International Telecommunication Union   ITU
Site Map Contact us Print Version
 Tuesday, 05 February 2008

A presentation on "ICTs and e-Environment - Overview of BDT Scoping Study for Developing Countries" has been posted online today on the ITU-D ICT Applications and Cybersecurity Division (CYB) website. The presentation is based on the report "ICTs and e-Environment", which provides an overview on the contribution of information and communication technologies (ICTs) and related strategies as tools to assist developing countries in mitigating and adapting to environmental and climate change. The report will be available after final review on the division website.

Tuesday, 05 February 2008 17:32:26 (W. Europe Standard Time, UTC+01:00)  #     | 

A presentation on the "Overview of ITU-D Activities Related to Cybersecurity and Critical Information" has been posted online today on the ITU-D ICT Applications and Cybersecurity Division (CYB) website. The presentation by Robert Shaw, head of the ICT Applications and Cybersecurity division, provides background information on cybersecurity, a case study on the recent Interent outage, key activities of ITU-D, and an outline of the Framework for Organizing a National Approach to Cybersecurity. For more information on CYB's activities involving cybersecurity, visit the division website.

Tuesday, 05 February 2008 11:09:25 (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, 04 February 2008

The International Telecommunication Union (ITU) extended its call for papers for the ITU Symposia on ICTs and Climate Change to 29 February 2008.

The first symposium will be held in Kyoto, Japan (15-16 April 2008, hosted by the Ministry of Internal Affairs and Communication) and will be followed by finalizing the initial proposals at a second symposium in London, UK (17-18 June, hosted by British Telecom). These symposia will bring together key specialists in the field, from top decision-makers to engineers, designers, planners, government officials, regulators, standards experts and others. To contribute to this work, stakeholders are invited to submit an abstract, of maximum 300 words, for a paper or presentation which is relevant to one of more of the topics above.

The topics of interest at the symposia include:

  • Climate change and the impact of ICTs
  • Use of ICTs in monitoring climate change
  • ICTs for mitigating the local effects of climate change
  • ICTs and concerted action against global warming
  • ICT standardization in the field of climate change

For more information on the ITU Symposia on ICTs and Climate Change, click here. For information on ITU's e-environment activities, click here.

Monday, 04 February 2008 13:12:33 (W. Europe Standard Time, UTC+01:00)  #     | 

The Global e-Sustainability Initiative (GeSI) recently commissioned a research study to assess current carbon impacts of the information and communication technology (ICT) sector and to analyse the role of ICTs in catalyzing transformation to a low-carbon economy. With a focus on both developed and emerging economies, the study aims to:

  • Deliver a globally comprehensive picture of direct and indirect carbon emissions of telecommunications, computing, services and software.
  • Define common themes across the lifecycle of ICTs, identifying critical trends, scenarios and impact assessments for the ICT sector to 2020.
  • Create a ‘road map’ to allow the ICT sector to act now on reducing global energy usage and greenhouse gas emissions.

To know more about the study, click here.

The Global e-Sustainability Initiative (GeSI) is an initiative of Information and Communications Technology (ICT) companies aimed at improving the sustainability impact of the ICT industry, and is supported by the International Telecommunication Union and the United Nations Environment Programme.

Monday, 04 February 2008 12:42:20 (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, 01 February 2008

The ITU Telecommunication Standardization Sector announces the Study Group 15 tutorials on energy saving techniques to be held on 13-15 February 2008. This activity is in the context of ITU-T's efforts to address climate change issues. "A checklist for developers of standards is already under development in SG 15. The technologies considered in the list include optical transport networks and access network transport technologies such as digital subscriber line (DSL) and Gigabit-capable Passive Optical Networks (GPON). Together these technologies represent a significant consumption of energy worldwide. The idea is that the checklist is applied before the work commences, during the work and after the completion of the work. The use of the checklist should ideally be complemented by involving energy efficiency experts and users in the process."

Other topics in the tutorials include energy efficient Ethernet and opportunities and techniques for power saving in DSL and PON. Also, a general introduction to the issues surrounding ICTs and climate change, (to be addressed in two upcoming ITU Symposia on ICTs and Climate Change), and an update on the outcome of the UN Climate Change Conference in Bali, December 2007, will also be discussed.

More updates on this event on the ITU-T Newslog.
More information on ITU-D's activities involving ICTs and the environment (e-Environment) here.

