28, and two un-named Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain. Prosecutors say they aimed to sell the data on. If convicted, Mr Gonzalez faces up to 20 years in jail for wire fraud and five years for conspiracy.
Tuesday, 18 August 2009
The cyberattacks against Georgia a year ago were conducted in close connection with Russian criminal gangs, and the attackers likely were tipped off about Russia's intent to invade the country, according to a new technical analysis, much of which remains secret. The stunning conclusions come from the U.S. Cyber Consequences Unit, an independent nonprofit research institute that assesses the impact of cyber attacks.
Bombers struck targets throughout the country, and at the same time Georgian media and government sites fell under DDOS attack.
A new hacking incident report warns there has been a steep rise in attacks at social-networking hotspots including wildly popular microblogging service Twitter. Hackers aren't just hunting for victims in the flocks of people at social networks, they're also using Twitter to command "botnet" armies of infected computers, according to Internet security specialists.
"A lot of Web 2.0 widgets, mashups and the like that users go for make it easy for all these guys to launch attacks." Facebook became an Internet star after opening its platform to widgets, mini-applications made by outside developers, and now boasts more than 250 million members.
Monday, 17 August 2009
A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem. At least one criminal was using a Twitter account to control a network of a couple hundred infected personal computers, mostly in Brazil.
Networks of infected PCs are referred to as "botnets" and are responsible for so much of the mayhem online, from identity theft to spamming to the types of attacks that crippled Twitter. A Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious Web sites, where they download programs that steal banking passwords.
Thursday, 13 August 2009
The investigation into the attacks against high-profile Web sites in South Korea and the U.S. is a winding, twisty electronic goose chase that may not result in a definitive conclusion on the identity of the attackers.
Computer security experts disagree over the skill level of the DDOS (distributed denial-of-service) attacks, which over the course of a few days in early July caused problems for some of the Web sites targeted, including South Korean banks, U.S. government agencies and media outlets. The DDOS attack was executed by a botnet, or a group of computers infected with malicious software controlled by a hacker. That malware was programmed to attack the Web sites by bombarding them with page requests that far exceed normal visitor traffic. As a result, some of the weaker sites buckled.
Fraudsters are taking advantage of the widely used but obscure Automated Clearing House (ACH) Network in order to pull off their attacks. This financial network is used by financial institutions to handle direct deposits, checks, bill payments and cash transfers between businesses and individuals.
The fraud typically starts with a targeted phishing e-mail, aimed at whomever is in charge of the company's checkbook. By tricking the victim into running software, opening a harmful attachment or visiting a malicious Web site, the criminals are able to install keylogging software and steal bank account passwords.
Tuesday, 11 August 2009
The outage that knocked Twitter offline for hours was traced to an attack on a lone blogger in the former Soviet republic of Georgia - but the collateral damage that left millions around the world tweetless showed just how much havoc an isolated cyberdispute can cause.
"It told us how quickly many people really took Twitter into their hearts," Robert Thompson, director of the Center for the Study of Popular Television at Syracuse University, said Friday. Tens of millions of people have come to rely on social media to express their innermost thoughts and to keep up with world news and celebrity gossip. Twitter "is one of those little amusements that infiltrated the mass behavior in some significant ways, so that when it went away, a lot of people really noticed it and missed it."
A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers. Real Host, based in Riga, Latvia was thought to control command-and-control servers for infected botnet PCs, and had been linked to phishing sites, Web sites that launched attack code at visitors and were also home to malicious "rogue" antivirus products.
"This is maybe one of the top European centers of crap," he said in an e-mail interview. Real Host was considered a "bullet proof" hosting provider, that would allow customers to remain online even after they had been linked to malicious activity.
Monday, 10 August 2009
The distributed denial-of-service (DDOS) attacks that knocked out Twitter for hours and affected other sites like Facebook, Google's Blogger, and LiveJournal on Thursday continued all day Friday and may persist throughout the weekend. In its latest update, posted to a discussion forum of its third-party developers at 11 p.m. U.S. Eastern Time on Friday, Twitter reports it's still fighting the attacks.
"The DDoS attack is still ongoing, and the intensity has not decreased at all," wrote Chad Etzel, from Twitter's application development platform support team.
Friday, 07 August 2009
One of Israel's main political parties has shut down its website following an attack by Palestinian hackers, according to reports. Attackers on the official Kadima website posted images of wounded Palestinians and the aftermath of suicide bombings in Israel.
Slogans in both Hebrew and Arabic were also placed on the site, including threats to party leader Tzipi Livni. Kadima, a centrist political party that favours a two-state solution to the Middle East conflict, is the largest party in the Israeli parliament.
Micro-blogging service Twitter and social networking site Facebook have been severely disrupted by hackers. Twitter was taken offline for more than two hours whilst Facebook's service was "degraded", according to the firms.
The popular sites were subject to so-called denial-of-service attacks on Thursday, the companies believe. Denial-of-service (DOS) attacks take various forms but often involve a company's servers being flooded with data in an effort to disable them.
Monday, 03 August 2009
Chinese hackers crashed the website of Australia's biggest film festival, organisers said on Saturday, escalating tensions over a visit here by the exiled leader of the Uighur minority. Online bookings for the Melbourne International Film Festival had to be shut down after the site was bombarded with phony purchases which resulted in the entire program being sold out, said festival spokeswoman Asha Holmes.
A Chinese citizen living in the United States had alerted organisers to the viral campaign, which originated from a website in China titled "A Call to Action to All Chinese People", said Holmes.
A powerful new type of Internet attack works like a telephone tap, except operates between computers and Web sites they trust.
Hackers at the Black Hat and DefCon security conferences have revealed a serious flaw in the way Web browsers weed out untrustworthy sites and block anybody from seeing them. If a criminal infiltrates a network, he can set up a secret eavesdropping post and capture credit card numbers, passwords and other sensitive data flowing between computers on that network and sites their browsers have deemed safe.
Thursday, 30 July 2009
Facebook, MySpace and other social networking sites are inceasingly being targeted by cyber-criminals drawn to the wealth of personal information supplied by users, experts warn. Data posted on the sites -- name, date of birth, address, job details, email and phone numbers -- is a windfall for hackers, participants at Campus Party, one of the world's biggest gatherings of Internet enthusiasts, said.
A vicious virus Koobface -- "koob" being "book" in reverse -- has affected thousands Facebook and Twitter users since August 2008, said Asier Martinez, a security specialist at global IT solutions provider Panda Security.
Microsoft released a security patch on Tuesday aimed at preventing hackers from exploiting a vulnerability in its Web browser, Internet Explorer.
The US software giant said that the security update would be automatically installed for Internet Explorer users who have automatic updating enabled on their computers but would need to be installed manually by other users. "These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer," Microsoft said.
Tuesday, 28 July 2009
Amid concerns that the U.S. has a shortage of cybersecurity professionals, a new consortium of U.S. government and private organizations aims to identify students with strong computer skills and train them as cybersecurity guardians, warriors and "top guns."
The U.S. Cyber Challenge initiative will bring together three cybersecurity competitions for high school or college students and launch new in-person competitions, said Alan Paller, research director at the SANS Institute, a cybersecurity training organization. The organizers of the U.S. Cyber Challenge also plan to offer scholarships to promising students and hook them up with internships and jobs, Paller said.
Friday, 24 July 2009
The news report begins with shots of a tense space shuttle launch. Engineers hunch over computer banks and techno music pounds in the background. There is a countdown, a lift-off, and then you see a young man in a black T-shirt and sunglasses, apparently reporting from space.
This is the Hacker News Network, and after a decade offline it is lifting off again, this time with a quirky brand of video reports about security. They're the guys who famously told the U.S. Congress that they could take down the Internet in about 30 minutes, and who helped invent the way that security bugs are reported to computer companies.
Thursday, 23 July 2009
Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found.
The study describes a fragmented federal cyber force, where no one is in charge of overall planning and government agencies are "on their own and sometimes working at cross purposes or in competition with one another." The report, scheduled to be released Wednesday, arrives in the wake of a series of cyberattacks this month that shut down some U.S. and South Korean government and financial Web sites.
Hackers will soon gain a powerful new tool for breaking into Oracle Corp's (ORCL.O) database, the top-selling business software used by companies to store electronic information.
Security experts have developed an easy-to-use, automated software tool that can remotely break into Oracle databases over the Internet to simulate attacks on computer systems, but cybercrooks can use it for hacking. The tool's authors created it through a controversial open-source software project known as Metasploit, which releases its free software over the Web.
Wednesday, 22 July 2009
The popularity of Facebook and other popular social networking sites has given hackers new ways to steal both money and information, the security company Sophos said in a report released on Wednesday.
About half of all companies block some or all access to social networks because of concerns about cyber incursions via the sites, according to the study. "Research findings also revealed that 63 percent of system administrators worry that employees share too much personal information via their social networking sites, putting their corporate infrastructure -- and the sensitive data stored on it -- at risk," the Sophos report said.
Friday, 17 July 2009
The U.K. was the likely source of a series of attacks last week that took down popular Web sites in the U.S. and South Korea, according to an analysis performed by a Vietnamese computer security analyst. The address is registered to Global Digital Broadcast in the U.K. "Having located the attacking source in U.K., we believed that it is completely possible to find out the hacker," Nguyen wrote.
The results contradict assertions made by some in the U.S. and South Korean governments that North Korea was behind the attack. Security analysts had been skeptical of the claims, which were reportedly made in off-the-record briefings and for which proof was never delivered.
Thursday, 16 July 2009
As such, Facebook is quickly becoming a hotbed of activity for all kinds of malware and financial scams. With 200 million registered users, Facebook represents an ocean of fish which are all accessible in one convenient place. It helps that many Facebook users are relatively unsophisticated at the web and especially the complex security issues surrounding it, and are thus more susceptible to attacks delivered via the social network.
Facebook says it's doing its part to fight the problem, but it can't monitor every bit that passes through its servers. Less than 1 percent of its users have been victimized over the last five years, it says. That sounds good, until you realize that could be up to 2 million people, hardly a drop in the bucket.
