Tag Archive for 2010

| January 21, 2010
Comments Off on SPAM Decline?

SPAM Decline?

SPAM Decline? PC World chronicles how analysts at the California-based security company FireEye executed a plan to shut down the Mega-D botnet in early November 2009. At one point the Mega-D botnet reportedly accounted for 32 percent of all spam. In order to shut down this threat, Afit Mushtaq and two FireEye colleagues went after Mega-D’s command infrastructure.

According to the article, the botnet’s command infrastructure was its weak point. The Mega-D malware infecting PCs was directed from online command and control (C&C) servers throughout the world. If the bots could be separated from their controllers, the researchers found that the undirected bots would sit idle on the PC’s not delivering their malware. Mushtaq found that every Mega-D bot had been assigned a list of other destinations to try if it couldn’t reach its primary command server. So taking down Mega-D would need a carefully coordinated attack.

To set up the coordinated attack the FireEye team first contacted Internet Service Providers (ISP’s) that hosted Mega-D control servers. Mushtaq’s research showed that most of the Mega-D C&C servers were based in the United States, with one in Turkey and another in Israel. The FireEye team received cooperation for the U.S.-based IPS’s but not the overseas ISPs. The Mushtaq team took down the U.S.-based C&C servers.

Since the ISP’s in Israel and Turkey refused to cooperate, PC World reports that Mushtaq and company contacted domain-name registrars holding records for the domain names that Mega-D used for its control servers. The registrars collaborated with FireEye to point Mega-D’s existing domain names to nowhere. This cut off the botnet’s pool of domain names that bots would use to reach Mega-D-affiliated C&C servers overseas ISPs.

As the last step, PC World says that FireEye and the registrars worked to claim spare domain names that Mega-D’s controllers listed in the bots’ programming and pointed them to “sinkholes” (servers FireEye had set up to sit quietly and log efforts by Mega-D bots to check-in for orders). Using those logs, FireEye estimated that the botnet consisted of about 250,000 Mega-D-infected computers.

MessageLabs reports that Mega-D had “consistently been in the top 10 spam bots” for the previous year. The botnet’s output fluctuated from day to day, but on November 1 Mega-D accounted for 11.8 percent of all spam that MessageLabs saw. After, FireEye’s action Mega-D’s market share of Internet spam to less than 0.1 percent, MessageLabs says.

Mushtaq recognizes that FireEye’s successful offensive against Mega-D was just one battle in the war on malware. The criminals behind Mega-D may try to revive their botnet, he says, or they may abandon it and create a new one. But other botnets continue to thrive. “FireEye did have a major victory,” says Joe Stewart, director of malware research with SecureWorks in the PC World article, “The question is, will it have a long-term impact?

Mushtaq says that FireEye is sharing its method with domestic and international law enforcement, and he’s hopeful. Until that happens, “we’re definitely looking to do this again,” Mushtaq says. “We want to show the bad guys that we’re not sleeping.”

Rb-

The Daily Average SPAM Received (DASR) index reached an all-time low in December 2009. The DASR for December 2009 was 29.4. The trend was on the decline since its all-time high in May 2008 of 77.5, but this seems different.

The impacts of the Fire-Eye operations seem longer lasting. The DASR stayed down through December and into the New Year. The month-to-date DASR index for January 2010 is a paltry 15.

Even after the McColo takedown in November 2008, the DASR never reached this low level.  Hopefully, Spammers have seen the error in their ways, repented, and found something else to do, but more likely is they have reloaded with new ammo as they exploit social networks, Adobe, IE, and Google.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| January 19, 2010
Comments Off on Zeus Raids School

Zeus Raids School

Zeus Raids SchoolA New York school district was a victim of an apparent Zeus trojan attack which appears to have netted nearly $500,000. InformationWeek is reporting that the FBI and New York State Police Cyber Crime and Critical Infrastructure Unit are investigating an attempt last month to steal about $3.8 million from the Duanesburg Central School District near Schenectady, New York.

According to the January 6 article, online thieves made a series of unauthorized funds transfers from the school district’s NBT Bank account to an overseas bank between December 18 and 22, 2009. The third transfer during this period was flagged as abnormal activity by the bank, which began blocking pending transactions after the school district confirmed the transfers had not been authorized. Working with foreign banks, NBT Bank recovered about $2.5 million out of $3 million stolen during the four-day period, but two previous unauthorized transactions were discovered.

