Site Sponsor:
Ask the Expert
Search this site
Entries from Realtime Community | Messaging and Web Security tagged with 'Malware'
Researchers Hijack Botnet Gain Insight to Bots and Their Victims
Researchers from the Security Group at the UC Santa Barbara Computer Science department hijacked the Torpig botnet for 10 days. In that time the found what you'd expect (some users are very lax with security) and some things not so...
Trying to Explain Security Threats to SMBs? A Picture is Worth a Thousand Words
I've written many words (more than a thousand for sure) about security and many of them directed to SMBs but I have to admit I wish I had come up with the elegant diagram in GFI's new whitepaper Security Threats:...
OpenDNS, the Anti-Malware System
Michael Horowitz reports in his blog that OpenDNS is inhibiting the spread of the Conficker worm. The success of OpenDNS' move shows how we can use existing infrastructure to combat ever more resilient malware....
Valentine Malware and Spam: Going for Cheap and Sleazy
As sure as spring follows winter, malware and spam sticks to what works and that includes holiday related lures. This year is no different....
Keeping Up with Blended Threats
We have a new article on blended threats in the digital library. Here is a excerpt:...
Malware Trends for 2009
Not surprisingly, the malware landscape is changing and the iPhone is a growing target according to some predictions....
Malware and Cybercrime for All Ages
The suggestion by Gene Hodges that the big sociological driver in malware that we've all missed is that young, reclusive hackers have grown up, gotten married and taken on mortgages. Sure, they've grown up but as Allysa Myers points out,...
Virtualizing the Desktop
Server virtualization is a well established practice. The economic and administrative advantages of virtualization are too compelling to ignore. IBM is betting the same can be said for desktop virtualization....
Where Does Apple Really Stand with Anti-Virus?
CNET reports Apple has pulled a knowledge base article advocating Mac users run anti-virus software. It's a mistake to think even devices running established, well designed operating systems don't need malware protection....
Apple: Run Anti-Virus on Macs
The Mac OS is running on hand held devices to high end desktops so it is no surprise that it is a target for malware developers. Apple has come to the same conclusion....
US Military Network Faced Significant Attack
The Los Angeles Times is reporting that the a recent attack on US military networks was so severe that the president was briefed on the attack....
No, We Aren't Doomed
Everyone with an interest in the state of IT security should read Lenny Zeltser's post at SANS entitled "Are We Doomed", which as the name implies, list reasons we'll continue to be plagued by difficult security challenges but it also...
Anti-Malware Testing Principals and Best Practices
The Anti-Malware Testing Standards Organization has released a set of anti-malware testing principals and best practices....
RSA Research on Nearly Invisible Crimeware
Think the economic news is bad, check out this post from RSA on the long running, highly successful Sinowal Trojan which has stolen up to 300,000 sets of online banking credentials....
Malware's 20th Anniversary
On Sunday, November 2nd, malware turns 20. It was on that day in 1988 that the Morris worm infected about 10% of the Internet at that time....
Turing Good Code into Malware
Blocking malicious software may no longer be enough to keep your computers from being compromised. Researchers have demonstrated how vulnerabilities in legitimate programs can be used to force those programs to compute malicious operations without injecting outside code....
Growing Response to Botnets
Driven by the lure of cybercrime profits, botnets keep getting more resilient and sophisticated. So do the measures to keep them in check....
Android Kill Switch and Shifting Boundaries Between Vendors and Customers
In an earlier post I argued that Google shouldn't be yanking applications off our Android phones but at the same time we need to be cognizant of the potential threats from malware. The more I think about this the more...
Google's Android Kill Switch
How would you feel if you bought a Dell laptop and Dell reserved the right to remove any program from the device that it didn't like? Yea, me too but Google has a different opinion when it comes to the...
YouTube Fakes Push Malware
A kit is now available on the Internet to help build fake YouTube sites which can be used to push malware....
Complexity Can Improve Security
Just over a year ago I discussed whether complexity is the enemy of security. I believed complexity is a significant threat to security. Like so many things in life, there is no simple black and white distinction here....
Increase in Spam Carrying Malware
There has been a 10x increase in the amount of spam that is carrying a malware payload since the early summer....
Compromised Web Sites Target Unpatched Windows
Hackers have collected admin login credentials for over 200,000 Web sites....