A British hacker who has been fighting extradition to the United States for seven years today made an eleventh-hour appeal to a British court to be tried in the U.K. instead of in a U.S. federal court.
Gary McKinnon, 43, has admitted that in 2001 he broke into U.S. Department of Defense, NASA and U.S. Army computer systems. However, McKinnon has been using a series of legal maneuvers and appeals to fight extradition to the U.S. since he was indicted in November 2002 in the U.S. District Court for the Eastern District of Virginia on charges related to the computer hacks.
Wednesday, 15 July 2009
Microsoft Corp warned that cybercriminals have attacked users of its Office software for Windows PCs, exploiting a programing flaw that the software giant has yet to repair. The world's largest software maker issued the warning on Tuesday as it released patches to address nine other security holes in its software.
Cybercriminals target Microsoft programs because they are so widely used, allowing them to go after the largest number of potential victims with one set of code. (Windows runs more than 90 percent of the world's PCs. Office has some 500 million users).
The number of botnets and of computers controlled by them in China has fallen in recent years, though the country remains a top host for the networks of compromised computers, according to the government and independent researchers.
Over 1.2 million computers in China were newly infected with software that enabled their control by a botnet last year, about one-third the figure for the previous year, according to a report published late last month by China's National Computer Network Emergency Response Technical Team (CNCERT). That followed an equally steep fall from 2006, when the team estimated there were 10 million new infections in China.
Tuesday, 14 July 2009
Cyber criminals are aping executives when it comes to sales, marketing and risk management in the world of online treachery, according to a report released by networking giant Cisco.
"A lot of techniques they are using today are not new; it is really about how they may be doing some of the same old things," said Cisco chief security researcher Patrick Peterson.
Criminals have taken to sending blanket text messages to numbers based on area codes of local banks directing people to call into a service center to address supposed concerns about their accounts.
The police are to examine claims that a huge mobile phone hacking operation was launched by the News of the World, targeting thousands of people. The Guardian says the Sunday paper's reporters paid private investigators to hack into phones, many of them owned by politicians and celebrities. It is alleged details were suppressed by the police and the High Court.
Prime Minister Gordon Brown said: "This raises questions that are serious and will obviously have to be answered." Metropolitan Police Commissioner Sir Paul Stephenson has ordered a senior officer to "establish the facts".
Monday, 13 July 2009
South Korean police said they have arrested a hacker for staging cyber attacks similar to those that crippled domestic and US websites this week.
The 39-year-old identified only as Choi is accused of paralysing the homepage of the government Game Rating Board by using a distributed denial-of-service (DDoS) method.
Choi was an agent for software developers seeking approval from the board for new games. Because he failed to finish one job on time, he crashed the site to create an excuse for his tardiness. Choi is accused of buying a hacking programme from an ethnic Korean in China.
Friday, 10 July 2009
Computer security experts were divided Thursday on whether North Korea was behind the ongoing attacks on US and South Korean websites, an assault that highlighted the vulnerabilities of the Web.
The so-called distributed denial of service (DDoS) attack used an army of malware-infected computers known as a "botnet" in a bid to paralyze US and South Korean websites by overwhelming them with traffic.
Around a dozen websites in the United States, including those of the White House, State Department and Pentagon, and another dozen in South Korea were among those targeted in the attack which began on Sunday.
Thursday, 09 July 2009
A denial of service attack that took down some of South Korea's highest profile Web sites on Wednesday is set to resume Thursday evening, according to computer security specialist AhnLab. The attack will restart at 6pm local time (9am GMT) and be directed at a smaller number of sites that those hit a day earlier. They will include government Web sites and the home pages of the Chosun Ilbo newspaper and Kookmin Bank.
A denial of service attack involves sending a massive volume of traffic to a Web site so that it becomes overloaded. While some users will occasionally be able to access the site being attacked most will see nothing until a network time-out message appears.
A botnet comprised of about 50,000 infected computers has been waging a war against U.S. government Web sites and causing headaches for businesses in the U.S. and South Korea.
The attack started Saturday, and security experts have credited it with knocking the U.S. Federal Trade Commission's (FTC's) Web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the U.S. Department of Transportation (DOT).
Wednesday, 08 July 2009
A series of cyber-attacks that targeted and paralyzed government networks and leading portal servers Tuesday and Wednesday are raising concerns that the world's self-proclaimed Internet powerhouse is prone to hacking and other cyber security threats.
The prosecution and police launched an investigation Wednesday to track the origin of hackers who hijacked a dozen local Internet sites, including those run by Cheong Wa Dae, the National Assembly, the Ministry of National Defense and top Web portal Naver, from Tuesday evening to Wednesday morning.
(Source: The Korea Times)
The Korea Times
Wednesday, 01 July 2009
A blind Boston-area teenager was sentenced to more than 11 years in prison Friday for hacking into the telephone network and harassing the Verizon investigator who was building a case against him.
Matthew Weigman, 19, was part of a group of telephone hackers that met up on telephone party lines and was associated with more than 60 "swatting" calls to 911 numbers across the country. Weigman, known as "Little Hacker," became involved in telephone hacking around age 14 and continued to operate until last year.
Friday, 26 June 2009
Britain warned on Thursday of a growing risk to military and business secrets from computer spies and pledged to toughen cyber security to protect the 50 billion pounds ($82 billion) spent a year online in its economy.
Launching Britain's first national cyber security strategy, security minister Alan West said hostile states and criminals were increasingly attacking British interests online and al Qaeda and like-minded groups were seeking the ability to do so.
"We know that various state actors are very interested in cyber warfare," West, a junior minister at the Home Office (Interior Ministry), told reporters. "The terrorist aspect of this is the least (concern), but it is developing."
Wednesday, 24 June 2009
The US military announced a new "cyber command" designed to wage digital warfare and to bolster defenses against mounting threats to its computer networks. The move reflects a shift in military strategy with "cyber dominance" now part of US war doctrine and comes amid growing alarm over the perceived threat posed by digital espionage coming from China, Russia and elsewhere.
President Barack Obama has put a top priority on cyber security and announced plans for a national cyber defense coordinator. A recent White House policy review said that "cybersecurity risks pose some of the most serious economic and national security challenges of the 21st century." Obama has promised privacy rights would be carefully safeguarded even as the government moves to step up efforts to protect sensitive civilian and military networks.
Tuesday, 16 June 2009
A federal grand jury in New Jersey today indicted three people, and five people were arrested in Italy, all in connection with hacking into the IT systems of thousands of companies around the world to gain free access to telephone services, according to the U.S. Attorney's Office in Newark, N.J.
A multinational team of investigators worked jointly to round up the alleged hackers and their financial backers in the scheme to gain access into the systems of many companies -- 2,500 in the U.S. alone -- to steal access codes that the victim companies used to route phone calls through telecom systems, the office said.
The value of all the stolen services was unclear, though the U.S. Attorney's Office said the thieves routed more than $55 million worth of telephone calls over telecommunications networks in the U.S. "This was an extensive and well-organized criminal network that worked across continents," said New Jersey's acting U.S. attorney, Ralph J. Marra Jr., in a statement.
Monday, 15 June 2009
While most viruses target PC users, there has been rise in the number of attacks on Mac systems. Graham Cluley, a security expert with anti-virus firm Sophos, told the BBC that the small number of Mac viruses had made some users complacent.
Security experts have discovered two novel forms of Mac OS X malware. OSX/Tored-A - an updated version of the Mac OS Tored worm - and a Trojan called OSX/Jahlav-C were both found on popular pornographic websites. Users logging on to these sites are asked to download a "missing Video ActiveX Object" but are sent a virus payload instead.
Wednesday, 10 June 2009
The takedown last week of a rogue ISP by the U.S. Federal Trade Commission (FTC) slashed spam volumes by about 15% and reduced the spam spewed by a pair of big-name botnets by as much as to just 64%, a security firm said today.
"Spam dropped 15% across the board," said Bradley Anstis, director of technology strategy at Marshal8e6. "We especially noticed [the drop] over the weekend," he said, adding that the decline picked up steam slowly.
Last Tuesday, a federal court ordered the plug pulled on 3FN, an ISP operated by Belize-based Pricewert, after the FTC complained that the company hosts spam botnet command-and-control servers, as well as sites operated by child pornographers, identity thieves and other criminals.
Tuesday, 09 June 2009
A Hampton, New Hampshire, man has pleaded guilty to fraud charges for his role in a scheme to empty brokerage accounts by installing malicious Trojan horse software on victims' computers.
According to court documents, Alexey Mineev set up several "drop accounts" that were then wired funds stolen from banking and brokerage accounts between July and December 2007. He pleaded guilty to one count of money laundering on Wednesday, according to Mike Ruocco, deputy to Judge Paul Gardephe of the U.S. District Court for the Southern District of New York, who is presiding in the case.
The criminals would infect PCs with malicious Trojan software that would steal account numbers and passwords whenever victims logged into their accounts online.
Wednesday, 03 June 2009
As many as 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense.
Those Web sites have likely been hacked via a SQL injection attack, in which improperly configured Web applications accept malicious data and get hacked, Leonard said.
Friday, 22 May 2009
China has targeted cybercrime in three new sets of regulations issued this month as the activity starts to look like an established industry in the country.
Cybercrime in China has grown such that attackers often divide the labor needed to design malware, distribute it and turn the resulting access to remote PCs into monetary gain, security analysts say.
Over 1.2 million computers in China in 2008 were infected by software that let an attacker control them as part of a botnet, according to the Ministry of Industry and Information Technology (MIIT).
(Source : PCWorld)
Monday, 27 April 2009
At the recent RSA Conference 2009 in San Francisco, United States, McAfee CEO DeWalt called for a global security architecture.
"Security threats are on the rise as the economy declines, and the solution will likely come from collaborative partnerships that span all IT platforms and international boundaries." "DeWalt painted a grim picture of the security landscape. Consumer confidence has gone down while unemployment and has risen, he said. And as the economy has gone into a tailspin, cybercrime has seen a sharp upward spike, with more malware detected in 2008 than in the previous five years combined. Last year, 80 percent of cybercrimes were financially motivated, he added."
