Hello, Sid Faber from the Network Situational Awareness group at CERT. Like just about everyone else, we’ve been following the Conficker worm for a while and thought some updated stats on the Conficker.C variant might be useful.
Posted March 31st, 2009
Posted March 29th, 2009
Misleading Application
Posted March 27th, 2009
If you’re one of those people with a passing knowledge of Linux, you might see it as something used exclusively by network admins, developers, and hobbyists. What you may not realize is that these admins, devs, and hobbyists have taken this versatile OS and ported it to all sorts of devices over the years.
Posted March 27th, 2009
The pseudo-random domain name generation for the rendezvous point is a clever idea. The common way for a botnet to communicate with its botmaster is usually done via a single rendezvous point. Since this rendezvous point is static, whoever controls this static location owns the botnet. This poses a problem for the botmaster since this rendezvous location is the weakest link of the botnet.
Posted March 27th, 2009
Social engineering tricks are always evolving. Who can forget the ILOVEYOU subject of the Loveletter worm? Nowadays, scaring people seems to be all the rage. The gang behind the Waledac trojans have found a new twist: Convince people there has been a terrorist bombing in their neighbourhood.
This is done through an apparently distraught email with a link. Follwing this link ends you on a web page claiming there has been a bomb explosion at a market close to (wherever you live). The web server you contact looks your IP address up in order to find your geographic location, and then customizes the message so that it fits. Of course, you have to download a flash upgrade in order to view the video..which of course is a trojan horse. Bottom line: Stuff in email is suspect.
