Malicious Tweets Not So Common
While there are plenty of warnings to users of the popular Twitter service to take care in following links, the dangerous reputation of the social network is somewhat undeserved, finds one researcher.
In a study of 1.3 million URLs culled from the public feed of Twitter updates, security researcher Julien Sobrier of Zscaler finds that only 0.06 percent of all URLs led to a malicious site. The majority of those 773 bad links — 92 percent — led to a site that attempted to install malicious code, while about 5 percent sent the user to a phishing site that attempted to convince the victim to give up sensitive log-in information. Read more…
Reports Soar as Zeus’ Popularity Grows
The Zeus, or Zbot, trojan started spreading as early as 2006, but only recently has the malicious do-it-yourself software run rampant among mortals’ PCs, according to data released by Microsoft.
In an analysis posted on Thursday, the software giant found that the growth of Zeus — which the company refers to as Zbot — began accelerating last October until it peaked in January. Microsoft had seen less than 50,000 reports of Zeus trojans each month up until October 2009, when the trojan broke through that ceiling and, by January, had accounted for more than 200,000 reports. Read more…
Goodbye (mostly), SecurityFocus
Symantec made the announcement today that SecurityFocus will be essentially be phased out, with only Bugtraq and the vulnerability database accessible through the current site. Much of the content will move over to Symantec Connect, a site that acts as a portal between the company and the security community. Here is the announcement: Read more…
Troyak Takedown Stings Zeus
Late Tuesday night, more than 90 servers controlling Zeus botnets suddenly disappeared from the Internet.
The outage came after a group of security professionals worked to de-peer Troyak, a known rogue network hub that provides connectivity to at least six Internet service providers hosting botnet controllers. The disappearance of the Zeus command-and-control servers was discovered by the ZeusTracker service, a site that records changes to known Zeus botnets. The servers accounted for more than a third of the active servers currently tracked by the service. Read more…
China-Related Cyber Attacks on Major Firms (“Aurora”)
In mid-December, Google discovered that attackers coming from China had breached its network. The attacks were “highly sophisticated and targeted,” and the attackers stole intellectual property. Evidence from a server used as a data drop showed that at least 20 — and possibly as many as 33 — other companies were attacked. In Google’s case, at least two Gmail accounts belonging to human-rights advocates in China were monitored by the attackers in a limited way.
I’ve completely revamped this page to make it more easily readable and with sources collected at the end. This page will be updated to reflect the current status of what is known about the attackers, the techniques used, and the victims. If you have any information on the attacks, or comments on how better to present this information, feel free to contact me. Read more…
Of Tailored Attacks and Chinese Trojans
On June 25, 2009, CYBERsitter CEO Brian Milburn received an e-mail message that appeared to come from his director of sales and marketing.
The e-mail subject announced, “This is the Jinhui Computer Systems Engineering Inc’s report about China’s Green Dam Youth Escort screening software,” and contained a link to a zip file hosted online. Opening the zip file displayed an article from the Chinese state news service, Xinhua.
Yet, the sender’s e-mail address was not quite correct; it was missing a single letter. And, the Word document was not the attachment, it was a Trojan horse.