"Many organizations are vastly underprotected or fail to regularly update patches and security software, which have opened up copious threat vectors for attackers, DeWalt said. In addition, the explosion of malicious threats in the last year can also be attributed to lack of user education and best security practices, as well as lack of comprehensive security." "One of the solutions, DeWalt proposed, would be to build comprehensive security architecture across numerous IT platforms that would be able to interoperate with companies' existing network infrastructure. That architecture would ultimately allow organizations to create correlating reports for every department and system, while allowing greater overall visibility into their organization's network, DeWalt said." "Cross-platform collaboration provides IT administrators a panoramic view into their network and allows communication across the threat vectors to shore up otherwise unseen security holes." "That same type of collaborative architecture will ultimately be required to extend across international borders and throughout global networks as the threats continue to become more sophisticated and the attacks more prevalent, DeWalt said. "The most depressing part of this is that we do not have a global architecture in place," he said. "We need to work together. Undoubtedly, (attacks) will continue to increase."
Read the full story on ChannelWeb.
Friday, 24 April 2009
A new report of the mobile industry shows that some progress has been made by the 26 mobile operators signed up to the "European Framework for Safer Mobile Use by Younger Teenagers and Children brokered by the Commission in February 2007 (IP/07/139). These operators serve around 580 million customers, 96% of all EU mobile customers. "The new report of the mobile phone industry association shows that mobile operators have started to take seriously their responsibilities to keep children safe when using phones," said EU Telecoms Commissioner Viviane Reding.
50% of 10 year-old, 87% of 13 year-old and 95% of 16 year-old children in the EU have a mobile phone, but half of European parents worry mobile phone use might expose their children to sexually and violently explicit images (51%) or bullying by other children (49%), according to a survey. The European Commission today called on mobile operators to do more to keep children safe while using mobile phones by putting in place all the measures in the voluntary code of conduct, signed by 26 mobile operators in 2007. The report published by the GSM Association, the trade body of the mobile phone industry, showed that national self-regulatory codes based on the framework agreement brokered by the European Commission now exist in 22 Member States, 90% of them in line with the 2007 agreement, and 80% of operators have put in place measures to control child access to adult content.
Read the full EC press release from 20 April 2009 here.
More information on the GSMA report onimplementation of the framework agreement on "Safer Mobile Use by Younger Teenagers and Children" can be found here.
Friday, 17 April 2009
The British Computer Society (BCS)'s website shares information and advice on how to stay safe while shopping online in a set of "Golden Rules" compiled by Global Secure Systems (GSS).
The twelve golden rules to safely shopping online include the below (detailed information available on the BCS website):
- Most malware exploits are known problems with software and operating systems. The hacker, or code writer, is relying upon people being lazy and not keeping systems up to date. For this reason it is very important to keep your anti-virus product up to date with the latest signature files and operating system updates from Microsoft.
- Never go online without ensuring you have your personal firewall enabled.
- Don't ever select the remember my password option when registering online as your passwords are then stored on the PC, often in plain text, and are the first thing that a fraudster will target. Some
- Ensure that your credit cards are registered with your card provider's online security services such as Verified by Visa and MasterCard SecureCode.
- Use only one card for online shopping, maintaining a limit on the card as low as possible or even using a top-up card for your online purchasing.
- Be sure to use a credit card and not a debit card.
- Be sure to check your statements regularly, and if there is any sign of irregular activity, report it straight away.
- Always check for the little padlock at the bottom right hand corner of the browser (when using Internet Explorer) before entering your card details.
- Never shop from sites that you arrive at from clicking links in unsolicited marketing emails (spam).
- It is important to remember that you could be doing everything right, but that the vendor may do something wrong. A vendor may well be storing all your credit card data on a single server.
- Finally, don't rely on previous customer's testimonials - they are part of the organisation's marketing and not necessarily factual. The golden rule of commerce is still the same as it ever was - if the offer looks too good to be true, it probably is!
The full set of "Golden Rules to Safe Internet Shopping" can be found here.
For more information see the British Computer Society (BCS) and Global Secure Systems (GSS) websites.
Friday, 10 April 2009
ITU is pleased to announce the launch of its 2009 Cybersecurity and ICT Applications Essay Competition.
The 2009 ITU Cybersecurity and ICT Applications Essay Competition is open to current students and recent graduates in economics, political science, law, literature, telecommunications, computer science, information systems and related fields between the ages of 20 and 30 years old. The winners of the 2009 Essay Competition will be offered the opportunity of a consultancy contract within the ITU Development Sector's ICT Applications and Cybersecurity Division for three months. The winners will be given a contribution towards the cost of an economy class flight from their place of residence. In addition, they will be paid the sum of CHF 6000 towards living expenses for the duration of the contract.
To enter the competition you need to submit an essay on one of the following essay topics:
- Mobiles for Development: Enabling Low-Cost e-Applications for Rural and Remote Areas (e-Health, e-Government, e-Environment)
- Protecting Children and Youth in the Internet and Mobile Age: Innovative Technical and Social Solutions
- Connecting the World Responsibly: Empowering Women and Girls Through Creative Uses of ICTs
- Personal Information Online (internet/mobiles): Responding to User Safety Concerns
All applications should be submitted online through the competition website.
The deadline for applications is 14 June 2009.
We look forward to reviewing your applications and wish you the best of luck in the competition!
Thursday, 26 February 2009
The Anti]Phishing Working Group (APWG) and IPC has released a new idustry advisory document titled: "What to do if your site has been hacked by phishers". The purpose of the document is to provide website owners with specific actions they can take when they have been notified that their website or webserver has been infiltrated and used for phishing.
The document notes that "Some phishers use compromised computers to host malicious or illegal activities, including identity theft, fraudulent financial activities, as well as collecting personal information and business identities from their victims for future use. Others attack or 'hack' into and gain administrative control over the legitimate web sites of businesses and organizations of all sizes. Such hacked web sites disguise the bad acts the phishers perform. More importantly, web site hackers are fully aware that the web sites they hack and 'own' are reputably legitimate."
"Law enforcement and anti]phishing responders respect and operate under established business, technical, and legal constraints when they seek to remedy or take down hacked web sites. These measures protect legitimate web site operators but unfortunately serve the attacker as well by extending the duration of the attack. The Anti]Phishing Working Group (APWG) offers this document as a reference guide for any web site owner or operator who suspects, discovers, or receives notification that its web site is being used to host a phishing site. The document explains important incident response measures to take in the areas of identification, notification, containment, recovery, restoration, and follow]up when an attack is suspected or confirmed. This document serves a guideline for web site owners."
See the full APWG "What to do if your site has been hacked by phishers" Industry Advisory here.
Wednesday, 11 February 2009
According to a article in the Indian Hindustan Times, "Indian diplomats now cannot open a Facebook account, use external e-mail services, or write blogs, thanks to new rules and much stricter firewalls aimed at preventing cyber attacks and leakage of classified information. Over the past eight months, the Indian Ministry of External Affairs has been overhauling its computer network security, putting up layers of barriers against intrusions into the network, officials associated with cyber security said. There are almost 600 computers at its headquarters at South Block, about half of which are connected to the Internet. Classified work is typically done on stand-alone computers, usually with the external drives removed. "We have set up a unified threat management system for the ministry. This simultaneously uses eight levels of protection like firewalls and spam mail filtering," said a senior official.
"We are also requesting and encouraging more responsible behaviour from our staff when working online," the official told IANS, requesting anonymity. A circular issued last week asked officials not to log on to social networking sites, specifically citing Facebook, Orkut and Ibibo as examples. The other prohibited practices include download of peer-to-peer music using sites like Kazaa and sharing of photos through Flickr and Picasa. The circular also discourages using services like G-mail, Yahoo! or Hotmail for official communication. A similar circular, officials said, had been issued in the Prime Minister's Office in December. But the matter is even more critical for the foreign office as officials posted in Indian missions abroad or on foreign tours tend to use web-based mail rather than the ministry's own mail system. "We have had cases of senior officers using G-mail or other similar accounts abroad for official work, only to find some form of tampering when they return," the official said, adding people have been told to change their web-mail passwords if they had opened the account during foreign tours. The missions have been told to use their official mail ID issued by the National Informatics Centre for communication. But several missions have complained that the mail home page was inaccessible due to port blocks by local Internet service providers. They have been asked to contact their service providers to unblock the site. "We want to secure communications with Indian missions through private networks. This may be implemented in the next few months," said an official working with the technical team in the ministry.
Read the full article here.
Tuesday, 10 February 2009
Press release issued simultaneously by ITU and European Commission.
Geneva, 10 February 2009 ITU and the European Commission have joined forces to mark Safer Internet Day. This year, the focus is on protecting children online.
Children are among the most active and most vulnerable participants online. According to recent surveys, over 60 per cent of children and teenagers talk in chat rooms on a daily basis. Three in four children online are willing to share personal information about themselves and their family in exchange for goods and services. One in five children will be targeted by a predator or paedophile each year. Protecting children in cyberspace is, therefore, clearly our duty.
"Children are very resourceful in making the most of online services such as social networking sites and mobile phones," said Viviane Reding, European Commissioner for Information Society and Media. "But many still underestimate the hidden risks of using these, from cyber-bullying to sexual grooming online. Today, I call upon all decision-makers, from both the public and the private sector, to listen and learn from children and to improve awareness strategies and tools to protect minors." Ms Reding added: "The Internet binds the whole world together. The safety of children who use it is a concern for everyone. I am therefore very happy that ITU is associated with us in doing this, today on Safer Internet Day, and all year round."
"Child online safety must be on the global agenda," said ITU Secretary-General Hamadoun Touré. "We must ensure that everyone is aware of the dangers for children online. And we want to promote and strengthen the many outstanding efforts that are being made around the world, such as the Safer Internet Programme, to limit these dangers." This year, the 6th edition of Safer Internet Day includes more than 500 events in 50 countries worldwide. ITU and the European Commission will collaborate on this and future events, such as World Telecommunication and Information Society Day, 17 May 2009, which is dedicated to "Protecting Children in Cyberspace". The European Commissions Directorate General for Information Society and Media has declared its full support for ITUs Child Online Protection (COP) Initiative. The ECs Ins@fe Network will launch a Safer Internet Day virtual exhibition which will host pavilions where visitors can learn more about initiatives undertaken by the 50 participating countries. ITU will host an online pavilion in support of ECs efforts to raise awareness among youngsters aged 12 to 17 regarding the risks they may face online.