Friday, 01 February 2008 14:11:17 (W. Europe Standard Time, UTC+01:00)  #     | 

The recent Internet outage has left the experts speculating that there may be greater demand for telecom capacity in the future. Reports indicated difficulty with receiving data sent from the United States to countries affected by the cable damage with an average 50% increase in the time it takes to download Web sites and a 10% decrease in the availability of Web sites overall, Keynote Systems said. Abelardo Gonzalez, a product manager at Keynote, believes the damaged cable incident will spur many global companies to think about new ways of staying connected to the Web in case of emergencies. He adds that companies should look into having backup connectivity through multi-honing their ISPs or even through having a satellite uplink for last-resort connections.

The damage to the cables has raised concerns about future incidents in which a greater number of cables could experience more significant levels of destruction. Paul Polishuk, the president and chairman of the board of the IGI Group of Companies, says one problem with many of the underwater cable systems is that many of the cables join together at shared landing points that could leave large swathes of telecom infrastructure vulnerable to potential terrorist attacks. Andrew Odlyzko, the director of the University of Minnesota's Digital Technology Center, shares Polishuk's concern about the cables' vulnerability and thinks that any significant damage to cables at major landing points would have serious economic consequences as evident on the 2006 earthquakes that severely disrupted Taiwan's Internet access.

Read the full article on Network World.

Friday, 01 February 2008 10:33:23 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 31 January 2008

The Guardian reports on how tens of millions of internet users across the Middle East and Asia have been left without access to the web due to a fault in a single undersea cable believed to be a major internet pipeline connecting to Europe. The outage was said to have first struck yesterday morning and has severely restricted internet access in India, Egypt and Saudi Arabia.

"The line in question runs under the Mediterranean, from Palermo in Italy to Alexandria in Egypt. It is not clear what caused the break. The cable is one of only a handful of connections, and part of the world's longest undersea cable, 24,500 miles long, running from Germany, through the Middle East and India before terminating in Australia and Japan... Egyptian officials said that around 70% of the country's online traffic was being blocked, while officials in Mumbai said that more than half of India's internet capacity had been erased, which could have potentially disastrous consequences for the country's burgeoning hi-tech industry. 'There has been a 50% to 60% cut in bandwidth,' Rajesh Charia, president of the Internet Service Providers' Association of India told Reuters."

According to the report, the outage will take several days to fix, and could have a drastic impact on communications, businesses and the hi-tech industry as well as banks and stock market trading around the region and across the globe.

More details on the digital blackout here.

Thursday, 31 January 2008 11:43:09 (W. Europe Standard Time, UTC+01:00)  #     | 

Nnamdi Chizuba Anisiobi, age 31, of Nigeria; Anthony Friday Ehis, age 34, of Senegal; and Kesandu Egwuonwu, age 35, of Nigeria have pleaded guilty to charges related to spam e-mail that promised U.S. victims millions of dollars from an estate and a lottery, the U.S. Department of Justice announced Wednesday. The three were arrested in Amsterdam on Feb, 21, 2006. One of the case scenarios was an e-mail sent by the defendants to thousands of potential victims purporting to be from an individual suffering from terminal throat cancer who needed assistance distributing approximately US$55 million to charity. According to the DOJ, the fraud victims lost $1.2 million by giving the defendants advance fees. "Anisiobi pled guilty to one count of conspiracy, eight counts of wire fraud and one count of mail fraud. Ehis pled guilty to one count of conspiracy and five counts of wire fraud. Egwuonwu pled guilty to one count of conspiracy, three counts of wire fraud and one count of mail fraud. The maximum penalty for mail and wire fraud is 20 years in prison. The conspiracy charge carries a maximum penalty of five years in prison." A fourth defendant, Lenn Nwokeafor, was also reported to have fled to Nigeria. He was subsequently arrested by the Nigerian Economic & Financial Crimes Commission on July 27, 2006, and is now being held by the Nigerian authorities pending extradition to the U.S..

Read the full article on The New York Times.

Thursday, 31 January 2008 09:47:59 (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, 30 January 2008

The Wall Street Journal recently reports on President Bush's move to improve protection against cyberattacks. Despite promising a frugal budget proposal next month, an estimated $6 billion has been allocated to build a secretive system protecting U.S. communication networks from attacks by terrorists, spies and hackers. "Administration officials and lawmakers say that the prospect of cyberterrorists hacking into a nuclear-power plant or paralyzing Wall Street is becoming possible, and that the U.S. isn't prepared. This is 'one area where we have significant work to do,' Homeland Security Secretary Michael Chertoff said in a recent interview."

