Continue Reading Add comment August 28th, 2008
An interesting article that analyzed spam sent to both real and fake e-mail addresses over an 8 week period which shows that e-mail accounts that start with some letters get more spam than others. (Aardvarks vs. Zebra in the article).
Continue Reading Add comment August 13th, 2008
Dutch police have notified people whose computers were infected with malware that made them part of a botnet comprising more than 100,000 PCs. People were redirected to a web page containing directions on disabling the malware and a link to an online virus scanner.
Continue Reading Add comment August 6th, 2008
In the Internet Age online videos are becoming more and more prevalent as they are easily distributed and are often more effective at getting a point across then forcing the visitor to read a bunch of text.
With this in mind Watchguard released some nice video tutorials about network security that are entertaining and have some excellent ideas worth showing your average user.
1 comment August 6th, 2008
- Shaun
Original article: http://blogs.techrepublic.com.com/networking/?p=620&tag=nl.e102
In the world of botnets, Storm isn’t king anymore, but Storm’s botnet owners aren’t giving up. This article is a reminder by Michael Kassner of the need to remain vigilant and not fall prey to the Storm worm or its relatives.
——————————————————————————————————————-
It appears that the Storm worm is making a comeback. I first made mention of this botnet maker in the article “Kraken: The biggest, baddest botnet yet“, where I explained how Storm was losing its grip as being the largest botnet in history to Kraken and Srizbi as the second largest. Well, Storm developers have added a few new twists to their arsenal and are seeing a resurgence in the size of their botnets. Therefore it’s very important to not become complacent about this type of malware as it relies on social engineering to propagate. I’d like to take a few moments to go over the process so we’re all clear on how the infestation occurs.
How my computer became a zombie
Let’s follow the process of becoming infected with Storm and the after-effects:
That’s one scenario and as botnet malware matures other more sophisticated attack venues are introduced. For instance, the delivery mechanism used by the Storm worm changes regularly. It starts out as PDF spam progressing to links for e-cards or invites to Web sites. The worm developers will try any method possible to entice users to click on a phony link or attachment. The initial e-mail used by Storm also morphs. There are new subject lines and body text that refer to relevant news or issues — any way to subjugate human nature.
The willingness to prey on human nature is why Storm is back in the news. It’s propagating successfully using an e-mail with a subject line of “FBI may strike Facebook” or “The FBI has a new way of tracking Facebook.” It appears that once again the developers have touched on a chord of human nature and are getting a decent infection rate.
Final thoughts
I could spend all sorts of time on the intricacies of how each of the top three botnets work or how successful they are at evading detection, but that wouldn’t help. This article is my regular attempt at making sure all of us are cognizant of the need to be web-savvy, always questioning whether that link or an attachment makes sense. Doing so will go a long way to reducing the amount of spam we receive. This certainly includes me, as I’ve been very close to becoming an unwilling botnet member myself.
——————————————————————————————————————-
Michael Kassner has been involved with wireless communications for 40 plus years, starting with amateur radio (K0PBX) and now as a network field engineer and independent wireless consultant. Current certifications include Cisco ESTQ Field Engineer, CWNA, and CWSP.
Here are more Blog articles on the Storm Worm:
- In the last few weeks I have received several requests for information regarding the Storm Worm. So today I thought I would perform an analysis in my lab on the last Storm Binary (postcard.exe) I retrieved using my Storm Binary Tracking … - The Storm worm first appeared at the beginning of the year, hiding in e-mail attachments with the subject line: “230 dead as storm batters Europe.” Those who opened the attachment became infected, their computers joining an ever-growing … - E-mail pretending to contain information on a fictitious FBI vs. Facebook case contains malicious code for the Storm worm botnet. - The FBI and its partner, the Internet Crime Complaint Center (IC3), have received reports of recent spam e-mails spreading the Storm Worm malicious software, known as malware. These e-mails direct recipients to click on a link to view … - I can barely see anything around me due to all the smoke coming from the smoking guns of who’s what, what’s when, and who’s done what with who, especially in respect to Storm Worm whose multitasking on different fronts in the first … - The Storm Worm-ers seem to be lacking their usual creativity in respect to the usual social engineering attacks taking advantage of the momentum we’re used to seeing. These days they’re not piggybacking on real news items, … - In addition, an IP address related to the University of California in San Diego (UCSD) sticks out, presumably related to their Storm Worm research. I’m not yet sure what all the other IP addresses mean, but presumably all of them are … - The FBI is warning email users of spam email which mentions a link to an FBI vs Facebook news article. Once the user clicks on the link, the Storm Worm malware is downloaded to the Internet-connected device… - A rash of complaints prompted the FBI to issue a warning of a new round of spam e-mails bombarding the Internet to spread the malicious Storm Worm. |
Add comment August 4th, 2008
A warning that we are seeing he beginning of a new spam campaign with a possible exploit vector. The e-mails claim to be from CNN based on the subject line but the from e-mail address are not at CNN. They also have links to videos and will probably either silently install malware or prompt you to install the ‘Codec’ required to view the video file. This will not be a real codec but malware designed to take over your PC.
Do not open any e-mail that looks like it came from CNN.com until this attack is over.
- Shaun
Here are some more Blog articles on CNN Spam:
- In general, my anti-spam filters and tools are pretty effective. So when I start to see something like this…. ….it’s obvious that a huge spam wave is underway. These are, of course, related to the fake CNN Spam from a few days ago. … - The first clue that something might have been amiss is the strangeness of some of the titles (“Michael Jackson sued by his own dog” isn’t something I’d expect to see on CNN, at least not yet). Of course, the giveaway is that regardless … - Heads up on a new, very high volume Fake CNN News Update spam run that is making the rounds. The subject of the email is “CNN.com Daily Top 10.” Our Threat Operations Center has seen over 5 million of these just in the last hour alone … - The spam messages contain graphics which are actually being loaded from the real CNN website. We’ll load them here from the same site so you can see them. These are the graphics present in each of the spam emails, fetched directly from … - Over on the so-called “CNN Blog” we find this entry: August 8, 2008 Fraudulent spam about CNN.com Posted: 07:45 PM… - Following the links in the CNN.com Daily Top 10 email could lead you to sites that hosts malware. MX Lab detected and intercepted the first messages at around 7:48 PM local Belgian time and is monitoring an outbreak of this type. … - This time, however it appears that the people responsible for the CNN Spam outbreak last week (original post here and update here) are now responsible for a new outbreak today alleging to be MSNBC news updates. … - If you get an email from CNN Alerts with a subject line like: “CNN Alerts: My Custom Alert email spam” be careful. This is being sent out to people who never signed up for CNN alerts as well as those who have. … - The spam outbreak “from” CNN the occurred this past week has morphed into a new breed:. image. It appears that the spammers have learned from previous mistakes because this one is a little slicker. In the body contents, just like the … - The malicious CNN campaign by Rustock has morphed to ‘MSN Breaking News’. |
|
Shaun Sturby is our Technical Services Manager, and Optrics' point person for email security, and network security. |
|
Shaun Sturby, MCSE |
|
The Spam Cryer
|
||