ITU and Child Online Protection (COP)
ITUs motto is "committed to connecting the world", but we are also committed to connecting the world responsibly. That means working together to ensure cybersecurity, enable cyberpeace, and more importantly protect children online. While child online protection programmes exist in many developed countries, there are very few in the developing world today and very little coordination between them. ITU established the Global Cybersecurity Agenda (GCA) and launched the Child Online Protection (COP) initiative. COP aims to bring together partners from all sectors of the global community to ensure a safe and secure online experience for children everywhere.
See the press release here.
Friday, 23 January 2009
NYTimes writes that "A new digital plague has hit the Internet, infecting millions of personal and business computers in what seems to be the first step of a multistage attack. The worlds leading computer security experts do not yet know who programmed the infection, or what the next stage will be. In recent weeks a worm, a malicious software program, has swept through corporate, educational and public computer networks around the world."
"Known as Conficker or Downadup, it is spread by a recently discovered Microsoft Windows vulnerability, by guessing network passwords and by hand-carried consumer gadgets like USB keys. Experts say it is the worst infection since the Slammer worm exploded through the Internet in January 2003, and it may have infected as many as nine million personal computers around the world."
This article was accessed through Dave Farber's list.
See the full article in NYTimes here.
Friday, 01 August 2008
The ITU Regional Cybersecurity Forum for Asia-Pacific, and related Seminar on the Economics of Cybersecurity was held in Brisbane, Australia, 15-18 July 2008.
The regional cybersecurity forum, which was hosted by the Department of Broadband, Communications and the Digital Economy (DBCDE), Government of Australia, aimed to identify the main challenges faced by countries in the region in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity. The forum also considered initiatives on the regional and international level to increase cooperation and coordination amongst the different stakeholders. The forum, one in a series of regional cybersecurity events organized by the ITU Development Sector (ITU-D), was held in response to ITU Plenipotentiary Resolution 130: Strengthening the role of ITU in building confidence and security in the use of information and communication technologies (Antalya, 2006) and the 2006 World Telecommunication Development Conference Doha Action Plan establishing ITU-D Study Group Question 22/1: Securing information and communication networks: Best practices for developing a culture of cybersecurity.
Approximately 90 people from 27 countries participated in the event, from the Asia-Pacific region, the Pacific Islands, as well as from other parts of the world. Full documentation of the forum, including the final agenda and all presentations made, is available on the event website. The meeting report available on the event website summarizes the discussions throughout the three days of the ITU Regional Cybersecurity Forum for Asia-Pacific, provides a high-level overview of the sessions and speaker presentations, and presents some of the common understandings and positions reached at the event.
The day prior to the start of the ITU Regional Cybersecurity Forum for Asia-Pacific, 15 July 2008, was dedicated to an ITU Tariff Group for Asia and Oceania (TAS) Seminar on the Economics of Cybersecurity. Throughout the seminar the participants learned about the pervasive incentives and the new revenue streams that are created from malware and spam, how they enable legitimate business models (e.g., anti-virus and anti-spam products, infrastructure, and bandwidth) as well as fraudulent and criminal ones (e.g., renting out of botnets, bullet proof hosting, commissions on spam-induced sales, pump and dump stock schemes). Distinguished experts in this area explained how malware and spam create mixed and sometimes conflicting incentives for stakeholders, which complicate coherent responses to the problem. An ITU Study on the Financial Aspects of Network Security: Malware and Spam was presented and discussed at the event.
See the event website for more information.
Monday, 19 May 2008
The Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing
Act of 2003 (CAN-SPAM), which aim to clarify the Acts requirements.
The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of sender was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Acts opt-out requirements; (3) a sender of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Acts requirement that a commercial e-mail display a valid physical postal address; and (4) a definition of the term person was added to clarify that CAN-SPAMs obligations are not limited to natural persons.
Continue reading the news release here.
Monday, 28 April 2008
Read the full article here.
Tuesday, 22 April 2008
According to China's Computer Emergency Response Team (CN-CERT)'s 2007 annual report released last week, the greatest threat to the nation's portion of the internet are Trojan horse programs and bot software. Based on CN-CERT's findings, "the number of Chinese Internet addresses with one or more infected systems increased by a factor of 22 in 2007... [and] of 6.23 million bot-infected computers on the Internet, about 3.62 million are in China's address space." The report alse reveals that "domain name registration in the nation had almost tripled in the past year, attacks that tampered with legitimate Web sites grew 1.5 times, and malicious drive-by attacks jumped 2.6 times."
The report is currently only available in Chinese.
Read the full article here.
Tuesday, 25 March 2008
Reuters recently reports on cyber warfare, from the Cold War Soviet oil pipeline explosion to the current information security situation. "The pipeline explosion was probably the first major salvo in what has since become known as cyber warfare. The incident has been cropping up in increasingly urgent discussions in the U.S. on how to cope with attacks on military and civilian computer networks and control systems - and how and when to strike back. Air traffic control, power plants, Wall Street trading systems, banks, traffic lights and emergency responder communications could all
be targets of attacks that could bring the U.S. to its knees."
According to Director of National Intelligence Michael McConnell's testimony to a Senate committee, "[the US] information infrastructure - including the Internet, telecommunications networks, computer systems and embedded processors and controllers in critical industries - increasingly is being targeted... by a growing array of state and non-state adversaries." The Pentagon adds that it detects three million attempts to infiltrate its computer networks every day. On a report of the US Government Accountability Office, an audit of 24 government agencies, including Defense and Homeland Security, had shown that "poor information security is a widespread problem with potentially devastating consequences" pertaining to the inevitable involvement of civilians with private companies owning more than 80 percent of the infrastructure.
"Unlike traditional defense categories (i.e. land, sea and air), the military capabilities required to respond to an attack on U.S.
infrastructure will necessarily involve infrastructure owned and operated by the private sector," according to Jody R. Westby, CEO of Global Cyber Risk and a champion of better public-private coordination to cope with cyber attacks.
The article further discusses the importance of public-private coordination and the power of botnets in this warfare. A scenario of the damage extent and how the cyber warfare may unfold was also drawn from an interview with Westby.
Read the full article here.
Friday, 14 March 2008
Thorsten Holz writes about Measuring and Detecting Fast-Flux Service Networks on the Honeyblog, a weblog that deals with IT-security related stuff, honeypots/honeynets, malware and bots/botnets. Findings on a lab project focusing on fast-flux service networks (FFSNs), a mechanism used by attackers to build an overlay network on top of compromised machines, were published in a paper at NDSS'08.
The paper presents the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widely-known phenomenon in the Internet. "Through [their] measurements [they] show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, [they] developed a metric with which FFSNs can be effectively detected. " Possible mitigation strategies are also discussed in the document.
Read the full paper here.
More about the paper on Honeyblog.
Thursday, 13 March 2008
On 11 March 2008, the Initiative for the Regional Integration of South American Infrastructure (IIRSA) and the Inter-American Communications Commission (CITEL) jointly organized at the Inter-American Development Bank (IDB) headquarters a workshop on International Roaming Services for Mobile Telecommunications, the first component of an IDB Technical Cooperation to support the project known as Implementation of a Roaming Agreement in South America, included in IIRSAs Implementation Agenda Based on Consensus. Following this event was the XII meeting of the Permanent Consultative Committee on Telecommunications I (PCC.I) of CITEL, held at the IDBs headquarters, in Washington D.C., from 12 through 14 March 2008, during which telecommunication-related topics deemed important for the region were discussed, such as the coordination of standards for telecommunication networks and services, convergence, analysis of cybersecurity issues and critical infrastructure and the use of telecommunications in emergencies, among others.
A presentation on the Overview of ITU-D Activities Related to Cybersecurity and Critical Information Infrastructure Protection was given by Robert Shaw, head of the ICT Applications and Cybersecurity division, during the CITEL meeting, providing background information on ITU, cybersecurity, related ITU key activities underway, and an outline of the Framework for Organizing a National Approach to Cybersecurity. Specific cybersecurity-related activities and initiatives as well as a case study on botnets were also presented.
Another presentation on Management Framework for Organizing National Cybersecurity/CIIP Efforts was given by Joe Richardson, further discussing the ITU Framework for Organizing National Cybersecurity/CIIP Efforts and the ITU National Cybersecurity/CIIP Self-Assessment Toolkit.
For more information on CYB's activities involving cybersecurity, visit the division website.
Wednesday, 27 February 2008
Websense Security Labs has discovered that Googles popular web mail service Gmail is being targeted in recent spammer tactics. Spammers in these attacks managed to create bots that are capable of signing up and creating random Gmail accounts for spamming purposes. Websense believes that from the spammers perspective, there are four main advantages to this approach. First, signing up for an account with Google allows access to its wide
portfolio of services. Second, Googles domains are unlikely to be blacklisted. Third, they are free to sign up. And fourth, it may be hard to keep track of them as millions of users worldwide are using various Google services on a regular basis. According to Websense, these accounts could be used by spammers at any time for abusing Googles infrastructure. A wide range of attacks could be possible as the same account credentials can be used to target various services offered by Google.
A detailed analysis report is provided showing the entire process of the CAPTCHA breaking hosts. Read more about the analysis report here.
