« December 2009 | Main | February 2010 »

January 2010

01/15/2010

Bad Medicine

It's a regular visitor to your inbox: Spam that advertises cholesterol fighting Lipitor, depression suppressor Zoloft, or lifestyle drugs, such as Viagra and Cialis.

Known as pharmaceutical spam, or pharma spam, the unwanted email messages are a staple of online criminals and gray marketeers. Every day, hundreds of millions of junk messages inundate email servers worldwide, with pharma spam accounting for as much as 70 percent of the digital deluge.

YourSecurityResource.com

Posted at 05:05 PM in Articles, Consumer Technology, Cybercrime, Published on Symantec's YSR, Security | | Comments (0) | TrackBack (0)

|

01/08/2010

Banking in a Time of Cybercrime

Any small business, educational organization or local government needs to be wary these days. In the past year, cybercriminals have increasingly targeted these less-than-security-savvy groups with malicious software tailored to facilitate bank fraud.

In one case, which I documented for an article in Technology Review, online thieves targeted the accountant at a small California firm with a banking trojan. When the worker signed into the company’s bank account, the thieves initiated 27 fraudulent transactions totaling approximately $447,000. Former Washington Post reporter Brian Krebs has reported on over two dozen such cases. In total, the government estimates that businesses have lost more than $100 million as of early November.

Now, financial institutions and the government are preparing to advise businesses and other organizations on how to better bank online in these treacherous times.

UnsafeBits

Posted at 05:06 PM in Articles, Cybercrime, Law and Policy, Published on UnsafeBits, Security | | Comments (0) | TrackBack (0)

|

Taming the Transfer of Monster-Sized Files

Despite being insecure and outdated, the file transfer protocol (FTP) continues to be a popular method for sending large files between data centers, corporate divisions, branch offices or business partners. But watch out.

A study commissioned by Sterling Commerce, a subsidiary of AT&T that focuses on business and collaboration software, found that nearly a third of companies do the majority—as much as 80 percent—of their large file transfers using FTP. Yet, the same study found that 93 percent of companies experienced failures in FTP transmission. Another survey of manufacturers conducted by Sterling found that about 8 percent of their file transfers fail.

CIO.com

Posted at 11:57 AM in Articles, Data Centers, Enterprise Technology, Published on CIO.com, Software | | Comments (0) | TrackBack (0)

|

01/06/2010

Zeus Attracts Developer Ecosystem

For the entry-level cybercriminal, the Zeus do-it-yourself botnet creation kit has become the go-to program for getting a modest botnet up and running.

An entire business ecosystem has evolved to serve the needs of would-be cybercriminals. Their draw to Zeus: Ease of use, a competitive marketplace, and lots of customization. The result is that cybercriminal networks based on the Zeus kits account for about one-in-ten botnets, according to security firm Damballa.

And the demand is feeding more development and competition, says Gunter Ollmann, Damballa’s vice president of research.

UnsafeBits

Posted at 12:10 PM in Articles, Cybercrime, Malicious Code, Published on UnsafeBits | | Comments (0) | TrackBack (0)

|

01/04/2010

Broken Exploit? Not so Fast

Attackers don’t always get it right. Many times, their attempts to exploit a program or a computer system go awry. The result: A crash.

So, when Bojan Zdrnja, a Croatia-based handler for SANS Internet Storm Center, looked at a PDF document submitted to the volunteer group of security experts, he didn’t think it odd that it merely seemed to crash Adobe’s Acrobat Reader. To Zdrnja, the document clearly had been altered, but not in a way that could have exploited Acrobat or the operating system.

UnsafeBits

Posted at 12:08 PM in Articles, Cybercrime, Hacking, Published on UnsafeBits, Research, Security | | Comments (0) | TrackBack (0)

|