International Telecommunication Union   ITU
Site Map Contact us Print Version
 Thursday, 17 January 2008

The UN Department of Economic and Social Affairs recently released the UN e-Government Survey 2008: From e-Government to Connected Governance, which presents an assessment of the new role of the government in enhancing public service delivery, while improving the efficiency and productivity of government processes and systems. It comprises two parts including a section which presents the findings of the UN e-Government Survey 2008 and a section focusing on the ‘how to’ approach connected governance.

For more information on the survey, visit the Global E-Government Survey 2008 website.
Access the complete survey here.

Thursday, 17 January 2008 09:18:21 (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, 16 January 2008

A documentary, "The New Face of Cybercrime," created by Academy award nominated director Fredric Golding and presented by Fortify Software, provides a face to the criminals' intent on hacking into systems today. Candid interviews with many industry leaders and executives of large organizations taking steps against these attacks are also included, providing perspective on how they think about these threats and what they are doing about them throughout their companies.

Wednesday, 16 January 2008 09:24:11 (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, 15 January 2008

The Storm Worm botnet, using its huge collection of infected computers, is now sending out phishing emails directing people to fake banking sites that it also hosts on the computers it remotely controls, according to F-Secure and Trend Micro. Apparently, Storm has never been involved in phishing up to this point, however, the new campaign may indicate, according to F-Secure, that Storm's controllers have figured out how to divide the massive army into clusters which it is now renting out to others. F-Secure and Trend Micro both reported that the phishing scam was using a technique known as fast-flux DNS to keep the phishing site alive. Fast-flux works by constantly changing the IP address in the internet's phone book system (known as DNS) and having multiple computers in the botnet host the phishing site. This makes it very difficult to blacklist a IP address and since the site isn't being hosted by a company that researchers could contact to take down the site, the site lives longer.

According to Paul Ferguson, an advanced threat researcher for security giant Trend Micro, the spam emails were sent from a different segment of the botnet than the phishing sites were hosted. The site used for phishing was just registered on Monday. Anti-phishing filters, such as the ones bundled into Opera, Firefox and IE7, have gotten pretty good at quickly adding sites to their blocked list, however, "the issue becomes how do you work to take it down and find the perpetrators," said Ferguson.

Read Ferguson's article on this incident on Trend Micro's Malware Blog.
Read the full article on Wired Blog Network.

Tuesday, 15 January 2008 17:41:20 (W. Europe Standard Time, UTC+01:00)  #     | 

Pushdo trojan, a fairly new and prolific threat being circulated in fake "E-card" emails, is classified as a more sophisticated "downloader" trojan due to its control server. According to the analysis of Secureworks, when executed, Pushdo reports back to one of several control server IP addresses embedded in its code. The server listens on TCP port 80, and pretends to be an Apache webserver. Any request that doesn't have the correct URL format will be answered with the following content:

Looking for blackjack and hookers?

The Bender Bending Rodriguez text is simply misdirection to mask the true nature of the server - if the HTTP request contains the following parameters, one or more executables will be delivered via HTTP:

Typical Pushdo Request

The Pushdo controller is preloaded with multiple executable files - the one we looked at contained 421 different malware samples ready to be delivered. The Pushdo controller also uses the GeoIP geolocation database in conjunction with whitelists and blacklists of country codes. This enables the Pushdo author to limit distribution of any one of the malware loads from infecting users located in a particular country, or provides the ability to target a specfic country or countries with a specific payload.

Pushdo's detection of the physical hard drive serial number as a identifier not only provides a unique ID for the infected system, but can also reveal information such as whether the code is running in a virtual machine or not. This could be a way for the malware author to spy on anti-virus companies using automated tools to monitor the malware download points.

Another anti-anti-malware function of Pushdo is that it looks at the names of all running processes and compare them to a list of anti-virus and personal firewall process names. Instead of killing off these processes, however, Pushdo merely reports back to the controller which ones are running, by appending "proc=" and a list of the matching process names to the HTTP request parameters. This enables the authors to determine which anti-virus engines or firewalls are preventing the malware from running or phoning home, by their absence from the statistics. This way the Pushdo author doesn't have to maintain a test environment for each AV/firewall product.