Thursday, 21 February 2008
According to reports, DDoS (Distributed Denial of Service) assaults on online gambling sites, particularly on major online poker websites, have surfaced this week. The online poker information portal Poker-king.com advised that many online poker and casino properties have suffered outages, naming Full Tilt Poker as probably the most visible with an inaccessible website for as long as 48 hours, probably incurring serious losses in business. As of 5 am EST Tuesday, the website is redirecting to www2.fulltiltpoker.com as a consequence of the attacks. According to the ShadowServer.org organisation, the attacks on Internet gambling sites commenced on 10 February 2008 and continued through to 18 February 2008. Among the targets were Full Tilt Poker, Party Casino, Titan Poker, Virgin Games, CD Poker, Europa Casino, and a number of Russian online gambling including Pokerlistings.ru. The extent of the outages for each site varied depending on the ferocity of the attacks and if they had any anti-DDoS attack measures in place. Full Tilt Poker is clearly still having issues while a number of the Russian web properties are still down. There have been reports that Full Tilt's poker room has crashed numerous times over the past few days, including an embarrassing outage during the final table of the FTOPS main event. The motive behind the attacks is still unknown.
Read the full report here.
Tuesday, 12 February 2008
According to the Washington Post, new research from Damballa suggests that the Storm worm has its roots in "Bobax worm," a computer worm that first surfaced as early as 2004. Bobax spread by exploiting various vulnerabilities in the Microsoft Windows operating system, and turned infected machines into spam-spewing zombies. Damballa researcher Chris Davis asserts that the Storm worm actually first surfaced in late 2006 as seen on this SANS Internet Storm Center alert on 29 December 2006. On 19 January, F-Secure reported receiving a flood of spam advertising new versions of Storm. Researchers soon discovered that all infected systems were controlled using the eDonkey peer-to-peer file (P2P) communications protocol, the same technology
and networks used by millions of people to share movies and music online. Paul Royal, Damballa's principal researcher said "they basically took Bobax and made all of them become Storm victims, and then started the propagation of Storm through that method. So Storm used a big botnet to bootstrap
itself, and it was the vehicle by which Storm became very popular very quickly." Damballa
estimates that roughly 17,000 systems remain infected with Bobax.
Read the full article on the Washington Post.
Thursday, 07 February 2008
With the rise of initiatives such as the One Laptop Per Child (OLPC) and Classmate, security experts warn that this development could mean an explosion in botnets in the developing world. However, Ivan Krstic, OLPC's director of security hardware, points to the choice of Linux as the operating system for the computers emphasizing that for an attack with an overall control, it would have to be written to the system kernel, and those vulnerabilities are patched very quickly making it difficult to get them to run bots. There is an option to run Windows XP on the machine though making all connotations of Windows security apply.
"The bigger problem in the long term may be the developing world's choice of operating system. 'Most of the machines we are shipping have Windows on them. That's the operating system most countries want,' says Intel. It adds that teachers will receive training from Intel to monitor the network and will be able to see if changes have been made to the machines: 'Some schools using the computers will have a teacher who is
responsible for security on their networks, others will have an IT person.' As a last resort the Classmate, like the OLPC XO, can be wiped clean and restored to its factory settings. But while Windows has its problems, Linux may not offer much better protection, says Guillaume Lovet, a botnet expert for Fortinet. 'The first botnets were Stacheldraht, Trinoo and TFN, and were built in Linux,' says Lovet. He also dismisses claims that the low bandwidth and internet use in parts of the developing world - the World Economic Forum's 2007 Africa Competitiveness Report estimated that African internet use was just 3.4% of the world total - would act as a brake on the development of botnets. 'It doesn't take any bandwidth to control or make a botnet,' Lovet says. 'Aggregated bandwidth is what is important, and that would still be massive. You could still build a huge cyber-weapon with only a thousand of these machines.'"
Intel and OLPC point out that the laptops will often only have intermittent connectivity which could lower the risk of getting infected. This could lower the chances of getting security upgrades as well though. Rolf Roessing, a security expert for KPMG, notes "if we are to bring IT to Africa then it will not work unless we bring security with it. Computer security in the west grew because of a loss of innocence and there are still weaknesses in the developed world because of a lack of awareness. If you bring IT to developing countries then you have to develop awareness, too."
Read the full article on The Guardian.
Monday, 28 January 2008
Net-Security.org recently interviewed Nitesh Dhanjani and Billy Rios, well-known security researchers that have recently managed to infiltrate the phishing underground. The interview gives readers a rundown on how Dhanjani and Rios saw an extraordinary amount of sensitive customer account information, obtained the latest phishing kits, located and examined the tools used by phishers, trolled sites buying and selling identities, and even social engineered a few scammers. They also expose on this interview the tactics and tools that phishers use, illustrate what happens when your confidential information gets stolen, discuss how phishers communicate and how they phish each other.
Read the full interview here.
According to Security experts at Sophos, 6,000 new infected webpages are discovered every day, 83 per cent of which belonging to innocent
companies and individuals that are unaware of their sites being compromised. Sophos further reports that the well-known iFrame vulnerability in Internet Explorer remained the preferred vector for malware attacks throughout last year with China (51.4 per cent) and the US (23.4 per cent) leading in the net security firm's list of malware-hosting countries. According to PandaLabs, "around half a million computers are infected by bots every day... [and] approximately 11 percent of computers worldwide have become a part of criminal botnets, which are responsible for 85
percent of all spam sent."
Read the full article on The Register.
Read relevant article on Slashdot.
Tuesday, 22 January 2008
The past week marks the one-year anniversary of the emergence of the spam-enabling Storm worm, a tenacious strain of malicious software that probably speaks more about the future of online crime than almost any other malware family
circulating online today. A chronological account from security firm Trend Micro visually sums up Storm's evolution. Dmitri Alperovitch, director of Secure Computing, said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside.
Alperovitch believes the majority of Storm worm victims are Microsoft Windows users who for whatever reason have ignored the best advice of security professionals by not running anti-virus software and/or regularly applying software security updates. Indeed, the infection statistics seem to support that analysis. According to Vincent Gullotto, head of Microsoft's security research and response team, Microsoft's "malicious software removal tool" -- shipped as part of its monthly patch updates -- has removed an average of 200,000 versions of the Storm worm from Windows systems each month since November, when the software giant first started shipping removal routines for Storm.
According to Trend, nearly 12,000 pieces of Storm-connected malware were unleashed online over the past year (this includes the Trojan that
drops the payload, the Storm worm itself, as well as regular -- sometimes hourly -- updates pushed out to infected machines to stay a step ahead of any anti-virus software installed on the host system.) As big as Storm got this past year, Symantec's numbers help put things in a bit more perspective. Storm-related malware made up slightly more than one-quarter of one percent of all potential malicious code infections in 2007, Symantec said.
Read the full article on the Washington Post.
Romanian artist Alex Dragulescu, a research assistant at the Massachusetts Institute of Technology's Sociable Media Group, puts a face to threats such as Storm and Netsky. "Dragulescu created his so-called 'threat art' in conjunction with live malware intercepted by e-mail security firm MessageLabs. Each is disassembled into a dump of binary code and then run through a program Dragulescu wrote. That program spends a few hours crunching through all the data, looking for patterns in the code that will determine the shape, color and complexity of each piece of threat art."
According to the Washington Post's article, the configuration of these created organisms is driven largely by the botnets' actions. Dragulescu explains that if there is a repeated attempt to write to a system memory address, a particular Windows API call that tries to write to a file or [blast out e-mail], for instance, the program tracks that and looks for the prevalence, number and behavior of those occurrences.
Dragulescu's other threat art include his "spam architecture," or his "spam plants," the latter of which take its form from rules that look at the ASCII values (computer code that represent the English alphabet) of each spam sample.
For more of Dragulescu's images, check out his Web site and the MessageLabs threat art page.
Read the full article on the Washington Post.
Tuesday, 15 January 2008
The Storm Worm botnet, using its huge collection of infected computers, is now sending out phishing emails directing people to fake banking sites that it also hosts on the computers it remotely controls, according to F-Secure and Trend Micro. Apparently, Storm has never been involved in phishing up to this point, however, the new campaign may indicate, according to F-Secure, that Storm's controllers have figured out how to divide the massive army into clusters which it is now renting out to others. F-Secure and Trend Micro both reported that the phishing scam was using a technique known as fast-flux DNS to keep the phishing site alive. Fast-flux works by constantly changing the IP address in the internet's phone book system (known as DNS) and having multiple computers in the botnet host the phishing site. This makes it very difficult to blacklist a IP address and since the site isn't being hosted by a company that researchers could contact to take down the site, the site lives longer.
According to Paul Ferguson, an advanced threat researcher for security giant Trend Micro, the spam emails were sent from a different segment of the botnet than the phishing sites were hosted. The site used for phishing was just registered on Monday. Anti-phishing filters, such as the ones bundled into Opera, Firefox and IE7, have gotten pretty good at quickly adding sites to their blocked list, however, "the issue becomes how do you work to take it down and find the perpetrators," said Ferguson.
Read Ferguson's article on this incident on Trend Micro's Malware Blog.
Read the full article on Wired Blog Network.
Pushdo trojan, a fairly new and prolific threat being circulated in fake "E-card" emails, is classified as a more sophisticated "downloader" trojan due to its control server. According to the analysis of Secureworks, when executed, Pushdo reports back to one of several control server IP addresses embedded in its code. The server listens on TCP port 80, and
pretends to be an Apache webserver. Any request that doesn't have the correct URL format will be answered with the following content:
The Bender Bending Rodriguez text is simply misdirection to mask the true nature of the server - if the HTTP request contains the following parameters, one or more executables will be delivered via HTTP:
The Pushdo controller is preloaded with multiple executable files - the one we looked at contained 421 different malware samples ready to be delivered. The Pushdo controller also uses the GeoIP geolocation database in conjunction with whitelists and blacklists of country codes. This
enables the Pushdo author to limit distribution of any one of the malware loads from infecting users located in a particular country, or provides the ability to target a specfic country or countries with a specific payload.
Pushdo's detection of the physical hard drive serial number as a identifier not only provides a unique ID for the infected system,
but can also reveal information such as whether the code is running in a virtual machine or not. This could be a way for the malware author to spy on anti-virus companies using automated tools to monitor the malware download points.
Another anti-anti-malware function of Pushdo is that it looks at the names of all running processes and compare them to a list of anti-virus and personal firewall process names. Instead of killing off these processes, however, Pushdo merely reports back to the controller which ones are running, by appending "proc=" and a list of the matching process names to the HTTP request parameters. This enables the authors to determine which anti-virus engines or firewalls are preventing the malware from running or phoning home, by their absence from the statistics. This way the Pushdo author doesn't have to maintain a test environment for each AV/firewall product.