Read the full article on the Wall Street Journal.

Wednesday, 30 January 2008 09:24:31 (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, 28 January 2008 recently interviewed Nitesh Dhanjani and Billy Rios, well-known security researchers that have recently managed to infiltrate the phishing underground. The interview gives readers a rundown on how Dhanjani and Rios saw an extraordinary amount of sensitive customer account information, obtained the latest phishing kits, located and examined the tools used by phishers, trolled sites buying and selling identities, and even social engineered a few scammers. They also expose on this interview the tactics and tools that phishers use, illustrate what happens when your confidential information gets stolen, discuss how phishers communicate and how they phish each other.

Read the full interview here.

Monday, 28 January 2008 13:07:00 (W. Europe Standard Time, UTC+01:00)  #     | 

Speech recognition technology has been an accelerating technological development and is now making its way to the mass market. Among these companies providing speech recognition technology is Vlingo Corporation. "Vlingo’s service lets people talk naturally, rather than making them use a limited number of set phrases. Dave Grannan, the company’s chief executive, demonstrated the Vlingo Find application by asking his phone for a song by Mississippi John Hurt (try typing that with your thumbs), for the location of a local bakery and for a Web search for a consumer product. It was all fast and efficient. Vlingo is designed to adapt to the voice of its primary user, but I was also able to use Mr. Grannan’s phone to find an address. The Find application is in the beta test phase at AT&T and Sprint." Other companies offering speech recognition technology to their customers include Nuance with its Nuance Voice Control system recently released last August, and Microsoft with its purchase of TellMe Networks last March. According to Opus Research, speech recognition has reached a $1.6 billion market in 2007, and they further predict an annual growth rate of 14.5 percent over the next three years. "Dan Miller, an analyst at Opus, said that companies that have licensed speech recognition technology would probably see faster revenue growth, as more consumers used the technology."

Speech recognition technology has also been available on personal computers since 2001 in applications like Microsoft Office but with a weaker following. It is also already used in high-end G.P.S. systems and luxury cars from Cadillac and Lexus, and is now spreading to less expensive systems and cars. The speech technology chief at I.B.M. Research, David Nahamoo, adds that the company has an automotive customer testing speech recognition to help drivers find songs quickly while driving. SimulScribe, on the other hand, uses speech recognition to convert voice mail into e-mail.

More on this article on the The New York Times.

Monday, 28 January 2008 11:15:19 (W. Europe Standard Time, UTC+01:00)  #     | 

According to Security experts at Sophos, 6,000 new infected webpages are discovered every day, 83 per cent of which belonging to innocent companies and individuals that are unaware of their sites being compromised. Sophos further reports that the well-known iFrame vulnerability in Internet Explorer remained the preferred vector for malware attacks throughout last year with China (51.4 per cent) and the US (23.4 per cent) leading in the net security firm's list of malware-hosting countries. According to PandaLabs, "around half a million computers are infected by bots every day... [and] approximately 11 percent of computers worldwide have become a part of criminal botnets, which are responsible for 85 percent of all spam sent."

Read the full article on The Register.
Read relevant article on Slashdot.

Monday, 28 January 2008 09:55:20 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 24 January 2008

E360 Insight, LLC filed a complaint against Comcast Corporation on 15 January 2008 accusing the latter of unfairly blocking e360’s e-mail from reaching subscribers. According to e360, in one typical instance, e360 received an error message stating that it’s e-mail was blocked from reaching subscribers because Comcast’s filters determined that e-mail from e360’s servers had been "sent in patterns which are characteristic of spam." According to Direct magazine's report, "the complaint claims that Comcast’s alleged interference with e360’s business relationships cost the firm $4.5 million a year from 2005 through 2007. The complaint also accuses Comcast of sending e360 bogus bounce information, causing the marketer to remove e-mail addresses from its file that were still active. The suit claims the false bounce information cost it almost $2.5 million." E360 asks for more than $12 million in compensatory damages and $9 million in punitive damages from the accused.

Read the full complaint here.

