Posted October 31st, 2009
It appears that this Halloween the malware writers preferred choice of infection vector is by using SEO (Search Engine Optimization) techniques to poison popular search terms.
We at SophosLabs have seen relatively few email campaigns that exploit Halloween this year, but there have been plenty of campaigns pushing malware loaded URL’s into festive search terms.
We have various Fake AV families featuring highly:
and
Which leads to the familiar:
and
There are also families that pose as fake media codecs exploiting Halloween to push their wares:
As users wise up to the dangers of email attachments we are seeing SEO poisoning becoming a more and more popular attack vector.
Sophos detects this years nightmares variously as Mal/FakeAvJs-A, Mal/Krap-A and Mal/EncPk-LH.
Posted October 30th, 2009
The most infected countries are:
Turkey: 3.02%
Argentina: 2.17%
Peru: 2.05%
Venezuela: 1.88%
Brazil: 1.79%
Posted October 30th, 2009
AP – The United States is well behind the curve in the fight against computer criminals, Sen. Joe Lieberman said Friday, as Homeland Security officials opened a $9 million operations center to better coordinate the government’s response to cyberattacks.
Posted in 1
Registry Utilities Professional - Buy Now! Click Here
Posted October 30th, 2009
Ken Bradley and I will conduct a Webcast for SANS on Monday 2 Nov at 1 pm EST. Check out the sign-up page. I’ve reproduced the introduction here.
Every day, intruders find ways to compromise enterprise assets around the world. To counter these attackers, professional incident detectors apply a variety of host, network, and other mechanisms to identify intrusions and respond as quickly as efficiently as possible.
In this Webcast, Richard Bejtlich, Director of Incident Response for General Electric, and Ken Bradley, Information Security Incident Handler for the General Electric Computer Incident Response Team, will discuss professional incident detection. Richard will interview Ken to explore his thoughts on topics like the following:
- How does one become a professional incident detector?
- What are the differences between working as a consultant or as a member of a company CIRT?
- How have the incident detection and response processes changed over the last decade?
- What challenges make it difficult to identify intruders, and how can security staff overcome these obstacles?
I will lead this event and conduct it more like a podcast, so the audio will be the important part. This is a short-notice event, but it will be cool. Please join us. Thank you!
Posted October 30th, 2009
PC World – The Conficker worm has passed a dubious milestone. It has now infected more than 7 million [m] computers, security experts estimate.
Posted in 1
Registry Utilities Professional - Buy Now! Click Here