Recently, an e-card email containing a newer variant of Pushdo was received. Apparently taking notice that the Bleeding Snort project had published a signature (sid 2006377) to detect the Pushdo request variables in transit, the author has now changed the request to be less fingerprintable. An example of the new
request format is:
GET /40e800142020202057202d4443574d414c393635393438366c0000003c66000000007600000002 HTTP/1.0
Apparently, the author of Pushdo is intent on evading detection for as long as possible, in order to have the maximum amount of time to seed Cutwail spambots into the wild. Although it is unclear just how large the Cutwail botnet has become, the ambition of the project rivals that of other more well-known spam botnets, such as Storm.
Read the complete analysis on Pushdo here.
Read the blog entry detailing the trouble Sophos are having with the Pushdo trojan.
A new-generation worm-botnet known as Nugache, according to Dave Dittrich, might be the most advanced worm/botnet yet. It has no C&C server to target, has bots capable of sending encrypted packets and has the possibility of any peer on the network suddenly becoming the de facto leader of the botnet. However, despite numerous worms, viruses, bots and Trojans over the years having one or two of the features that Storm, Nugache, Rbot and other such programs possess, none has approached the breadth and depth of their feature sets. Rbot, with more than 100 features that users can choose from when compiling the bot, enables two different bots compiled from an identical source have nearly identical feature sets, yet look completely different to an antivirus engine.
A disturbing concern, experts say, is that there are several malware groups out there right now that are writing custom Trojans, rootkits and attack toolkits to the specifications of their customers, who are in turn using the malware not to build worldwide botnets like Storm, but to attack small slices of a certain industry, such as financial services or health care. A popular example of this is Rizo, a variant of Rbot. Like Nugache and Storm, Rizo has been modified a number of times to meet the requirements of various different attack scenarios. "Within the course of a few weeks, different versions of Rizo were used to attack customers of several different banks in South America. Once installed on a user's PC, it monitors Internet activity and gathers login credentials for online banking sites, which it then sends back to the attacker. It's standard behavior
for these kinds of Trojans, but the amount of specificity and customization involved in the code and the ways in which the author changed it over time are what have researchers worried."
To read the full article on Nugache, click here.
More security related news at Schneier on Security.
Thursday, 20 December 2007
The article, Beware, botnets have your PC in their sights, by New Scientist republished by TMCnet, provides a brief discussion of the cybersecurity situation in developing countries and how the current conditions may later evolve into an enormous cybersecurity problem in the coming years. Although hackers and cybercriminals tend to attack computers in developed countries at the moment due to more stable and consistent Internet connectivity, it is foreseen that developing countries may be next in line with the increasing technological developments and initiatives such as the One Laptop Per Child (OLPC) programme and Intel's low-cost Classmate computer. "If thousands of Classmates are distributed without adequate security,
or if a previously unknown flaw in BitFrost, OLPC's security system, emerges, the new generation
of cheap PCs will lead to problems... The ITU is assuming that attacks of this kind are a foregone conclusion
and is organising a global effort to help developing countries fortify
themselves against them." ITU, with its Botnet Mitigation Toolkit and Cybersecurity efforts, aims to increase international cooperation among states and provide the training and expertise needed to build CERTs in developing countries.
Read the full article here.
More information on ITU Cybersecurity related activities here.
Wednesday, 19 December 2007
The OPTA Commission has imposed a fine of 1 million Euros on three Dutch enterprises, operating under the company name DollarRevenue, and their two directors, due to their unlawful installion of software on more than 22 million computers belonging to Internet users in the Netherlands and elsewhere. They primarily used misleading files, making Internet users believe that they were about to download apparently innocent files, whereas they actually contained DollarRevenue software. "They also used botnets, thereby installing files without user intervention. Each day 60,000 installations occurred on average. A total of more than 450 million program files were illegally placed on 22 million computers." With the enterprises and their directors having deliberately contravened provisions of the Universal Service and End Users Decree [Besluit universele dienstverlening en eindgebruikers], based on the Telecommunications Act [Telecommunicatiewet] and designed to promote safe Internet usage and to protect the privacy of Internet users, fines totalling 1 million Euros were imposed.
Read the full article on the OPTA website.
Wednesday, 28 November 2007
ENISA recently launched its latest Position Paper, "Botnets - The Silent Threat", a 12-page paper identifying roles and structures of criminal
organizations for creating and controlling botnets, and trends in this type of cyber crime as well as online tools to identify and counter malicious code. ENISA points out that browser exploits account for more than 60% of all infections, email attachments for 13%, operating system exploits for 11%, and downloaded Internet files for 9%. It also emphasizes that the main problem is uninformed users. ENISA, thus, calls for "a more coordinated, cross country cooperation among multi-national law enforcement agencies, Internet Service Providers (ISPs) and software vendors" to combat botnets, and further adds that education of the everyday user is a key measure.
For further information, read ENISA's press release or access the full ENISA Position Paper.
Friday, 23 November 2007
Monday, 19 November 2007
Wednesday, 14 November 2007
Tuesday, 13 November 2007
John Kenneth Schiefer, a 26-year-old computer security consultant from Los Angeles has admitted to hacking into computers entrusted to him to create a botnet of as many as 250,000 PCs, which he used to steal money from and identities of unsuspecting consumers and corporations. "Schiefer agreed to plead guilty to four felony charges in connection with the case and faces up to 60 years in prison and a $1.75-million fine, according to court documents filed Friday in federal court in Los Angeles." According to Assistant U.S. Atty. Mark Krause in Los Angeles, Schiefer is the first person to be accused under federal wiretapping law of operating a botnet.
Schiefer stole user names and passwords for EBay Inc.'s PayPal online payment service to make unauthorized purchases and passed the stolen account information on to others. According to the plea agreement, a conspirator named "Adam" who is allegedly a minor was involved in Scheifer's scam. Scheifer and his accomplices were reported to have used illicit software which they planted on people's PCs to spirit account information from a storage area in Windows-based computers. A Dutch Internet advertising company also hired his services to install its programs on people's computers when they consented, but he installed it on more than 150,000 PCs without permission, earning more than $19,000 in commissions.
The federal investigation began in 2005, and the indictment includes "four counts of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud." Schiefer's initial appearance in Los Angeles will on Nov. 28 and his arraignment on Dec. 3. There is a similar case in May 2006 involving a Downey man, Jeanson James Ancheta who was sentenced to almost five years in federal prison after pleading guilty to four felony charges for using botnets to spread spyware and send spam.
To read the full article, visit the Los Angeles Times.
Related article also availabe here.
Tuesday, 06 November 2007
Roger A. Grimes of InfoWorld interviewed Paul Laudanski, founder and leader of CastleCops which is a volunteer organization dedicated to fighting malware, spam, and phishing. Paul talked about the effects of DDoS and provided pointers on how to mitigate and ride the attack. He said that the primary thing to be decided in cases of attacks is whether the company wants to stay in business during the attack or not. If so, all the attack traffic need to be absorbed along with the legitimate traffic, meaning the broadband connection, routers, firewall, Web servers, and back-end databases have to be able to deal with the attack. He also suggested knowing ahead of time how the company's ISP handle DDoS events. They further discussed how to possibly pursue criminal charges after the attacks. "To be honest, being able to locate and prosecute the DDoS attacker is a long shot. The lack of cohesive communications between all the parties that need to be involved in an investigation, the legal implications of the global nature of the assault, and the growing sophistication of bot nets all fight against a successful prosecution. But as Paul and CastleCops can tell you, it can be done."
Read the full article on InfoWorld.
Monday, 29 October 2007
World War 2.0, a news video on Wired Science, presents the realities of internet warfare and how a botnet attack against Estonia might have been a manifestation of this new war technique. Botnets are so powerful, and hackers are very skilled and experienced that they can "destroy servers of a whole state." Josh Davis traced back when the attack against Estonia started and how security officials in Estonia fought back. Bill Woodcock, founder of Packet Clearing House, provides a brief explanation on how a botnet operates and how the attack against Estonia happened. Jaak Aaviksoo, Estonian Defense Minister, Ago Väärsi, technical manager at Postimees.ee, and Hillar Aareland, head of the Estonian CERT, were also interviewed as well as Russian internet security expert Emin Azizov and IT director of the United Civilian Front Eugeni Grigorian. Learn more about the attack by watching the video report here.
Monday, 22 October 2007
Brandon Enright, a network security analyst at University of California, San Diego, recently presented his findings at the Toorcon hacker conference in San Diego indicating the steady shrinking of the Storm Worm Botnet. According to Enright, it is now about 10 percent of its former size. Enright has been tracking Storm since July. "He has developed software that crawls through the Storm network and he thinks that he has a pretty accurate estimate of how big Storm really is. Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer." Enright asserts that the numbers are far less terrifying though saying that in July, Storm appeared to have infected about 1.5 million PCs with 200,000 of which being accessible at any given time. He said that "a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."
According to Enright, the Storm Worm botnet started to dwindle in July when antivirus vendors began stepping up their tracking of Storm variants and got a lot better at identifying and cleaning up infected computers. With Microsoft's added Storm detection (Microsoft's name for Storm's components is Win32/Nuwar) into its Malicious Software Removal tool available with every Windows system, which was released on September 11, Storm infections dropped by another 20 percent overnight. Enright's most recent data counts 20,000 infected PCs available at any one time, out of a total network of about 160,000 computers.
To read the full article, click here.
An article on CIO, Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy, provides a detailed account of Don Jackson's discovery of Gozi, 76service.com and the new online crime economy. It also illustrates the evolution of online crime from trojans to sophisticated networks selling bot services. Don Jackson is a security researcher for SecureWorks, one of dozens of boutique security firms that have emerged to deal with the Internet security. From an executable file, Gozi, that Jackson discovered on a friend's computer, he was led to this professionally-run business-like network, later identified as the 76service.com, where he uncovered a "3.3 GB file containing more than 10,000 online credentials taken from 5,200 machinesa stash he estimated could fetch $2 million on the black market." It was also mentioned that "Lance James company Secure Science discovers 3 million compromised login credentialsfor banks, for online email accounts, anything requiring a username and password on the Internetand intercepts 250,000 stolen credit cards. On an average week, Secure Science monitors 30-40GB of freshly stolen data, 'and thats just our company,' says James."