Thursday, 24 January 2008 09:39:48 (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, 22 January 2008

The past week marks the one-year anniversary of the emergence of the spam-enabling Storm worm, a tenacious strain of malicious software that probably speaks more about the future of online crime than almost any other malware family circulating online today. A chronological account from security firm Trend Micro visually sums up Storm's evolution. Dmitri Alperovitch, director of Secure Computing, said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside. 

Alperovitch believes the majority of Storm worm victims are Microsoft Windows users who for whatever reason have ignored the best advice of security professionals by not running anti-virus software and/or regularly applying software security updates. Indeed, the infection statistics seem to support that analysis. According to Vincent Gullotto, head of Microsoft's security research and response team, Microsoft's "malicious software removal tool" -- shipped as part of its monthly patch updates -- has removed an average of 200,000 versions of the Storm worm from Windows systems each month since November, when the software giant first started shipping removal routines for Storm.

According to Trend, nearly 12,000 pieces of Storm-connected malware were unleashed online over the past year (this includes the Trojan that drops the payload, the Storm worm itself, as well as regular -- sometimes hourly -- updates pushed out to infected machines to stay a step ahead of any anti-virus software installed on the host system.) As big as Storm got this past year, Symantec's numbers help put things in a bit more perspective. Storm-related malware made up slightly more than one-quarter of one percent of all potential malicious code infections in 2007, Symantec said.

Read the full article on the Washington Post.

Tuesday, 22 January 2008 12:29:53 (W. Europe Standard Time, UTC+01:00)  #     | 

Romanian artist Alex Dragulescu, a research assistant at the Massachusetts Institute of Technology's Sociable Media Group, puts a face to threats such as Storm and Netsky. "Dragulescu created his so-called 'threat art' in conjunction with live malware intercepted by e-mail security firm MessageLabs. Each is disassembled into a dump of binary code and then run through a program Dragulescu wrote. That program spends a few hours crunching through all the data, looking for patterns in the code that will determine the shape, color and complexity of each piece of threat art."

According to the Washington Post's article, the configuration of these created organisms is driven largely by the botnets' actions. Dragulescu explains that if there is a repeated attempt to write to a system memory address, a particular Windows API call that tries to write to a file or [blast out e-mail], for instance, the program tracks that and looks for the prevalence, number and behavior of those occurrences. 

Dragulescu's other threat art include his "spam architecture," or his "spam plants," the latter of which take its form from rules that look at the ASCII values (computer code that represent the English alphabet) of each spam sample.

For more of Dragulescu's images, check out his Web site and the MessageLabs threat art page.
Read the full article on the Washington Post.

CYB | Cybersecurity | Botnets | Malware | Spam | Media
Tuesday, 22 January 2008 12:14:37 (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, 21 January 2008

Information Week reports that the CIA admitted on Friday at a New Orleans security conference that cyberattacks have caused at least one power outage affecting multiple cities outside the United States. According to Alan Paller, director of research at the SANS Institute, CIA senior analyst Tom Donahue confirmed that online attackers had caused at least one blackout. Information about which foreign cities were affected by the outage and other information related to the attack were not disclosed. According to Paller, a written statement from Donahue read, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

The conference was on sharing data about cyberattacks on critical utilities and resources, and methods of attack mitigation. Discussions also include the new SCADA, Supervisory Control And Data Acquisition, and Control Systems Survival Kit, a document of best practices for SCADA systems.

Read the full article here.

Monday, 21 January 2008 14:06:15 (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, 18 January 2008 reports that "foreign hackers, primarily from Russia and China, are increasingly seeking to steal Americans’ health care records, according to a Department of Homeland Security analyst." Two cases of intrusions to the health care systems' servers have been recorded in the past year which alarmed security officials. In early 2007, a Centers for Disease Control and Prevention Web site was infected with a virus, and in April, a Military Health System server holding Tricare records was hacked. Mark Walker, who works in DHS’ Critical Infrastructure Protection Division, said the hackers are seeking to exfiltrate health care data probably for espionage. DHS is increasing its analysis staff to monitor threats in several industries, including health care, and will be issuing more alerts about cyberthreats to health care data, he said. He added further that DHS wants to build a database of health information system intrusions so it can better analyze the threats and develop countermeasures.

More on this report here.