Recently, an e-card email containing a newer variant of Pushdo was received. Apparently taking notice that the Bleeding Snort project had published a signature (sid 2006377) to detect the Pushdo request variables in transit, the author has now changed the request to be less fingerprintable. An example of the new request format is:

GET /40e800142020202057202d4443574d414c393635393438366c0000003c66000000007600000002 HTTP/1.0

Apparently, the author of Pushdo is intent on evading detection for as long as possible, in order to have the maximum amount of time to seed Cutwail spambots into the wild. Although it is unclear just how large the Cutwail botnet has become, the ambition of the project rivals that of other more well-known spam botnets, such as Storm.

Read the complete analysis on Pushdo here.
Read the blog entry detailing the trouble Sophos are having with the Pushdo trojan.

Tuesday, 15 January 2008 11:33:44 (W. Europe Standard Time, UTC+01:00)  #     | 

A new-generation worm-botnet known as Nugache, according to Dave Dittrich, might be the most advanced worm/botnet yet. It has no C&C server to target, has bots capable of sending encrypted packets and has the possibility of any peer on the network suddenly becoming the de facto leader of the botnet. However, despite numerous worms, viruses, bots and Trojans over the years having one or two of the features that Storm, Nugache, Rbot and other such programs possess, none has approached the breadth and depth of their feature sets. Rbot, with more than 100 features that users can choose from when compiling the bot, enables two different bots compiled from an identical source have nearly identical feature sets, yet look completely different to an antivirus engine.

A disturbing concern, experts say, is that there are several malware groups out there right now that are writing custom Trojans, rootkits and attack toolkits to the specifications of their customers, who are in turn using the malware not to build worldwide botnets like Storm, but to attack small slices of a certain industry, such as financial services or health care. A popular example of this is Rizo, a variant of Rbot. Like Nugache and Storm, Rizo has been modified a number of times to meet the requirements of various different attack scenarios. "Within the course of a few weeks, different versions of Rizo were used to attack customers of several different banks in South America. Once installed on a user's PC, it monitors Internet activity and gathers login credentials for online banking sites, which it then sends back to the attacker. It's standard behavior for these kinds of Trojans, but the amount of specificity and customization involved in the code and the ways in which the author changed it over time are what have researchers worried."

To read the full article on Nugache, click here.
More security related news at Schneier on Security.

Tuesday, 15 January 2008 10:12:09 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 20 December 2007

The article, Beware, botnets have your PC in their sights, by New Scientist republished by TMCnet, provides a brief discussion of the cybersecurity situation in developing countries and how the current conditions may later evolve into an enormous cybersecurity problem in the coming years. Although hackers and cybercriminals tend to attack computers in developed countries at the moment due to more stable and consistent Internet connectivity, it is foreseen that developing countries may be next in line with the increasing technological developments and initiatives such as the One Laptop Per Child (OLPC) programme and Intel's low-cost Classmate computer. "If thousands of Classmates are distributed without adequate security, or if a previously unknown flaw in BitFrost, OLPC's security system, emerges, the new generation of cheap PCs will lead to problems... The ITU is assuming that attacks of this kind are a foregone conclusion and is organising a global effort to help developing countries fortify themselves against them." ITU, with its Botnet Mitigation Toolkit and Cybersecurity efforts, aims to increase international cooperation among states and provide the training and expertise needed to build CERTs in developing countries.

Read the full article here.

More information on ITU Cybersecurity related activities here.

Thursday, 20 December 2007 12:26:39 (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, 19 December 2007

The OPTA Commission has imposed a fine of 1 million Euros on three Dutch enterprises, operating under the company name DollarRevenue, and their two directors, due to their unlawful installion of software on more than 22 million computers belonging to Internet users in the Netherlands and elsewhere. They primarily used misleading files, making Internet users believe that they were about to download apparently innocent files, whereas they actually contained DollarRevenue software. "They also used botnets, thereby installing files without user intervention. Each day 60,000 installations occurred on average. A total of more than 450 million program files were illegally placed on 22 million computers." With the enterprises and their directors having deliberately contravened provisions of the Universal Service and End Users Decree [Besluit universele dienstverlening en eindgebruikers], based on the Telecommunications Act [Telecommunicatiewet] and designed to promote safe Internet usage and to protect the privacy of Internet users, fines totalling 1 million Euros were imposed.

