You might have been browsing on the web or doing something else while you where logged into msn and out of nowhere you received a strange message from one of your contact lists containing a strange URL, such as http://your_email.partytimez.info or some kind of zip file. Some of us being unsuspicious might have clicked on it and that’s what in the first placed begun the spreading of the malicious spam.
Archive for the ‘Uncategorized’ Category
MSN Viruses
Tuesday, March 23rd, 2010All your smartphones are belong to us
Wednesday, March 17th, 2010A pair of researchers in RSA 2010 security conference have demonstrated the feasibility of building a botnet using smartphones such as the iPhone or Android-like devices.
Derek Brown and Daniel Tijerina, security researchers with TippingPoint’s Digital Vaccine Group, presented their findings from a research project called MOBOTS: Pocketful of Pwnage, which was designed to show how easy it would be to create a large mobile botnet. (more…)
Fault-Based Attack of RSA Authentication
Sunday, March 7th, 2010A vulnerability discovered in the openSSL library could compromise the secrecy of a device’s cryptographic key.
Scientists, from the University of Michigan’s electrical engineering and computer science departments have found a way to extract the private SSL key from a device by creating fluctuations in the power supply and reading the output whilst the device was encrypting data using the private key.
Mariposa Botnet is No More
Saturday, March 6th, 2010Spanish law-enforcement agencies have recently shut down a 12M PC botnet, codenamed Mariposa (spanish for “butterfly”), distributed in more than 190 countries. Considering a typical size of such a malicious coalition at around 5K members, one may put into perspective how much of a security risk a network of millions of infected PCs really is. (more…)
Zeus botnet’s C&C through Amazon EC2
Thursday, December 17th, 2009A variant of the Zeus bot (Zbot) was found using Amazon’s Elastic Computer Cloud (EC2) infrastructure for Command&Control commands to infected machines.
Zbot is a password-stealing software, logs financial data and sends them to the botnet. Last year more than 100M US fraud was linked with Zeus malware variants. It was also held responsible for the “destruction” of 100.000 infected computers by deleting registry key data, making them inoperable. Zeus botnet is estimated to consist of millions of infected computers around the world.
Shodan, a tool or a threat?
Thursday, December 17th, 2009Last month a new search engine appeared, called Shodan. It is a Computer Search Engine, available for free in public, allowing search for routers, servers, computers or any device that opens a port. It is based on a simple idea: Port scan, grab headers and index the results. Quoting Shodan’s quick guide, “SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. Let me know which services interest you the most and I’ll prioritize them in my scanning”.
Collaboration is the future in SPAM fighting
Thursday, December 10th, 2009The combined efforts of anti-spam products outperform any individual products alone, according to an experiment by Virus Bulletin, the independent security certification organisation.
In a comparative test, almost 200,000 sample emails were sent to 14 different anti-spam products that were required to filter out spam messages from legitimate smails (ham). The test found that no legitimate mail was blocked by more than four products.
Microsoft delivers Azure Cloud
Thursday, December 10th, 2009Microsoft is fiddling around with the launch dates of the highly anticipated Windows Azure while showing off the cloud service’s latest advances.
The company said on Tuesday that Azure, unveiled in October 2008, would continue as a Community Technology Preview (CTP) through to the end of this year.
A typo can get you infected
Thursday, December 10th, 2009According to McAfee and their third annual “Mapping the Mal Web” report, more than a third of Cameroon domains (TLD of .cm) are infested with viruses or other types of malicious software (malware) and scams. Given that it’s very easy to mis-type .com as .cm, this presents as an opportunity to attackers and a headache for Internet users. Second place on the most-infested domains list goes to China (.cn), while Hong Kong (last year’s ‘winner’) is now far from the top.