Rootkit Exploits Vulnerability in Windows
A post at F-Secure describes an unusual technique for rootkit malware to infect Windows....
Browser Malware Threatens Online Banking
Trojans and keyloggers aren't working just at the operating system level - the browser can now be used to capture banking details....
Think Need for Anti-Virus Over Blown? Think Again
If you believe a story out of Wired today you'd think there is little need for security software other than to feed the marketing beasts at AV companies. They couldn't be more wrong....
Mobile Platforms Becoming More Attractive Targets
Years from now we may look back at today as the tipping point when malware writers got serious about mobile devices....
"Political Sex Scandal" Lure to Spread Malware
Looking for dirt on a presidential candidate? Be careful what you wish for....
Jump in Botnet Problem
What is up with the 4x jump in bots? Check out the graphs at Shadowserver. It has been pointed out that there is no obvious explanation in terms of new malware but like others I suspect it is a combination...
This Summer's Malware Spike
A couple of stories from the Google Enterprise Blog and McAfee Avert Labs indicate attackers are taking advantage of top news stories once again to push malware....
Grim Mid-Year Security Reports
NetworkWorld is getting a jump on IBM Internet Security Systems "Midyear Trend Statistics" due out this week and reporting that the major commercial vendors (Apple, Cisco, IBM, Oracle, and Sun) are joined by open source content management projects Drupal, Joomla...
You Are Being Targeted: Common Ground of Phishers and Polticial Strategists
It was a bit strange reading F-Secure's latest IT Threat Summary and having a feeling that I've heard part of this story before. I had, sort of....
Paternalism Not Needed in Online Banking
So who is responsible for online banking security, especially when a bank offers free to the customer security software? Are we so collectively naive that we would think a single piece of software will secure transactions in spite of other...
Searching for Legal Definition of Spyware
Lawmakers face a problem when trying to come up with better legislation to counter the use of spyware: they have to define it....
Study: Focus on Fundamentals to Prevent Data Loss
A study on data breaches across a range of industries conducted by Verizon Business paints an ugly picture of just how preventable a lot of data loss incidents are....
Undermining Our Own Security Software
Are we at the point with malware countermeasures that no matter how good they are they still can't protect us from ourselves? (Think guns don't kill people, people kill people). How about these statistics:...
Malware, Spam, Pop-ups and The Most Likely Domains to Find Them
McAfee (sponsor of this site) uses data from it's SiteAdvisor service to compile data for it's annual reported called Mapping the Mal Web Revisited. While I think detailed data from SiteAdvisor is generally more useful than aggregate data, its useful...
Mobile Device Security
Mobile devices, and mobile phones, in particular are becoming standard in the extended enterprise. This podcast discusses some key security issues related to mobile phone, particularly malware, access controls, encryption and users' perspectives on mobile device security....
Online Bank Offers Software to Secure Transactions but What About Support?
Installing software is easy. Getting it to work correctly is hard. Keeping it working correctly is even harder. Neither of the last two facts are deterring ING, an online bank, from offering software to create a secure environment for online...
Online Gaming Not So Secure
Online gaming used to be a way to relax and escape real world concerns for a little while. Forget it, some of those concerns, like theft, follow you online now. We've just posted an article in the Message and...
Software's Meta-Vulnerability
Two recent news items are indicative of a meta-vulnerability in software: lack of diversity. The problem with weak keys generated by an OpenSSL library and a recent upswing in SQL injection attacks demonstrate how a single vulnerability in one piece...
Combating Botnets
Methods for countering botnets will increasingly exploit techniques used by botnets themselves. One approach is to disrupt command and control communications between bots; this can be effective but can require tampering with already compromised devices. Other methods improve the resiliency...
Defensive Malware and Ironic Outcomes of Military Research
In the past the military and the space agency NASA have spurred innovation in the public and business sectors with derived benefits from there research - take hand held calculators and the Internet for examples. Now the military is reversing...
Another Improvement to Browser Security
CheckPoint has released a browser virtualization product to add a layer of security to Internet Explorer and Firefox. By blocking access to the registry and file system, the virtualized browser should prevent some malware from gaining a foot hold on...
Latest Messaging and Web Security Article Series Available
The Essentials Series: Messaging and Web Security - Volume III continues the series' focus on managing IT infrastructure and applications in an increasingly complex security environment. The articles are especially geared towards application developers, database administrators, Web architects, andsystems managers,...