Read the full article on the OPTA website.

Wednesday, 19 December 2007 17:14:35 (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, 18 December 2007

ITU, in collaboration with the ictQATAR and Q-CERT, will be hosting a workshop 18-21 February 2008 entitled Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection (CIIP) and a Cybersecurity Forensics Workshop. The workshops will be held in Doha, Qatar.

The description of the event, draft agenda, invitation letter, and registration form for meeting participants are available on the event website.

Contact cybmail(at) with any general queries you may have related to the workshop.

Tuesday, 18 December 2007 17:33:04 (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, 17 December 2007

A presentation on "Measuring National Cybersecurity Readiness" has been posted online today on the ITU-D ICT Applications and Cybersecurity Division (CYB) website. The presentation by Robert Shaw, head of the ICT Applications and Cybersecurity division, provides background information and resources on cybersecurity, information on related ITU-D activities and initiatives, and other relevant activities. For more information on CYB's activities involving cybersecurity, visit the division website.

Monday, 17 December 2007 17:25:52 (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, 14 December 2007

According to McAfee, the website of the French Embassy in Libya is currently under attack through IFRAME injection. With the visit by Libyan President Muammar Khadafi in the country, controversy is stirring up which has apparently triggered interest among people behind the attack. The iframe routes the victim to sites hosted through Hong Kong provider, then it redirects the victim to Russia and Ukraine where exploit and downloaders are used (Exploit-YIMCAM and downloader-AUD). McAfee warns people not to attempt reaching the site as it is still dangerous.

For more information, visit the McAfee Blog.

Friday, 14 December 2007 10:12:11 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 13 December 2007

The International Telecommunication Union (ITU) highlighted the role played by information and communication technologies (ICTs) as both a cause and a potential cure for climate change at the UN Conference on Climate Change in Bali, Indonesia, on 12 December.

ICTs can be used for remote monitoring of climate change and the gathering of crucial scientific data such as using telemetry or remote sensing by satellite. Smart and emerging technologies can be integrated into energy-efficient products, notably in next-generation networks (NGN) where ITU's Standardization sector (ITU-T) is carrying out vital specialized work.

Activities at the ITU's Development Sector (ITU-D) refer to promoting a role for information and communications technologies in the protection of the environment, together with partners from other international organizations and the industry. ITU-D also provides assistance to developing countries in emergency telecommunications as well as in the area of e-waste.

At the UN Conference, ITU raised awareness on standby services of ICT equipment such as computers and PC screens, DVD players, TVs and battery chargers, which places a burden on energy consumption. "Always-on" services, like broadband or mobile phones on standby, have increased energy consumption compared with fixed-line telephones, which do not require an independent power source.

ITU underlined an active commitment to promote the use of ICTs as a positive force to reduce greenhouse emissions and to find ways to mitigate the effects of climate change. In this regard, ITU can support and facilitate scientific studies aimed at implementation of new measures against the negative effects of climate change. As part of a unified effort of the UN system, ITU can contribute in its areas of expertise to support Member States and to foster partnerships with the private sector to develop more energy-efficient technologies.

For more information, click here.

Thursday, 13 December 2007 12:59:57 (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, 11 December 2007

PC Tools recently discovered a social-engineering attack that uses trickery rather than a software flaw to access victim's valuable information. It is a new program that can mimic online flirtation and then extract personal information from its unsuspecting conversation partners. The program is believed to be making the rounds in Russian chat forums such as CyberLover. According to PC Tools, the "bot" cannot be easily distinguished from a real potential suitor, and the software can work quickly establishing up to 10 relationships in 30 minutes. It then compiles a report on every person it meets complete with name, contact information, and photos, which then may be made available for fraudulent activities. "Although the program is currently targeting Russian Web sites, PC Tools is urging people in chat rooms and social networks elsewhere to be on the alert for such attacks. Their recommendations amount to just good sense in general, such as avoiding giving out personal information and using an alias when chatting online."