Read the full account of Don Jackson on the CIO website.
Thursday, 18 October 2007
A paper on wealth of Internet miscreants, "An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants," is available online on the ICSI Center for Internet Research website. The paper discusses "an active underground economy which specializes in the commoditization of activities such as credit card fraud, identity theft, spamming, phishing, online credential theft, and the sale of compromised hosts. Using a seven month trace of logs collected from an active underground market operating on public Internet chat networks, [the researchers] measure how the shift from hacking for fun to hacking for profit has given birth to a societal substrate mature enough to steal wealth into the millions of dollars in less than one year."
To access the paper, click here.
Monday, 15 October 2007
The Washington Post recently reported on the Russian Business Network, an Internet business based in St. Petersburg which has become a world hub for Web sites devoted to child pornography, spamming and identity theft. Cybercrime groups including those responsible for about half of last year's incidents of phishing are said to be operating from the company's computer network system.
"The company 'is literally a shelter for all illegal activities, be it child pornography, online scams, piracy or other illicit operations,' Symantec analysts wrote in a report. 'It is alleged that this organized cyber crime syndicate has strong links with the Russian criminal underground as well as the government, probably accomplished by bribing officials...' But Alexander Gostev, an analyst with Kaspersky Lab, a Russian antivirus and computer security firm, said the Russian Business Network has structured itself in ways that make prosecution difficult. 'They make money on the services they provide,' he said -- the illegal activities are all carried out by groups that buy hosting services... In addition, Gostev said, criminals using the Russian Business Network tend to target non-Russian companies and consumers rather than Russians, who might contact local authorities. 'In order to start an investigation, there should be a complaint from a victim. If your computer was infected, you should go to the police and write a complaint and then they can launch an investigation,' Gostev said. Now, he added, his company and the police both have information, but no victim has filed a complaint."
Read the full article here.
Friday, 12 October 2007
A MAAWG document was recently released entitled "MAAWG Best Practices for the Use of a Walled Garden." This white paper discusses the criteria for exit and entry, remediation and subscriber education regarding walled garden. The primary goal of these practices is to help end-users become aware of and remove unwanted programs or malware residing on their personal computers and to stop the network from being used for abusive purposes. To access the white paper, click here. More information on MAAWG activities here.
Friday, 05 October 2007
Thursday, 04 October 2007
According to an article by Sharon Gaudin on InformationWeek, cybercriminals are splitting up their giant botnets, which have been diligently built up in the recent months, into smaller pieces to make them more agile, more easily hidden from detection, and easier to manage.
Iftach Amit, director of security research at security company Finjan tells InformationWeek that "smaller botnets get the job done, but smaller botnets generate a lot less traffic. That makes them harder to detect because they make much less noise. They fly under the radar when you're looking for anomalies in behavior." He adds that many botnets are operated from a single command center. If security researchers or law enforcement find that command center, the botnet is effectively shut down. However, if the hacker splits the botnet up into several smaller botners, each with its own command center, if one goes down, the others remain operational.
No apparent news yet link the Storm worm botnet to this trend. It was noted, however, that the Storm worm botnet is not controlled by one command center, which has made it difficult for researchers to shut it down.
Read the full article here.
Monday, 01 October 2007
The Anti-Malware Engineering Team, the team that builds the core antivirus, antispyware, anti-rootkit, and related technology used across a number of Microsoft products and technologies, posted on their blog recent "Storm" worm statistics based on the latest release of the Malicious Software Removal Tool (MSRT) developed and updated by Microsofts Malware Protection Center (MMPC). According to the Anti-Malware Engineering Team, as of 2PM on Tuesday, PDT, 18 September 2007, "the Renos family of malware has been removed from 668,362 distinct machines. The Zlob family has been removed from 664,258 machines. And the Nuwar family has been removed from 274,372 machines. In total, malware has been removed by this months MSRT from 2,574,586 machines." It has also been reported that another anti-malware researcher who has been tracking these recent attacks presented data that shows that the team knocked out approximately one-fifth of "Storm's" Denial of Service (DoS) capability on 11 September. No continued decrease was evident though since the first day which was presumably due to a newer version of the software that the criminals
behind the deployment of the "Storm" botnet has apparently immediately released.
Read the full article here.
Monday, 24 September 2007
Tuesday, 18 September 2007
Wednesday, 12 September 2007
An article on The Economist discusses RBN (Russian Business Company), the threats it poses to global cybersecurity, and the lack of cooperation from the Russian government. VeriSign classifies RBN as "the baddest of the bad". The anonymity of the group and its senior figures who are only known through their nicknames, and the apparent backing of politicians have led to the continuing success of its operations. "'RBN is a for-hire service catering to large-scale criminal operations,' says the report. It hosts
cybercriminals, ranging from spammers to phishers, bot-herders and all manner of other fraudsters and wrongdoers from the venal to the vicious. Just one big scam, called Rock Phish (where gullible internet users were tricked into entering personal financial information such as bank account details) made $150m last year, VeriSign estimates." Another difficulty RBN poses is its ability to fight back. This had been evident in the Rock Phish attack to the National Bank of Australia in October 2006. After taking active measures against the attack, RBN fought back by taking down the banks home-page for three days.
Despite VeriSign having tracked down the physical location of RBNs servers and the Western law enforcement officers' pressure on their Russian counterparts to pursue the investigation vigorously, RBN remains confident and active. According to VeriSign, "only strong political pressure on Russia will make the criminal justice system there deal with this glaring example of cyber-illegality."
To read the full article, go to The Economist.
Tuesday, 11 September 2007
Spamnation reports that the popular scambaiting site 419Eater and the anti-scam site Scamwarners are the latest anti-spam sites to fall victim to a distributed denial of service (DDoS) attack. Artists against 419 was also hit recently as well as another useful anti-scam site, CastleCops, along with other sites hosting antispam forums.
Spamnation asserts that the Zhelatin (Storm Worm) gang is responsible for a number of other DDoS attacks this year, including an attack against anti-spam sites and download sites operated by a rival spam gang. Zhelatin are known to have spare capacity at the moment. There have been reports that they have built up a botnet containing more than a million computers, not all of which are currently being used for stock and pill spam.
For spam gangs like Zhelatin, a DDoS attack appears to be another opportunity to exploit. When the Zhelatin botnet gets to break in a site, it's more likely that the attack has been commissioned by one of their customers. In the same way that a customer can order a stock spam run, they can request a DDoS attack (although it has been claimed that DDoS attacks cost more than regular spam runs, because there is a greater risk that ISPs or law enforcement will react aggressively to shut down the machines involved).
Read full article here.
Monday, 10 September 2007
Peter Gutmann of the Department of Computer Science, University of Auckland presents how "malware has come a long way since it consisted mostly of small-scale (if prolific) nuisances perpetrated by script kiddies. Today, it's increasingly being created by professional programmers and managed by international criminal organisations. The Commercial Malware Industry looks at the methods and technology employed by the professional malware idustry, which is turning out "product" that matches (and in some cases even exceeds) the sophistication of standard commercial software, but with far more sinister applications."
The presentation discusses extensively how the malware industry has evolved from The Numbers Racket to organized crimes and even further now into the Spam, Carding, Phishing and Botnet businesses, among others. Provided in the presentation as well are case studies and examples, statistics, and technical mechanisms of these growing internet crimes as services.
Read more on Peter Gutmann's work here.
Friday, 17 August 2007
Researchers are warning universities that they're at risk of being hit with massive distributed denial-of-service attacks when they scan their own networks. According to Doug Pearson, technical director of Ren-Isac, the Storm botnet, a massive botnet that the hackers have been amassing over the last several months, has developed a counter-attack to computers that are trying to weed it out. The botnet is set up to launch a distributed denial-of-service (DDoS) attack against any computer that is scanning a network for vulnerabilities or malware.
Ren-Isac, which is supported largely through Indiana University, recently issued a warning to about 200 member educational institutions and then put out a much broader alert, warning colleges and universities that their networks could come under heavy attack. According to the alert, this new Storm botnet tactic presents more danger to schools than it is to corporate enterprises simply because of the placement of the scanners. Pearson explains that universities and colleges often have their scanners on a public network making it visible to the Internet at large. If it was protected on a private network, the way it's done with most enterprises, the botnet would not be able to find it so there wouldn't be an IP route to send the DDoS packets.
Don Jackson of SecureWorks said in an interview that slowly but surely IT managers and consumers are getting better at blocking or at least ignoring the e-mail attacks, so the Storm worm authors are setting up a secondary attack venue.
Read the full article at InformationWeek.
Wednesday, 15 August 2007
On an article by InformationWeek, researchers are blaming the virulent Storm worm for a widespread denial-of-service attack that hit Canadian Web sites over the weekend, saying the attack could have been a test of the might of a botnet more than 1.7 million zombies strong.
Johannes Ullrich of the SANS Institute and the Internet Storm Center, said in an interview that "the DoS part was basically an unintentional side effect. It was a whole lot of spam -- enough to make the servers slow down. Once [that much spam] is set loose, it's hard to tell what's going to happen."
The Storm worm has been bombarding the Internet with massive amount of spam e-mails in the form of phony electronic greeting cards for the past several months. This emails lure unsuspecting users to malicious Web sites where their machines are infected with malware that turns them into bots, which adds them up to the massive botnet that the Storm worm authors have been putting together. However, the latest attack used e-mails with limited amount of text instead of the e-card ruse though, which confirms the attack was a test-run, according to Ullrich.
In the first half of this year, it has been reported that the Storm authors had a botnet about 2,815 strong according to the researchers at SecureWorks. That number had skyrocketed to 1.7 million by the end of July. Researchers at both SecureWorks and Postini said they think the Storm worm authors are cultivating such an enormous botnet to do more than send out increasing amounts of spam. All of the bots are set up to launch DoS attacks and that's exactly what they're anticipating.