Friday, 18 January 2008 11:49:15 (W. Europe Standard Time, UTC+01:00)  #     | 

A growing concern among security companies as well as the public this year is the burgeoning market for "protection racket." The computer security industry was said to have deteriorated with one sharing everything about newly discovered weaknesses to some within it involved in a protection racket. Researchers such as Paul Henry, vice-president of technology at Secure Computing, describe this trend as "a move by a small minority of security companies now paying hackers for exclusive access to newly discovered vulnerabilities. This ensures their customers are protected while the software vendor works out a solution and rolls out a patch, a process that can take weeks." This worries security experts because hackers are now being given a so-called legitimate route of selling vulnerabilities to a single company who then protect their own. "They don't have to run the risk of going to jail any more by actually using a vulnerability, they can just threaten you with it and they get paid. It's extortion," says Henry.

Security researchers are said to be drawn to this new practice due to bad treatment from well-known software companies. Henry explains that "there have been cases where people reporting vulnerabilities to software companies have been treated terribly and threatened with legal action because the vendors just don't want to look stupid. Security researchers that have found a vulnerability won't get paid by a vendor, and if they think they actually might end up talking to their lawyers and being threatened, then it's hardly surprising they end up selling vulnerabilities to security companies."

Read the full article on The Guardian.

Friday, 18 January 2008 11:33:53 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 17 January 2008

The UN Department of Economic and Social Affairs recently released the UN e-Government Survey 2008: From e-Government to Connected Governance, which presents an assessment of the new role of the government in enhancing public service delivery, while improving the efficiency and productivity of government processes and systems. It comprises two parts including a section which presents the findings of the UN e-Government Survey 2008 and a section focusing on the ‘how to’ approach connected governance.

For more information on the survey, visit the Global E-Government Survey 2008 website.
Access the complete survey here.

Thursday, 17 January 2008 09:18:21 (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, 16 January 2008

A documentary, "The New Face of Cybercrime," created by Academy award nominated director Fredric Golding and presented by Fortify Software, provides a face to the criminals' intent on hacking into systems today. Candid interviews with many industry leaders and executives of large organizations taking steps against these attacks are also included, providing perspective on how they think about these threats and what they are doing about them throughout their companies.

Wednesday, 16 January 2008 09:24:11 (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, 15 January 2008

The Storm Worm botnet, using its huge collection of infected computers, is now sending out phishing emails directing people to fake banking sites that it also hosts on the computers it remotely controls, according to F-Secure and Trend Micro. Apparently, Storm has never been involved in phishing up to this point, however, the new campaign may indicate, according to F-Secure, that Storm's controllers have figured out how to divide the massive army into clusters which it is now renting out to others. F-Secure and Trend Micro both reported that the phishing scam was using a technique known as fast-flux DNS to keep the phishing site alive. Fast-flux works by constantly changing the IP address in the internet's phone book system (known as DNS) and having multiple computers in the botnet host the phishing site. This makes it very difficult to blacklist a IP address and since the site isn't being hosted by a company that researchers could contact to take down the site, the site lives longer.

According to Paul Ferguson, an advanced threat researcher for security giant Trend Micro, the spam emails were sent from a different segment of the botnet than the phishing sites were hosted. The site used for phishing was just registered on Monday. Anti-phishing filters, such as the ones bundled into Opera, Firefox and IE7, have gotten pretty good at quickly adding sites to their blocked list, however, "the issue becomes how do you work to take it down and find the perpetrators," said Ferguson.

Read Ferguson's article on this incident on Trend Micro's Malware Blog.
Read the full article on Wired Blog Network.

Tuesday, 15 January 2008 17:41:20 (W. Europe Standard Time, UTC+01:00)  #     | 

Pushdo trojan, a fairly new and prolific threat being circulated in fake "E-card" emails, is classified as a more sophisticated "downloader" trojan due to its control server. According to the analysis of Secureworks, when executed, Pushdo reports back to one of several control server IP addresses embedded in its code. The server listens on TCP port 80, and pretends to be an Apache webserver. Any request that doesn't have the correct URL format will be answered with the following content:

Looking for blackjack and hookers?

The Bender Bending Rodriguez text is simply misdirection to mask the true nature of the server - if the HTTP request contains the following parameters, one or more executables will be delivered via HTTP:

Typical Pushdo Request

The Pushdo controller is preloaded with multiple executable files - the one we looked at contained 421 different malware samples ready to be delivered. The Pushdo controller also uses the GeoIP geolocation database in conjunction with whitelists and blacklists of country codes. This enables the Pushdo author to limit distribution of any one of the malware loads from infecting users located in a particular country, or provides the ability to target a specfic country or countries with a specific payload.