Read the full article here.

Tuesday, 11 December 2007 10:00:31 (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, 03 December 2007

Kelly Jackson Higgins, Senior Editor of Dark Reading wrote on how cyberwarfare has evolved into a growing underground market. According to experts, international cyber-spying is considered as the biggest threat for 2008 with the malware economy mimicking legitimate software markets. Malware suppliers are reportedly offering tools that make it easy for criminals with little technical know-how to commit their crimes, and many now advertise their 'products,' and offer support services as a value-add. These, as well as cyber-spying trends, are among the many findings of McAfee's annual Virtual Criminology Report released on 29 November 2007. The report was based on input from more than a dozen security experts from NATO, the FBI, SOCA, The London School of Economics, and the International Institute for Counter-Terrorism.

"What struck me through most of this report is the threat is more evolutionary than revolutionary -- things we've talked about as potentially developing are now status quo," says David Marcus, senior research and communications manager for McAfee. "That's the disturbing part. Cyberwarfare, or state-sponsored malware, is business as usual." According to the report, what further concerns governments is that this malware, as well as the burgeoning market for zero-day exploits, sold in the black market can also be used for targeting government, banks or other sensitive infrastructures, such as the power grid.

Read the full article here.

Monday, 03 December 2007 11:25:11 (W. Europe Standard Time, UTC+01:00)  #     | 

The CSI Survey 2007, the 12th of its kind, by the Computer Security Institute, aims to raise the level of security awareness, as well as help determine the scope of computer crime in the United States. The survey strongly suggests in this year’s results that mounting threats are beginning to materialize as mounting losses. The survey results are based on the responses of 494 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities.

Among the key findings from this year’s survey are:

  • The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year. Not since the 2004 report have average losses been this high.
  • Almost one-fifth (18 percent) of those respondents who suffered one or more kinds of security incident further said they’d suffered a “targeted attack,” defined as a malware attack aimed exclusively at their organization or at organizations within a small subset of the general population.
  • Financial fraud overtook virus attacks as the source of the greatest financial losses. Virus losses, which had been the leading cause of loss for seven straight years, fell to second place. If separate categories concerned with the loss of customer and proprietary data are lumped together, however, then that combined category would be the second-worst cause of financial loss. Another significant cause of loss was system penetration by outsiders.
  • Insider abuse of network access or e-mail (such as trafficking in pornography or pirated software) edged out virus incidents as the most prevalent security problem, with 59 and 52 percent of respondents reporting each respectively.
  • When asked generally whether they’d suffered a security incident, 46 percent of respondents said yes, down from 53 percent last year and 56 percent the year before.
  • The percentage of organizations reporting computer intrusions to law enforcement continued upward after reversing a multi-year decline over the past two years, standing now at 29 percent as compared to 25 percent in last year’s report.

For the complete detailed survey results, click here.

Monday, 03 December 2007 10:28:54 (W. Europe Standard Time, UTC+01:00)  #     | 

A Taxonomy of Privacy by Daniel J. Solove, an associate professor at the George Washington University Law School, won the Privacy Enhancing Technologies award 2006. This paper attempts to identify privacy problems in a comprehensive and concrete manner, and it aims to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law.

“Privacy is a concept in disarray,” Solove says. “Abstract incantations of ‘privacy’ are not nuanced enough to capture the problems involved. The law has often failed to adequately protect privacy, and privacy problems are frequently misconstrued or inconsistently recognised. Without an understanding of what the privacy problems are, how can privacy be addressed in a meaningful way?”

His taxonomy defines threats to privacy from the perspective of the individual, in four categories of potentially harmful activities — information collection, information processing, information dissemination and invasion. With the help of this more comprehensive taxonomy, Solove hopes that privacy considerations can be better recognised and balanced against opposing interests.

Read the full paper here.

Monday, 03 December 2007 10:02:12 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 29 November 2007

The United Nations Children’s Fund (UNICEF) reported on 26 November about the launch of 20 broadband-enabled teacher resource centres in the Maldives to help the Ministry of Education to provide quality education to every child of a population spread across 1,000 small islands.