Read the full article here.
Friday, 03 August 2007
SRI and Georgia Tech have been working on a new tool, BotHunter, that aims to quickly locate bot traffic inside a network. "BotHunter introduces a new kind of passive network perimeter monitoring scheme, designed to recognize the intrusion and coordination dialog that occurs during a successful malware infection. It employs a novel dialog-based correlation engine, which recognizes the communication patterns of malware-infected computers within the network perimeter. A government/military version of this software has been in use successfully for about a month, and a public version has recently been released. A highly interactive honeynet using BotHunter is also run by SRI. Dozens of new infections are detected each day, and the site proves to be very helpful in understanding the behavior of the received malware. It generates a list of potentially evil IP addresses and DNS queries as well."
For more information on this new software, visit the BotHunter site.
Thursday, 30 November 2006
Tuesday, 17 October 2006
Slashdot has an article that says "Researchers are finding it practically futile to keep up with evolving botnet attacks. 'We've known about [the threat from] botnets for a few years, but we're only now figuring out how they really work, and I'm afraid we might be two to three years behind in terms of response mechanisms,' said Marcus Sachs, a deputy director in the Computer Science Laboratory of SRI International, in Arlington, Va. There is a general feeling of hopelessness as botnet hunters discover that, after years of mitigating command and controls, the effort has largely gone to waste. 'We've managed to hold back the tide, but, for the most part, it's been useless,' said Gadi Evron, a security evangelist at Beyond Security, in Netanya, Israel, and a leader in the botnet-hunting community. 'When we disable a command-and-control server, the botnet is immediately re-created on another host. We're not hurting them anymore.' There is an interesting image gallery of a botnet in action as discovered by security researcher Sunbelt Software."
Tuesday, 10 October 2006
A recent BBC article shows how vulnerable XP Home really is. "Using a computer acting as a so-called 'honeypot' the BBC has been regularly logging how many potential net-borne attacks hit the average Windows PC every day. With a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet."
The majority of the incidents were merely nuisances. "Many were announcements for fake security products that use vulnerabilities in Windows Messenger to make their messages pop-up. Others were made to look like security warnings to trick people into downloading the bogus file." "However, at least once an hour, on average, the BBC honeypot was hit by an attack that could leave an unprotected machine unusable or turn it into a platform for attacking other PCs. Many of these attacks were by worms such as SQL.Slammer and MS.Blaster both of which first appeared in 2003. The bugs swamp net connections as they search for fresh victims and make host machines unstable. They have not been wiped out because they scan the net so thoroughly that they can always find another vulnerable machine to leap to and use as a host while they search for new places to visit."
Read the full BBC story.
This article was accessed through Slashdot.
Friday, 15 September 2006
Business Communications Review has an article entitled The Botnet Threat reviewing a recent report put out by Arbor Networks, which surveyed ISPs about their biggest security concerns.
"When they surveyed 55 ISPs, McPherson and Labovitz discovered that distributed denial of service attacks, and the related threat of botnets, remain the biggest security problem that ISPs face. Together, these two elements were named as the top threat by 77 percent of respondents. "Brute-force attacks remain the most predominant attack type on the Internet today," the authors write.
The largest sustained attack reported by the survey respondents was a whopping 17 Gbps; a UDP flood of 22 million packets per second (pps) and a SYN flood of 14 million pps have also been reported. "The magnitude of these attacks is incredible when you consider that a 14 Mpps SYN flood can nearly fill an entire OC-192 (10 Gbps) circuit with a minimum packet size," McPherson and Labovitz write. "Any one of these attacks, or even a fraction thereof, can create significant pain for even the largest ISP networks in the world today."
The report also cites what the authors call "a new and disturbing observation" made by one respondent: Not only are botnets highly organized and "uniformly gargantuan," but there's an increasing amount of marketing of these botnets. ("Blast your affiliate numbers overnight!" is a typical pitch they report seeing.)"
Monday, 22 May 2006
The April MessageLabs Intelligence Report includes analysis of the threat landscape during the first quarter of 2006. Overall, threat levels remained largely stable with previous months, with the U.S. continuing to play the role as the largest source of malware, spam and phishing attacks, hosting 18.1 percent of the worlds compromised (zombie) computers in the first quarter of 2006 (down from a high of 44 percent in Q2 05).
More information can be found here.
Use the Internet at home and you have a 1-in-3 chance of suffering computer damage, financial loss, or both because of a computer virus or spyware that sneaks onto your computer. That's one of the unsettling conclusions from the 2005 Consumer Reports State of the Net survey of online consumers.
More information can be found here.
Monday, 01 May 2006
A new wave of spam could be on the way that tricks recipients by looking like its a message sent from their friends' e-mail address. This sort of spam would bypass even those filters that currently weed out 99% of the bad stuff, says John Aycock, an assistant professor of computer science at the University of Calgary.
Aycock and student Nathan Friess conducted research and wrote a paper dubbed "Spam Zombies from Outer Space" to show that generating such customized spam -- such as in the form of e-mail replies -- would not be too difficult, as has been assumed in the past. Spammers have leaned toward bulk e-mail generation that is less customized.
More information can be found here.
Thursday, 27 April 2006
Via Schneier on Security comes news of a Kaspersky Labs report on extortion scams using malware:
We've reported more than once on cases where remote malicious users have moved away from the stealth use of infected computers (stealing data from them, using them as part of zombie networks etc) to direct blackmail, demanding payment from victims. At the moment, this method is used in two main ways: encrypting user data and corrupting system information.
Users quickly understand that something has happened to their data. They are then told that they should send a specific sum to an e-payment account maintained by the remote malicious user, whether it be EGold, Webmoney or whatever. The ransom demanded varies significantly depending on the amount of money available to the victim. We know of cases where the malicious users have demanded $50, and of cases where they have demanded more than $2,000. The first such blackmail case was in 1989, and now this method is again gaining in popularity.
In 2005, the most striking examples of this type of cybercrime were carried out using the Trojans GpCode and Krotten. The first of these encrypts user data; the second restricts itself to making a number of modifications to the victim machine's system registry, causing it to cease functioning.
Thursday, 16 February 2006
OECD Scoping Study for the Measurement of Trust in the Online Environment:
Creating an online environment which builds on trust
among users of ICT networks is an increasing priority for business,
industry and governments and has been on the OECD agenda since the late
1990s. The aim of this report is to undertake a review of the data
available from official, semi-official and private sources which can
assist in informing developments and progress in this area. There is a
need to be able to use relevant data to assess the effectiveness of
public and private initiatives aimed at building trust among users.
Friday, 03 February 2006
From Bruce Schneier's blog Schneier
on Security comes a pointer to an article about
someone convicted for running a for-profit botnet:
November's 52-page indictment, along with papers filed last week, offer
an unusually detailed glimpse into a shadowy world where hackers, often not old enough
to vote, brag in online chat groups about their prowess in taking over vast numbers
of computers and herding them into large armies of junk mail robots and arsenals for
so-called denial of service attacks on Web sites.
Ancheta one-upped his hacking peers by advertising his network of "bots," short for
robots, on Internet chat channels.
A Web site Ancheta maintained included a schedule of prices he charged people who
wanted to rent out the machines, along with guidelines on how many bots were required
to bring down a particular type of Web site.
In July 2004, he told one chat partner he had more than 40,000 machines available,
"more than I can handle," according to the indictment. A month later, Ancheta told
another person he controlled at least 100,000 bots, and that his network had added
another 10,000 machines in a week and a half.
In a three-month span starting in June 2004, Ancheta rented out or sold bots to at
least 10 "different nefarious computer users," according to the plea agreement. He
pocketed $3,000 in the process by accepting payments through the online PayPal service,
Starting in August 2004, Ancheta turned to a new, more lucrative method to profit
from his botnets, prosecutors said. Working with a juvenile in Boca Raton, Fla., whom
prosecutors identified by his Internet nickname "SoBe," Ancheta infected more than
Friday, 04 November 2005
Wednesday, 25 May 2005
From the FTC's Operation Spam Zombies page:
Spammers use home computers to send bulk emails by the millions. They take advantage of security weaknesses to install hidden software that turns consumer computers into mail or proxy servers. They route bulk email through these "spam zombies," obscuring its true origin.
As part of a worldwide effort to prevent these abuses, the FTC announces "Operation Spam Zombies." In partnership with 20 members of the London Action Plan and 16 additional government agencies from around the world, the Commission is sending letters to more than 3000 Internet service providers (ISPs) internationally, encouraging them to take the following zombie-prevention measures:
- block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers.
- apply rate-limiting controls for email relays.
- identify computers that are sending atypical amounts of email, and take steps to determine if the computer is acting as a spam zombie. When necessary, quarantine the affected computer until the source of the problem is removed.
- give your customers plain-language advice on how to prevent their computers from being infected by worms, trojans, or other malware that turn PCs into spam zombies, and provide the appropriate tools and assistance.
- provide, or point your customers to, easy-to-use tools to remove zombie code if their computers have been infected, and provide the appropriate assistance.
In a later phase, the Operation plans to notify Internet providers worldwide that apparent spam zombies were identified on their systems, and urge them to implement measures to prevent that problem.
Letter text translations (provided by participating agencies):
Monday, 23 May 2005
Declan McCullagh writes on C|Net News:
Remote-controlled "zombie" networks operated by bottom-feeding spammers have become a serious problem that requires more industry action, the Federal Trade Commission is expected to announce on Tuesday.
The FTC and more than 30 of its counterparts abroad are planning to contact Internet service providers and urge them to pay more attention to what their customers are doing online. Among the requests: identifying customers with suspicious e-mailing patterns, quarantining those computers and offering help in cleaning the zombie code off the hapless PCs.
To be sure, computers infected by zombie programs and used to churn out spam are a real threat to the future of e-mail. One report by security firm Sophos found that compromised PCs are responsible for 40 percent of the world's spam--and that number seems to be heading up, not down.
But government pressure--even well-intentioned--on Internet providers to monitor their users raises some important questions.
[via Fergie's Tech Blog]