Pushdo's detection of the physical hard drive serial number as a identifier not only provides a unique ID for the infected system, but can also reveal information such as whether the code is running in a virtual machine or not. This could be a way for the malware author to spy on anti-virus companies using automated tools to monitor the malware download points.

Another anti-anti-malware function of Pushdo is that it looks at the names of all running processes and compare them to a list of anti-virus and personal firewall process names. Instead of killing off these processes, however, Pushdo merely reports back to the controller which ones are running, by appending "proc=" and a list of the matching process names to the HTTP request parameters. This enables the authors to determine which anti-virus engines or firewalls are preventing the malware from running or phoning home, by their absence from the statistics. This way the Pushdo author doesn't have to maintain a test environment for each AV/firewall product.

Recently, an e-card email containing a newer variant of Pushdo was received. Apparently taking notice that the Bleeding Snort project had published a signature (sid 2006377) to detect the Pushdo request variables in transit, the author has now changed the request to be less fingerprintable. An example of the new request format is:

GET /40e800142020202057202d4443574d414c393635393438366c0000003c66000000007600000002 HTTP/1.0

Apparently, the author of Pushdo is intent on evading detection for as long as possible, in order to have the maximum amount of time to seed Cutwail spambots into the wild. Although it is unclear just how large the Cutwail botnet has become, the ambition of the project rivals that of other more well-known spam botnets, such as Storm.

Read the complete analysis on Pushdo here.
Read the blog entry detailing the trouble Sophos are having with the Pushdo trojan.

Tuesday, 15 January 2008 11:33:44 (W. Europe Standard Time, UTC+01:00)  #     | 

A new-generation worm-botnet known as Nugache, according to Dave Dittrich, might be the most advanced worm/botnet yet. It has no C&C server to target, has bots capable of sending encrypted packets and has the possibility of any peer on the network suddenly becoming the de facto leader of the botnet. However, despite numerous worms, viruses, bots and Trojans over the years having one or two of the features that Storm, Nugache, Rbot and other such programs possess, none has approached the breadth and depth of their feature sets. Rbot, with more than 100 features that users can choose from when compiling the bot, enables two different bots compiled from an identical source have nearly identical feature sets, yet look completely different to an antivirus engine.

A disturbing concern, experts say, is that there are several malware groups out there right now that are writing custom Trojans, rootkits and attack toolkits to the specifications of their customers, who are in turn using the malware not to build worldwide botnets like Storm, but to attack small slices of a certain industry, such as financial services or health care. A popular example of this is Rizo, a variant of Rbot. Like Nugache and Storm, Rizo has been modified a number of times to meet the requirements of various different attack scenarios. "Within the course of a few weeks, different versions of Rizo were used to attack customers of several different banks in South America. Once installed on a user's PC, it monitors Internet activity and gathers login credentials for online banking sites, which it then sends back to the attacker. It's standard behavior for these kinds of Trojans, but the amount of specificity and customization involved in the code and the ways in which the author changed it over time are what have researchers worried."

To read the full article on Nugache, click here.
More security related news at Schneier on Security.

Tuesday, 15 January 2008 10:12:09 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 20 December 2007

The article, Beware, botnets have your PC in their sights, by New Scientist republished by TMCnet, provides a brief discussion of the cybersecurity situation in developing countries and how the current conditions may later evolve into an enormous cybersecurity problem in the coming years. Although hackers and cybercriminals tend to attack computers in developed countries at the moment due to more stable and consistent Internet connectivity, it is foreseen that developing countries may be next in line with the increasing technological developments and initiatives such as the One Laptop Per Child (OLPC) programme and Intel's low-cost Classmate computer. "If thousands of Classmates are distributed without adequate security, or if a previously unknown flaw in BitFrost, OLPC's security system, emerges, the new generation of cheap PCs will lead to problems... The ITU is assuming that attacks of this kind are a foregone conclusion and is organising a global effort to help developing countries fortify themselves against them." ITU, with its Botnet Mitigation Toolkit and Cybersecurity efforts, aims to increase international cooperation among states and provide the training and expertise needed to build CERTs in developing countries.

Read the full article here.

More information on ITU Cybersecurity related activities here.

Thursday, 20 December 2007 12:26:39 (W. Europe Standard Time, UTC+01:00)  #     |