Using information and communication technologies (ICTs) enables administrators and teachers to be part of one learning community across the country. Teachers can simultaneously receive online training, access and exchange information through the common network. Moreover, the internet and state-of-the-art technologies are aimed to enhance interactive education and to increase motivation of both students and teachers, as UNICEF noted.

Thursday, 29 November 2007 12:16:27 (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, 28 November 2007

ITU, in collaboration with the Ministry of Communications and Information Technology of the Republic of Indonesia, is hosting a workshop on 28-30 November 2007 entitled ITU Regional Workshop on ICT Applications for Rural Communication Development. The workshop is held in Bali, Indonesia.

The description of the event, draft agenda, invitation letter, and practical information for meeting participants are available on the event website.

Wednesday, 28 November 2007 13:52:34 (W. Europe Standard Time, UTC+01:00)  #     | 

Information and communications technologies (ICTs) are contributing to climate change, but can also provide problem-tackling tools, as the United Nations News Centre reported from a conference on the impact of ICTs on climate change organized by the UN Global Alliance for ICT and Development and AIT Global Inc., a global association of management and information technology professionals,on 27-28 November.

Experts and industry leaders highlighted that servers, personal computers and monitors account for more that 60 per cent of global ICT-related carbon emissions, and that product design, manufacturing and internal operations would be essential to minimizing emissions. Even though the paperless office environment has not yet been achieved, industry could develop energy-efficient appliances that shut down automatically when not being used. ICT could also improve the energy efficiency of all economic sectors, for example diagnosing the carbon emissions of products or processes and suggesting their redesign.

To read the full article, click here.

Wednesday, 28 November 2007 10:55:57 (W. Europe Standard Time, UTC+01:00)  #     | 

ENISA recently launched its latest Position Paper, "Botnets - The Silent Threat", a 12-page paper identifying roles and structures of criminal organizations for creating and controlling botnets, and trends in this type of cyber crime as well as online tools to identify and counter malicious code. ENISA points out that browser exploits account for more than 60% of all infections, email attachments for 13%, operating system exploits for 11%, and downloaded Internet files for 9%. It also emphasizes that the main problem is uninformed users. ENISA, thus, calls for "a more coordinated, cross country cooperation among multi-national law enforcement agencies, Internet Service Providers (ISPs) and software vendors" to combat botnets, and further adds that education of the everyday user is a key measure.

For further information, read ENISA's press release or access the full ENISA Position Paper.

Wednesday, 28 November 2007 10:00:12 (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, 27 November 2007

USA Today reports on the current spam statistics, and reiterates how spam continues to exponentially increase despite anti-spam softwares, filters and legislations. According to market researcher IDC, "the total number of spam e-mail messages sent worldwide, 10.8 trillion, will surpass the number of person-to-person e-mails sent, 10.5 trillion." Spam sent is also said to have reached 60 billion to 150 billion messages a day. As for phishing, the Anti-Phishing Working Group said new phishing sites soared to 30,999 as of July 2007, from 14,191 in July 2006. MessageLabs adds that one in 87 e-mails is tagged as phishing scams now, compared with one in 500 a year ago.

The fight against spam has nonetheless expanded and grown too. Built-in spam defenses of Google's Gmail, social-networking sites such as Facebook and MySpace which enable users to control who has access to their personal profile, to exchange e-mail with friends, family and business associates, and phishing filters provided by Microsoft on its Internet Explorer browser are some of the common filters made available to users. In the same effort to stop spam, Yahoo, eBay and PayPal recently announced their use of DomainKeys, an e-mail-authentication technology. Other anti-spam technologies include CertifiedEmail from Goodmail Systems, a new breed of e-mail services, and Boxbe. "The multilayered-defense approach has worked to stop such scourges as image spam, which varied the content of individual messages — through colors, backgrounds, picture sizes or font types — to slip through spam filters. Image spam made up half of all spam in January. Since software makers came up with a solution, image spam has dropped to 8% of all spam, Symantec says."

Read the full article here.

Tuesday, 27 November 2007 14:23:14 (W. Europe Standard Time, UTC+01:00)  #     |