Rootkits Pushing into Hardware
A fundamental problem with any malware detection technique is that you need a trusted platform to run your detection techniques. Advances in rootkit techniques make it more and more difficult to trust a device to be able to detect it's...
Gaming Has Place in Business but Watch for Security Risks
The Harvard Business Review isn't afraid to confront conventional business wisdom but when they published an article on the value of online gaming to developing business leadership they raised some eyebrows. What struck me most though, is that I found...
Where to Spend Your Security Budget Part 2: Evaluating Security Options
We've just posted another article on security budgeting and getting the most value for your money when it comes to choosing a combination of security measures. Here is an excerpt: We all want to maximize the benefits of our security...
Concern About Counterfeit Hardware Grows
Take a walk down Canal St. in New York City and you won't get a few feet before being offered Gucci, Prada and Channel handbags or DVDs with just released to theaters hit movies. Of course these are rip off...
Yahoo-McAfee Search Deal Indicates Shape of Things to Come
The Yahoo-Microsoft deal fell through but Yahoo is back in the news after making a deal with McAfee (site sponsor) to include warnings about sites infected with malware. This is important for several reasons, the most obvious, and least important,...
Super Strength Threats & Resilient Malware
Malware like Storm is highly adaptive and resilient. Combating and controlling the latest forms of malware will take new techniques. This podcast examines the characteristics of super strength threats, looks at the Storm botnet as an example, and discusses new...
To Kill A Botnet
What if the good guys could take control of a botnet, should they? Thats the question discussed over the last couple of days after researchers have described how they discovered how to control a well know, large botnet. The answer...
Honor Among Thieves & Botnet Herders
A bit of irony for the morning, complements of malware developers who are trying to protect their intellectual property. This story comes from the AP and ran in the LA Times:...
Ignorance Isn't Bliss When It Comes to Malware
It must be the season for for ideas that are so wrong headed that believing two or more puts you into the category of above average chance of winning a Darwin Award. I'll leave the latest round of whacko, X-Files...
Localized Malware
We've just posted a new article on localized malware. Researchers are finding more region and culture-specific malware; here's an excerpt:...
A New Kind of Defense:Tapping Malware Vulnerabilities
It's almost axiomatic that all complex software has vulnerabilities and that means malware has them too. The silver lining here is that some security researchers are using vulnerabilities in malware to give attackers "a taste of their own medicine"....
Power Grid Hacked; Better Network Architecture Needed
Penetration-testing consultant Ira Winkler described how he and a team of security professionals compromised a power company's network enough to gain control of production and distribution systems. A combination of a social engineering attack (" ... click here or your...
Largest Botnet Gains Foothold in Fortune 500
A botnet possibly twice the size of Storm is not just a consumer PC user problem. 50 of the Fortune 500 have been compromised according to Dark Reading:...
Malware Used to Steal Credit Card Data From Hannaford
Malware was used to steal credit card data from the PCI compliant grocery store chain, Hannaford. This could turn into the TJX story of the year, not because of the size (TJX lost about 10x as many records) but because...
Controlling Spyware: Tips and Techniques
Spyware and other potentially unwanted programs can lead to data loss, poor system performance and increased service desk costs. This podcasts describes the various forms of spyware, the threats they pose, and methods for protecting users from impact of spyware...
Firefox 3 Ready for General Use
Better security is available from Mozilla in the latest version of Firefox Beta 3. The beta, available at http://www.mozilla.com/en-US/firefox/all-beta.html. Check compatibility of your favorite add-ons though, a couple of my regulars can't be used with Firefox 3 yet....
Detecting Automatically Registered Domains
Bots are now being used to register domains giving attackers more options for pushing malware and launching phishing attacks. Fortunately, some basic text analysis techniques seem to the key to detecting when a machine registers a domain instead of a...
Free Web 2.0 Sites Used to Push Porn
Online porn can be a money maker if you can get the traffic to sites and it looks like some are turning to Google Groups to help drive customers. InformationWeek is reporting that porn spammers compromised Google's services possibly bypassing...
Spam Bots Concentrating but Anti-Bot Options Increasing
Bots have become a main tool of cybercrime for generating spam, launching denial of service attacks, and stealing information. A couple of stories out recently look at the role of bots in spamming and the emergence of new anti-bot technologies....
