Who Does China Blame for a Third of All Cyber Attacks Against It? The USA

A few years ago, in what we call the BS era (“Before Snowden”), there were frequent accusations levelled against China for attempting to hack into foreign country’s computer systems and steal information.

And, to be fair, there was often good reason to suspect that some attacks were conducted with the endorsement of the Beijing authorities.

> Read More

Near Real-Time Threat Intelligence in the Cloud

Microsoft announced this week they will host known botnet malware infection information and other threat data in their Azure Cloud. This move will enable near-real-time threat data sharing and inarguably, this is a step in the right direction in our fight against the bad guys.

ISPs and CERTs have received threat data via email from Microsoft since the launch of the Microsoft Active Response for Security (MARS) program in 2010.

> Read More

2011 Malware Trends

For those that were unable to attend the March 1 podcast on 2011 Malware Trends, here are a few of the key points with additional depth for each.

By way of background, the market for stolen Internet information is saturated and things like credit card data and bank account credentials have become a cheap commodity on the black market. 

> Read More

2011: The year “Social” Becomes the Botnet C&C Protocol of Choice

Chances are very high that some computers in your organization have been silently infected by malware and are now part of a “botnet.” Chances are also high that you will never know it. “Stealth” has become the ultimate high-ground in the modern malware battleground. Undetectable communications and coordination between “zombie computers” has become the Holy Grail for cyber criminals and social networks appear to be the next hacker tool to help reach the prize.

> Read More

Sesame Street Simple Facebook Guide to Surviving Malicious Attacks

It certainly seems that not a week goes by without hearing about yet another attack on Facebook users. Last week it was a phishing scam driven by a botnet, and this week, we have two new and different phishing scams — one cleverly tricking users into revealing their passwords and another installing malware that quietly waits for the user to start a banking transaction only to steal their login credentials.

> Read More

“Micro-Botnet” – The Cybercriminal’s Choice for Enterprise Data Stealing?

Last winter and spring we all watched with interest the headlines heralding the spread of the Confickr botnet.  The under-reported part of the story was that fact that well-patched enterprise networks were largely unaffected by Confickr’s bloom.  In some circles, this seems to have lead to a complacency or belief that botnet infections are not a problem for well-maintained enterprise networks. 

> Read More

Twitter XSS Vulnerability Continues to Plague the Internet

The current Twitter cross-site-scripting vulnerability (Twitter XSS vulnerability) should not be a surprise to anyone given how new the Twitter platform is.  For millions of its users including myself, we have all seen our fair share of bugs and issues such as Twitter downtime for maintenance, lost profile pictures, misdelivered direct messages and publicly revealed “friends-only” messages.

> Read More

Firefox Users Join the Legions of Victims in Drive-By Malware

Not so long ago, if you wanted to quickly take control of a user’s PC, you scanned the Internet looking for open ports for a vulnerable victim and hacked them with an OS vulnerability. In the age of Web 2.0, OS vulnerabilities have been replaced with browser vulnerabilities as the “keys to the kingdom,” and you no longer have to go through the laborious process of scanning the Internet for potential victims.

> Read More

MyDoom Virus Returns with a Vengeance – DDoS Attacks on US and S. Korean Web Sites

An updated virus (MyDoom)- not a botnet is responsible for the DDoS attacks against US and South Korean websites this past weekend. The virus discovered back in 2004 has been updated to now include a list of websites that have become targets of a DDoS attack as the virus spreads.

The list of Web sites can be updated remotely;

> Read More

Profile of the World’s Top Hackers – How the Game has Changed

My take:

  • New Internet-based technologies bring new opportunities for the bad guys.
  • The growth of the applications we use has gone from dozens to nearly 1,000.
  • The losses are huge, and while the top-line number is disputable, no one can argue that cybercrime losses have reached previously unforeseen levels.
  • Regardless of whose survey you read,

> Read More

Bigger, Nastier Botnets: Now Cheaper to Rent on the Black Market

According to a recent advertisement posted to the user comment areas of multiple blog sites across the Internet, the cost to rent a botnet to launch a Distributed Denial of Service attacks (DDos) has fallen dramatically. One has to wonder if it is the current state of the economy or simply the expansion of the number of available compromised computers available in today’s botnets that are driving down prices.

> Read More

Meet Gumblar – Son of Conficker

Back in 2008, it was reported that a website was compromised once every five seconds to contain web-borne malware. Today, the rate is still increasing, as another website is reportedly now being compromised every 4.5 seconds.

The end game remains the same – downloading and installing malware.  The compromised PC most often becomes a soldier in a spam spewing botnet army or the users credentials are simply stolen with a key logger and the victim quickly becomes a victim of identity theft.

> Read More