Friday, 9 April 2010

Spotlighting the Botnet Business Model

Source: TrendLabs Malware Blog

Trend Labs has a short but informative article (including a diagram) on the interaction between different strains of malware. Some act as installers for others, and there is a pay-per-install economy between different malware distributors, the details of which this article elucidates.

Wednesday, 10 March 2010

Cyber Crooks Leave Traditional Bank Robbers in the Dust

Source: Krebs on Security

Brian Krebs has done some comparisons between traditional armed bank hold-ups and cybercriminal account siphoning, based on FBI reports of bank robberies and cybercrime statistics revealed at the recent RSA conference. His conclusion: that cybercriminals are currently taking more than twice as much money as traditional armed robbery in the same time period in the USA.

Thursday, 4 March 2010

Spanish police arrest masterminds of 'massive' botnet

Source: BBC News

Three Spanish men aged from 25 to 31 have been arrested for their alleged part in running the "Mariposa" botnet -- a network of nearly 13 million compromised computers, including machines inside more than half of the Fortune 1000 companies and 40 major banks. The botmasters are not sophisticated security experts, but rather built the botnet using third party black-hat tools.

See also coverage at The Register.

Monday, 1 March 2010

Targeting scams: Report of the ACCC on scam activity 2009

Source: Australian Competition & Consumer Commission

The ACCC today released its 2009 report on scam activity. This gives an overview of 2009, plus more detailed information on trends, steps taken to educate the public, and law enforcement or disruption actions taken against scammers. The report is available for download as a PDF.

Tuesday, 23 February 2010

BLADE: Hacking Away at Drive-By Downloads

Source: Krebs on Security

Brian Krebs has a short piece on upcoming technology called BLADE, designed to specifically address the problem of drive-by downloads. The article includes some interesting data (in pie charts) on the kinds of things most widely exploited, and the most prevalent exploit kits.

Thursday, 4 February 2010

Climate Crime: Phishing Scam Cripples European Emissions Trading

Source: SPIEGEL ONLINE

Phishers have found a new target in their unending quest for a quick buck: greenhouse gas emissions allowances. I will refrain from further comment on the matter.

Researchers penetrate last bastion of Windows security

Source: The Register

Researchers have found an effective technique called "JIT-spray" to work around the protections offered by ASLR (address space layout randomisation) and DEP (data execution prevention), which give Windows Vista and 7 greater protection against malware than was offered by earlier versions. This is significant, because it means a range of known vulnerabilities which were specific to Windows XP are now likely to work against Windows Vista and 7 machines.

Report Details Hacks Targeting Google, Others

Source: Threat Level

Threat Level is running an interesting article on Advanced Persistent Threats (APT): targeted network attacks of the sort which Google disclosed recently. These stand in contrast to the rather more opportunistic threats posed by general malware and botnets. APT attackers intend to infiltrate a specific network and establish a foothold there, granting them unlimited access to documents and data hosted on the network. The practice is startlingly common, with a disproportionately large number of victims among companies which have dealings in or with China.

Thursday, 14 January 2010

Google Hackers Targeted Source Code of More Than 30 Companies

Source: Threat Level

The big news today is the word from Google that its security has been breached by an attack launched from Chinese IP space. Furthermore, the attackers showed a particular interest in the Gmail accounts of human rights activists. Google also reports that many other companies were also targeted in this attack, which used malicious PDFs to compromise systems. The Threat Level story linked here has one of the better write-ups about the incident.