Trends in Malware
Malware is becoming more resilient, in part, because of increasingly sophisticated infrastructure for distributing and controlling malware. This podcasts looks at these themes especially with regard to distribution mechanisms for malware, techniques for protecting compromised devices like fast flux, the...
Flash Used to Push Malware
Virus Bulletin reported in January and February about instances of Flash ads used to push malware....
Mac Bot Missed by Anit-Virus Detection
SANS is reporting on a newly analyzed IRC bot that has been compiled for Mac OS, FreeBSD and Linux. The fact that such bots run on these platform isn't news, but the rate at which is was detected is interesting:...
Fortune 500 FTP Credential for Sale
Cybercrime is making sales on line and credentials to ftp sites is one of the latest discovered offerings. Finjan reports in ther Malicious Page of the Month report that 8700 ftp credentials of corporations and government agencies are available through...
Mac OS: Emerging Target for Malware
With the widespread adoption of iPhones and, to a lesser degree the iTouch, the Mac OS is likely to become a more appealing target for malware developers, phishers and identity thieves. In this podcast, we discuss the Mac platforms vulnerability...
How to Run Your Security Program Into the Ground
I enjoy true stories that leaves me feeling "there is no way anyone could be making this up." A case in point is a story in ComputerWorld's Shark Tank about a CIO who has a problem listening to staff about...
Reports Show Threats from Cybercrime and Insiders
According to two reports, both cybercrime and self-inflicted security incidents were up last year. The IBM X-Force report shows camouflaging techniques are now used almost 100% of the time by malware attackers, and the Storm worm typifies the problems tracked...
Mac Platforms Growth Area for Malware
You can grow a business by increasing your share of a market or you can expand the market itself. The latter is the choice of cybercriminals poised to make money off the Apple Mac platforms. The growing popularity of Macs,...
Cybercrime Economy
Cybercrime is a business and this podcast shows just how business like it is . The talk starts with an overview of the characteristics of cybercrime networks that parallel features of the business world and then provides examples. The podcast...
FBI Busts Identity Theft Botnet
The Internet Business Law Service is reporting the FBI has used federal wiretapping laws to breakup a botnet ring. A 26 year old Los Angeles resident pleaded to four felony counts: accessing protected computers to conduct fraud, disclosing illegally intercepted...
Société Générale, Predictability and Overlapping Countermeasures
The $7 billion fraud at the Société Générale has to have a lot of bankers and trading managers wondering if something like that could happen to them. A couple of writers have pointed out that predictability is a key weakness...
Randomness Might Improve Security but Layered Protection is Better Bet
Andreas Antonopoulos raises a challenge for anti-virus vendors in a recent article at Network World when he points out the malware writers can test their software against AV programs before deploying them in the wild. He notes that a little...
Blogs Set Up to Push Malware
Ken Steinberg of Savant Protection has discovered attackers are using script generated blogs to push malware. Dark Reading reports the story of how malware pushers are shifting from just using posts to actually hosting entire blogs. The blogs are littered...
Thinking Outside the Legal Box
How is this for creative thinking, when you can't charge someone with distributing malware try hitting them with a copyright infringement. That just happened in Japan where three men confessed to deploying a Trojan that wipes out MP3 and movie...
The Drive-by Download Menace
Security researchers are finding more malware pushed from Web sites, including trusted sites that have been compromised. Both Sophos and Websense have reported increased activity on this front; for more on the Websense report, see yesterday's post, When Bad Things...
Anti-Forensic Techniques used in Newly Discovered Trojan
Finjan has reported an exploit called "random js toolkit" which dynamically generates random versions of its malware to avoid signature base detection. Unlike polymorphic viruses that mutate and spread from infected host to uninfected host, this malware is served from...
Firefox 3 Brings More Security Features
Firefox 3 is in beta 2 now and with the new release comes some welcome features, like better protection against some forms of cross site data leaks, easier access to SSL certificate details, and anti-malware protection (via blacklists). Support for...
Spreading Spyware: It's a Living
Spyware and adware peddling can be profitable. Take the case of the three Dutch firms fined 1 million euros for there part in a adware distribution scheme. The Register reports: In 2005, the two unnamed businessmen distributed software called DollarRevenue...
Sophisticated Attack on Nuke Lab - Spam and Phishing Lures Still Malware Threat
The browser is a prime method for distributing malware, especially through drive by downloads from compromised sites. This doesn't mean email is no longer a problem as a couple of stories make clear. The first is from the New York...