Thanks to NBT Bank’s aggressive pursuit of the stolen funds, we are fortunate that the vast majority of the money has been recovered,” wrote Superintendent Christine Crowley in a letter on Monday to district parents and community members. “However, $497,200 of Duanesburg taxpayers’ money is still missing, and we are committed to doing everything in our power to recover the remaining funds.

The district website says, “At this time, we do not have any more information on how this happened and do not expect to have any more information to share until the investigation concludes.

Security researchers at Trusteer point out in a recent DarkReading article that Zeus is detected only 23 percent of the time by up-to-date anti-virus applications. The massive Zbot botnet is made up of 3.6 million PCs in the U.S., according to Damballa data  The malware steals users’ online financial credentials and moves them to a remote server, where it can inject HTML onto pages rendered by the victim’s browser to display its own content mimicking, for instance, a bank’s Web page.

Zeus’ infection rate is higher than that of any other financial Trojan. We are seeing actual fraud linked to Zeus — accounts being compromised, [and] money transferred from accounts of customers infected with Zeus,Mickey Boodaei, founder and CEO of Trusteer told DarkReading. “When we investigate some of our banking customers’ [machines infected by it], we find evidence of abuse on the computer, so we know this crime ring is very active and dangerous.

The security blog says that organizations can’t control the transmission vectors, which are increasingly social networking and/or webmail applications. Given the high degree of user trust and huge user populations, malware developers have been targeting social networks aggressively (webmail is a well-established transmission vector). Some of the threats come in the form of social network-specific threats (e.g., koobface, fbaction), but many times they’re re-using existing or older threats delivered in a new, hybrid way – exploiting the trust associated with social networks – which has given threats like Zeus a huge boost. If you can’t control the transmission vector, it’s much harder to manage the threat…especially when users click first, and think later.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| January 17, 2010
Comments Off on AT&T Asks to Drop POTS

AT&T Asks to Drop POTS

EweekAT&T Asks to Drop POTS is reporting that in order to extend broadband access to all Americans AT&T has told the FCC that it needs to get out of the land-line business. AT&T wants to get out of the land-line business so it can focus funds on broadband and IP-based communications. In the 32 page report, in response to a FCC Request for Comment on Transition form Circuit-Switched to All IP Network.

ATT logoAT&T called Congress’ 100 percent broadband goal “auspicious,” writing, “Broadband is dramatically changing the way Americans live, work, obtain health care and interact with the government. Congress and the Commission have rightly made universal broadband access a core national priority.” AT&T said this goal would be within reach if the resources of the FCC and its stakeholders were put toward developing and executing a strategy that included an “orderly transition away from, and retirement of, the PSTN.

AT&T wants to shut down its analog PSTN

AT&T has asked the FCC to create a timetable that would allow the company to shut down its analog public switched telephone network (PSTN) so more investment would flow to its IP-based initiatives.  “That transition is underway already,” AT&T wrote to the FCC in the Dec. 21, 2009 communication. “With each passing day, more and more communications services migrate to broadband and IP-based services, leaving the public switched telephone network (PSTN) and plain-old telephone service (POTS) as relics of a bygone era.” AT&T also said that less than 20 percent of Americans rely exclusively on POTS for voice service, while 25 percent of households have abandoned POTS. It noted that some 700,000 lines are being turned off each month.

Federal Communications CommissionThe telecommunications giant argues that having to maintain and invest in two networks broadband and the PSTN means Congress’ goal “will not be met in a timely or efficient manner.” The company said that while 90 percent of Americans have access to broadband services, reaching that last 10 percent would require an investment of about $350 billion. “Due to technological advances, changes in consumer preference, and market forces, the question is when, not if, POTS service and the PSTN over which it is provided will become obsolete,” AT&T wrote to the FCC.

