“Malware attacks are worming their way into enterprises via USB devices.
According to Pandalabs there has been a marked increase in the use of USB devices in offices, which correlates with an increase in malware attacks that exploit them.
Pandalabs conducted a survey among small and medium sized businesses in the UK, Latin America and North America, which revealed that almost half of all businesses had been infected by a worm in the last year, with a third of these spreading via USB devices.”
From the Inquirer
Posts tagged “Malware”
“DUBAI: India features among the countries where malware spam, or anything that comes with a virus or Trojan attachment urging you to visit an infected website, is the most popular, a new report has said.
According to the McAfee Threats Report, which was simultaneously released here, Colombia, South Korea, Russia and Vietnam are the other countries in this category.
Argentina had the most variety in spam, with 16 different topic areas, ranging from drugs to lonely women to diplomas. Italy came in with the least variety, with just six types of spam, it said.
The report uncovered that malware has reached its highest levels, making the first six months of 2010 the most active half-year ever for total malware production.”
From The Economic Times
“McAfee Inc., the No. 2 security software maker, said production of software code known as malware, which can harm computers and steal user passwords, reached a new high in the first six months of 2010.
“We do not want to overstate this threat. But it serves as a reminder that in this age of cybercrime, data theft and identity theft users of all operating systems and devices must take precautions,” McAfee said.”
From The Globe and Mail
Villeneuve points out that McAfee has been most vocal about how the hackers accessed their victims’ networks, moved between servers and planted hidden software. Damballa, meanwhile, says it has focused on the spyware samples themselves and the so-called “command and control” servers that the software communicated with to receive orders and steal data.
“When these researchers argue about whether the hackers are sophisticated or not sophisticated, they’re looking at different pieces of the puzzle,” says Villeneuve. “The truth is that no one’s providing enough detail to make any kind of complete comparison or analysis possible.”
The data about Aurora has always felt just a little off for me. Maybe its that everyone writing about it just has their own piece of the puzzle to analyse, without the detail required to accurately link the pieces together.
When it comes to the command and control infrastructure, maybe it’s that some obfuscated the domain names while others published them, but with a domain on the blog post that’s not in technical write up. Maybe it is that some have significantly bigger lists than others (that include duplicates as well as the root domain for a dynamic dns provider that hands out sub-domains).
From Nart Villeneuve
A Canadian company has helped dismantle a massive computer-infiltration ring that infected more than 15 million computers around the world – including systems within Canadian banks and the federal government.
Spanish police have arrested three people charged with running a botnet – a program that infects and partly takes over victims’ computers – that spanned some 190 countries. Not only is the botnet (named Mariposa, Spanish for butterfly) one of the largest of its kind, the software’s operators appeared to target government and corporate computers, stealing huge amounts of sensitive data.
From The Globe and Mail
/The biggest threat to the open internet is not Chinese government hackers or greedy anti-net-neutrality ISPs, it’s Michael McConnell, the former director of national intelligence.
McConnell’s not dangerous because he knows anything about SQL injection hacks, but because he knows about social engineering. He’s the nice-seeming guy who’s willing and able to use fear-mongering to manipulate the federal bureaucracy for his own ends, while coming off like a straight shooter to those who are not in the know.
Targeted attacks, known as “spear phishing,” are increasingly exploiting government and military themes in order to compromise defense contractors in the Unites States.  In 2009, the Washington Post reported that unknown attackers were able to break into a defense contractor and steal documents pertaining to the Joint Strike Fighter being developed by Lockheed Martin Corp.  Google was compromised in January 2010 along with other hi-tech companies and defense contractors.  The problem is becoming increasingly severe.  In fact, the Department of Defense recently released a memo with plans to protect unclassified information passing through the networks of various contractors.  The memo recognizes the severity of the ongoing threat and seeks to:
Establish a comprehensive approach for protecting unclassified DoD information transiting or residing on unclassified DIB information systems and networks by incorporating the use of intelligence, operations, policies, standards, information sharing, expert advice and assistance, incident response, reporting procedures, and cyber intrusion damage assessment solutions to address a cyber advanced persistent threat. 
From Nart Villeneuve
Nart Villeneuve (Senior Psiphon Fellow, Chief Research Officer at SecDev, and former Director of Technical Research at Citizen Lab), was featured in a Reuters news article regarding the market for malware hackers in China. The article focusses on the role of hackers in China’s malware attack on Google that prompted Google’s decision to re-think its… Read more »
Joe Stewart, a security specialist with SecureWorks in the US, told the New York Times that he had analysed the software used to attack Google, and found that the main program used by the hackers contained a module based on an algorithm that appeared in a Chinese technical document that has been published exclusively on… Read more »