SANS Updates Top 20 Vulnerabilities List
The latest update to the SANS Top 20 List includes the usual suspects of client application vulnerabilities, browser vulnerabilities, and poor policies and/or enforcement. The list seems to have something for everyone. While operating systems are less vulnerable to worms...
Search Engines Used to Push Traffic to Malware Sites
SunbeltBlog is reporting a sizable operation to spread malware by luring search engine visitor to sites hosting malware. Sunbelt has a list of 12 pages of search terms (.pdf) that can lead to malware hosting sites. The sites uses fake...
Easy iPhone Hack Demonstrated
Smartphones are computing devices with vulnerabilities like any other computing devices. But in case anyone still thinks the Apple iPhone is some how different in that regard, check out a video by Rik Farrow a Unix security professional. He used...
McAfee Foresees Growing Threat from Botnets and Vulnerable Web Services
McAfee is looking to the recent past and predicting that two of the biggest problems we'll face in the next year are more resilient and dangerous botnets and more attacks on Web sites. vnunet.com notes: Many of the threats to...
Gaming Platforms Used for Mainstream Computing, Target for Malware
I just had a conversation over lunch with some colleagues about the computing power in gaming consoles and how gaming is driving what used to be called supercomputing. Take , for example, the astrophysicist who replaced a supercomputer with a...
Google Android Phones in the Workplace
Ben Worthen raises good points in his post at the Wall Street Journal on why the Google phone is "A Business-Tech Nightmare Waiting to Happen." The basic gist is: Here’s the first thing that will happen when a phone with...
Storm Tries to Spread with Halloween Hoax
It wouldn't be Halloween without some holiday spam and malware. Someone is trying to spread the Storm worm with the promise of a dancing skeleton. According to NetworkWorld: The latest Storm-backed spam campaign invites e-mail recipients to visit a Halloween-themed...
Botnets Meet Ocean's Eleven: Scamming Online Gambling
A little imagination can go a long way if you have a botnet at your disposal. A Fortnet report describes several ways botnet herders can cheat online gambling services as well as launder money taken from stolen credit cards or...
This Week in Spam: Good News and Bad News
The Register is running a story today And now for something completely different: Good news on spam because there has been a drop in stock pumping spam: In the ever-escalating world of cyber insecurity, it's rare to find good news....
NSA Malware Goes Undetected in Test for 0-Day Test Platform
The Register is reporting the U.S. National Security Agency (NSA) is now publicly working with at least one network testing vendor to develop a 0-day test platform. The test used small sample sizes but the quality of code difference...
Using Business Impact to Categorize Malware
Business analysts constantly analyze multidimensional data, like how many units were sold by product, by time, by geography, etc. Why not have multiple categories for malware? Researchers from Trend Micro are on to something with their proposal to use business...
Internet Security Threat Report Now Tracks Fortune 100
Symantec has released their twelfth Internet Security Threat Report for the first half of 2007 and for the first time they are tracking malicious activity originating in Fortune 100 companies. The report finds that although the Fortune 100 companies account...
Storm Worm Responsible for Spam Spike
MessageLabs analyzed patterns in Strom work activity and discovered a spike in spam two days later according to The Register. The worm is propagating rapidly in part because it the developers use techniques to change the code every half-hour to...
Skype Worm Hits Windows
No sooner did I download the Skype client for my new laptop this morning than I see a new worm is out menacing Skype users. The attack requires a user to click a link to download the malicious file so...
5 New Anti-Phishing Techniques
Controlling phishing with spam filtering and user awareness are effective to some degree but other technologies and techniques promise to improve on these. In this podcast, we discuss trusted paths, 2-factor authentication, password hashing, transaction analysis and anti-phishing toolbars. For...
Botnet Targets Ebay Accounts
Botnets are moving beyond plain old spam and phishing attacks to launch brute force attacks on popular sites. InBotnet Attack Sinks Its Fangs into eBay Accounts, eWeek reports on a new distributed attack that is more sophisticated than we've seen...
Phishing and Countermeasures Part 1 - A Comprehensive Resource
I've just started Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft edited by Markus Jakobsson and Steven Myers, and so far there is every indication it will be a solid resource. For starters, Jakobsson and Myers edit...
Feed Subscription
If you use an RSS reader, you can subscribe to a feed of all future entries tagged 'Malware'. [What is this?]
