Tag Archives: press

Supreme court, freedom of speech and internet filtering

Posted on by
Reply

It was bound to happen. It didn’t work in Third World countries, attempts to do it in Western civilization failed one by one, and now it is proven again that you can’t really prohibit people by law from viewing certain content on the internet. What I’m talking about is this: The Supreme Court rejected child anti-porn law that was going on for more than 10 years. Basically, the interesting tidbits from this piece of news is that filtering can only be applied on businesses , where a company has control over what it is allowing people to view, and certain educational facilities (although that is proving to be more difficult as the article suggests). Don’t even think about enforcing service provider mandated filtering!

Another thing to note is how the rules and legislation are facing the harsh reality that technology changes over time, and laws really can’t catch up. Until we’ll see more cooperation happening on the cross-border legislative front (from law enforcement working more closely with each other, to more synchronized legislation across countries), the difficulty of defining jurisdiction and borders over the internet is not going to go away. In a hope that 2009 will make some headway on these issues, since we have seen that 2008 proved to be heaven for eCrime because of these difficulties (see our annual threat report for more info).

Conficker continues its rounds. Hits 9 million mark

Posted on by
Reply

It is funny how security works, isn’t it? When you think you got rid of the old-school (aka “stupid”) threats, reality hits you right back. Confiker/Downadup is a simple worm;  it exploits a Microsoft Windows vulnerability, that can only be utilized over a local network as it uses the SMB protocol, and uses an initial infection vector of running an “autorun” on removable media (usually USB drives).

Why is it so annoying? Well, getting to 9 million infected machines (as per external reports) is pretty impressive for such a classic infection vector (considering that there is no communication attack vector at all – no internet needed, no email attachment…). I thought that these infections were mostly in large companies that fail to properly patch their systems. Reality check again; as I’m speaking in a security sales summit, and working with the local hotel Business Center, I hand over my USB stick for them to print a PDF, and get it back with… you guessed it. Confiker.

Funny at first, but sad when you realize the amount of non-technical debugger-less users that plug the thing back in and have autorun immediately infect their system.

Social networking strikes again

Posted on by
Reply

A lot of write-ups have been covering this, so here are a few from InformationWeek, Dancho, SCMagazine and McAfee.

Besides saying the ever satisfying “told you so”, nothing much to add here. More bogus profiles enticing users to connect to them, look at the content, and catch the same old nastiness – only packaged in another format. Just remember that social networks, just like in real life, can be a great playground for eCriminals – this is just the tip of the iceberg. What would have happened if you were to see the profile of a person you actually know on LinkedIn (or any other network for that matter), and click on a link from it that is actually malicious? That would be much more effective, and not that far-fetched wouldn’t it?

Hosting provider crackdown?

Posted on by
2

Recently, there has been a lot of focus from the security research community on a hosting provider named McColo corporation (out of San Jose, CA). Reports on spam, phishing and connections to Malweb distribution amongst other have been accumulating (including our own malicious server analysis which has been spotted to be administered from a McColo address).

It seems like the combination of law enforcement investigations with a recent story by the Washington Post have made their mark and McColo IP addresses have gone silent since yesterday. We’ll be looking forward to additional coverage on this in the coming days, as we are finalizing our own threat report on the eCrime server that has been analyzed, and on which we found the 200,000 compromised FTP credentials.

Obama Leads in US Presidential Election Poll – the eCrime Way

Posted on by
2

And the leader according to the highly non-scientific research done using Google for a specific attack vector is: Barack Obama. Obama related sites have managed to get infected in such a way that they attack their visitors in 364 separate instances, while McCain is right behind with 230 instances.

obama1

obama2

As always, and as we have reported in the past, those behind eCrime are watching the news as diligently as the rest of us and are “affected” by current affairs in terms of the ways they tune their attack vector to achieve maximum exposure to their target market. The financial situation, jobs, housing, and now the US elections are causing a shift in the context of the sites targeted to carry malicious code and perform web attacks in order to gain as many “eyeballs” as possible.

Now, given that this example is just the tip of the iceberg, and only gives a general idea on one specific attack vector, the conclusion is pretty obvious in terms of the global magnitude of having relevant sites infected with Malweb. Do the math, Google’s own tools enable some pretty insightful data into the search trends (and thus the chances that a site that comes up in one of the first 100 results of such search terms) both for sociological and technological studies, as well as for eCrime market reach optimization.

obama-mccain

(Image showing Google’s trends search volume for the phrases “john mccain” and “barack obama”)

Now that’s why security research is a little more than just playing cat-and-mouse with a technological attack or a new vulnerability. Security research is also the understanding of how the motive and MO of the attackers work in order to be prepared for the next wave and the next technological advancements.