AT&T outlined steps for shutting down the PSTN and wants the FCC to swiftly follow them.

rb-

Some of the issues that AT&T’s plan raises are life-safety issues. A POTS line maintains a dial tone and the ability to make and receive calls during catastrophes and emergencies. When large catastrophes strike, there can be no power for days, or even weeks in some areas. No power means no broadband Internet, which means VoIP phone services don’t work. No power to cell towers means no bars on your cell signal and no wireless service.

The ability to place 911 calls will also be an issue under an all IP system. With a POTS land-line, it is easy to match a phone number with a physical address, but with broadband VoIP, the 911 operators can’t tell where the call originates from.

Most importantly, as DSLReports points out, it is important to realize that AT&T’s objective is to move all broadband regulation to the more-easily lobbied federal level, revamping the Universal Service Fund so it works more in AT&T’s favor, and whatever other regulatory perks they can squeeze out of the FCC.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| January 15, 2010
Comments Off on Paper Based Data Breaches Growing

Paper Based Data Breaches Growing

Paper Based Data Breaches GrowingBrian Krebs at the Washington Post’s Security Fix points out that paper-based data breaches on the rise. Krebs cites statistics for the Identity Theft Resource Center, a San Diego-based nonprofit which says at least 27 percent of the data breaches disclosed publicly in 2009 stemmed from collections of sensitive consumer information printed on paper that was lost, stolen, inadvertently distributed, or improperly disposed of.

The ITRC has logged 125 paper breaches of the 463 incidents they recorded in 2009. These breaches were across all sectors, with businesses having the most followed by the government sector.

“Computers were supposed to take us to a paperless society, yet computers probably create more paper than before we had them because now we want a hard copy as well as what’s on the computer,” ITRC co-founder Linda Foley told Security Fix. “It’s a double danger of course because paper – especially when it’s just tossed in a dumpster somewhere – is not like data on a hard drive. It’s ready to use, it often contains the consumer’s handwriting and signatures, which can be very useful when you’re talking about forging credit card and mortgage applications.”

Stuart Ingis, a partner with the law firm Venable LLP in Washington, told Security Fix that many clients he deals with strictly speaking do not have a legal obligation to report paper-based breaches, but that most of his clients err on the side of caution.

Experts say that paper data breach incidents come to light in large part due to a proliferation of state data breach notification laws. Some 45 states and the District of Columbia have enacted laws requiring companies that lose control over sensitive consumer data such as Social Security or bank account numbers to alert affected consumers and in some cases state authorities. Concerned about the mounting costs of complying with so many state breach regulations, businesses often find it easier and cheaper to adhere to the strictest state laws. The current federal data breach notification proposals will preempt state measures and will allow paper-based breaches to go unreported because they would require notification only when data stored electronically is lost or stolen and are largely silent on paper breaches. Only Massachusetts and North Carolina currently require notification whether the data breach is in electronic or paper form.

rb-
When we talk to clients about information security and not just information technology security, we ask them to consider that lost paper documents are just as damaging to a company’s reputation should they get into the wrong hands as electronic data stored in an Excel spreadsheet or database server? But data on paper is just another form of data that needs to be protected by information security policies.

Related articles
  • Identity theft and data breaches increased in 2010 (lexingtonlaw.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| January 6, 2010
Comments Off on Digital Food for Dinner

Digital Food for Dinner

Digital Food for DinnerThe Fluid Interfaces Group at MIT has developed a “personal food factory.” The scientists have created a prototype 3D printer that stores, mixes, deposits, and cooks layers of ingredients that will rival your grandmother’s multi-layered lasagna according to Globalspec.

The project called Cornucopia is a concept design for a personal food factory that brings the versatility of the digital world to the realm of cooking.

MIT 3D Food Printer, Virtuoso Mixer and Robotic Chef

MIT says Cornucopia’s cooking process starts with an array of food canisters, which refrigerate and store a user’s favorite ingredients. These are piped into a mixer and extruder head that can accurately deposit elaborate combinations of food. While the deposition takes place, the food is heated or cooled by Cornucopia’s chamber or the heating and cooling tubes located on the printing head. This fabrication process not only allows for the creation of flavors and textures that would be completely unimaginable through other cooking techniques, but it also allows the user to have ultimate control over the origin, quality, nutritional value, and taste of every meal.

rb-

Will work for food

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
« Older Entries   Recent Entries »