polonus
221
Hi bob3160,
At the outset of such a policy then, aren’t they thinking about the consequences? This is almost infantile behavior or just started on an impulse. But you can almost know for sure an issue like this will seriously backfire later, why then start it in the first place.? Unbelievable, the world is a surrealistic place sometimes,
polonus
system
222
Comodo and Chromium now blocks major sites with poor certification.
Chromium browser remixed as a security dragon
Source: The Download Blog
polonus
223
Hi malware fighters,
Every day spammers will send two hundred billion spam messages, mainly through botnets. From numbers provided by M86 security 78% of all spam messages are coming from the top 5 botnets. The top two are Rustock and Pushdo botnets, together serving up 54% of total spam.
The number of malicious spam messages, email with a malicious attachment or with a link to a drive-by-download website, grew to three million a day. That means fivefold the number of the 600 million number seen during the first half of the year 2009. “It is important to make out the main spam mailers, so the industry can take action”, according to Technical Strategy vice president Bradley Anstis.
Zero-day
The security researcher discovered in the second half of last year that 40% of attacks worked through zero-day security leaks. “One of the biggest problems with zero-days is the time developing between discovery and in the wild abuse and the launch of a patch by the software vendor.”
This so-called “Window of Vulnerability” is getting smaller and smaller all the time, but even when a patch has been issued, users are slow to implement it. Take for instance the so-called MDAC-hole, patched during 2006, and still very popular with malcreants,
polonus
system
224
system
225
Ads poisoning – JS:Prontexi
Directly from an Avast! blog entry…
The malware usually spreads through web infection placed on innocent, badly secured websites. The ad infiltration method is growing in popularity alongside with the website infections. Now we are facing probably the biggest ad poisoning ever made – all important ad services are affected. It means that computers might get infected just by reading your favorite newspaper or by doing search on famous web indexers. We named the source of this attack JS:Prontexi – JavaScript code which initiates infection on victims computer using various vulnerabilities including latest PDF exploits.
Pondus
226
Pondus
227
Conficker is alive and well…
Another NHS hospital stricken with Conficker virus
http://www.theregister.co.uk/2010/02/18/conficker_nhs/
Kneber: An Old Botnet Dressed Up in New Clothes
http://www.pcmag.com/article2/0,2817,2360032,00.asp
Google attacks traced back to Chinese schools
http://www.v3.co.uk/v3/news/2258188/google-attacks-traced-back
mkis
228
bob3160
229
system
230
mkis
231
Not to downplay the Kneber botnet threat in any way.
http://www.sophos.com/blogs/gc/g/2010/02/19/zeus-kneber-botnet-unmasked/
http://www.krebsonsecurity.com/2010/02/zeus-a-virus-known-as-botnet/
Perhaps underlines even more - never go to the internet without adequate protection against malware. The botnets are families that will continue to grow and mutate and grow and on and on and on…
polonus
232
Hi mkis,
Part of a solution to the growing problem: http://www.malwaredomains.com/wordpress/?p=671
polonus
mkis
233
Thanks Pol.
I’ve bookmarked the site for my personal reference - ideally placed link for security warnings and notices.
I also found the following under Defense in Depth: IP and Netblock Blocking (in right-hand column)
- anecdotal example but revealing story I thought
http://blog.washingtonpost.com/securityfix/2007/10/taking_on_the_russian_business.html
What a dilemma, I would expect the option to block would be first choice but I suppose they didn’t want to lose the business - and then things got out of hand. I wonder how common such situations are in the US.
system
234
Why not use the latest?
aurora, zeus, phishing, pushdo,rogue domains to block
http://www.malwaredomains.com/wordpress/?p=851
Archives
■ February 2010 (9)
http://www.malwaredomains.com/wordpress/?m=201002
mkis
235
Thanks YoKenny. You always are up to date, aren’t you? I guess Polonus was just posting an instance.
Here is my bookmark http://www.malwaredomains.com/wordpress/
polonus
236
Polonus here with a European threat, because of the regulations that made MS come up with an aternative browser screen, which initiative can be grossly abused by malcreants:
http://www.sophos.com/blogs/gc/g/2010/02/19/european-internet-explorer-users-invited-choose-browser/
D
Just made a topic about this, but thought I would post here too anyway.
Modern Warfare 2 servers hacked, Trojan’s inserted.
http://www.infinityward.com/forum/viewtopic.php?f=24&t=181646
Oh, now thats just plain evil grr.
bob3160
238
I do worry, however, whether cybercriminals might attempt to take advantage of this initiative by creating bogus browser choice screens that could pop up on innocent users' PCs and potentially lead them to a malicious download.
Polonus,
[b]It's not a current threat[/b], it's a blog post and someones opinion of a possibility of a potential problem.
polonus
239
Hi bob3160,
If a benevolent blogger can think this up, why cannot a malcreant? There are also smart cyber criminals, you know. The man in the nicest suit often has the… eh… most evil mind, often that is…So threats come from where you least expect them. f you want to keep them at bay, prepare yourself,
polonus
polonus
240
Hi malware fighters,
A so-called “Chuck Norris”(name mentioned inside the malware code) botnet cracks routers and modems: http://praguemonitor.com/2010/02/16/czech-experts-uncover-global-virus-network
Czech Defense Malware Researchers found the botnet and servers in South-America, Europe and China.
A good advice to you all - change that modem or router standard password to be protected, according to Jan Vykopal of the Masaryk University
polonus
