Thursday, October 2nd, 2008
Even routinely clean antivirus scans can’t hide the dirty little secret more enterprises are facing today: Some of their client machines are members of botnets.
That’s why Matt Sergeant, senior anti-spam technologist for MessageLabs Ltd. , hopes to educate some large organizations and ISPs on how to detect and clean up ...
Posted in Internet, Networking, Privacy, Security | No Comments
Saturday, September 6th, 2008
Researchers have created a proof-of-concept application for Facebook that turned the machines of people who added the app to their Facebook page into a botnet that launched denial-of-service attacks on a victim server in a demonstration.
"Social Network Web sites have the ideal properties to become attack platforms," according to a ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, August 26th, 2008
Criticize the people behind the Asprox botnet, and they take it personal—so much so that they will bombard you with malware, according to a report by SecureWorks.
The botnet, now at least 50,000-strong with bots, is sending out phishing e-mails posing as messages from banks in the United States and United ...
Posted in Internet, Privacy, Security | No Comments
Wednesday, August 13th, 2008
There are confirmed reports on a new version of the Gpcode ransomware being spread via a botnet.According to Vitaly Kamluk of Kaspersky Lab (my employer), the Trojan encrypts files on an infected machine (AES-256) and leaves a text file named crypted.txt with a ransom note demanding $10 to decrypt the ...
Posted in General BS, Internet, Networking, Privacy, Security, Windows | No Comments
Wednesday, August 6th, 2008
The researcher who first discovered a motherlode of stolen enterprise user names and passwords in June has found that nearly 9,000 of them are bank and credit-card account credentials from around the world that were grabbed by an old but crafty botnet. And it turns out the initial 50 gigabytes' ...
Posted in Internet, Networking, Privacy, Security | No Comments
Wednesday, July 30th, 2008
It’s déjà vu all over again. Whitelisting technology has enjoyed a resurgence of interest lately, with antivirus companies such as Symantec, McAfee, and Microsoft planning to add it to their blacklisting-based malware detection tools and some enterprises even dropping AV altogether in favor of whitelisting alone. All thanks to the ...
Posted in Internet, Privacy, Security, Software | No Comments
Monday, July 21st, 2008
Sysadmins have begun noticing a coordinated attack on servers with open SSH ports that tries to stay under the radar by only attempting to guess a password three times from any compromised machine. Instead of mounting an attack form a single compromised host, hackers have worked out a means to ...
Posted in Internet, Linux, Privacy, Security | No Comments
Friday, July 18th, 2008
The problem with hunting for malware is that most currently available analysis tools tip off the attacker that you're doing it. But at next month's Black Hat conference, a researcher will release a tool that is harder to detect -- and harder to avoid -- than the malware analyzers currently ...
Posted in Internet, Privacy, Security, Software | No Comments
Friday, July 18th, 2008
Clever mnemonics aside, last week we have seen another large scale SQL injection attack (or YAMSIA, if you prefer), this time being orchestrated by a botnet that has become known as Asprox—but first, a history lesson.
The code behind the Asprox botnet seems to have been around for quite some time ...
Posted in Internet, Privacy, Security | No Comments
Thursday, July 17th, 2008
Storm, Srizbi, and... Microsoft? Microsoft’s Office application security team actually runs its own internal botnet, which, among other things, “fuzzes” for vulnerabilities in Office applications.
Microsoft’s botnet isn’t anywhere near the size of Srizbi (over 300,000 bots at last count) nor any of the other mega-botnets -- it’s just a couple ...
Posted in Internet, Privacy, Security, Windows | No Comments
