Scarcely one year after the initial appearance of the Storm Worm and its resulting botnet, some heretofore untapped functionality's been pushed out in one update or another in just the past couple of days: Not only is the botnet sending out phishing-related spam but the phishing sites are hosted on the infected machines themselves. The information security community is speculating that it may now be possible for the controller of the botnet to partition it and assign different tasks to different segments of the infected net.population. As if that weren't problem enough, the domains that the phishing sites use …
It has come to the attention of the news media that documents that really shouldn't be getting out (like blueprints of high-security military installations) are being stashed on publically accessible web and FTP servers around the net, sometimes on the networks of the subcontractors themselves where anybody with the time and patience to go digging has a chance at finding it. During research for this article, reporters working for the Associated Press found dozens of sensitive documents that weren't even protected with a basic password. Moreover, sometimes you …
What I want to know is this: Why wasn't the Wordpress project at the very least posting hashes of the distribution archives, or PGP/GPG signing the archives and posting detached signatures for the files? Looking at the Wordpress download page shows a pair …
I was wrong, things can get more weird. Malware researcher Joe Stewart has been working on a new infective agent called SpamThru, and discovered some very unusual things about it: It goes to incredible lengths to ensure that it is the only infection on the machine in question, namely, it downloads and installs a pirated copy of Kaspersky Antivirus, hacks it so that it doesn't check for a valid license key, and scans the infected machine to get rid of every other piece of malware that isn't SpamThru. Control of zombied machines is done with a peer-to-peer protocol that can …
The handlers over at the Internet Storm Centre have been noticing a disturbing trend lately, namely, seeing the DNP protocol appearing on the open Net. You probably don't care about this because you've never heard of it before, but the protocol called DNP is used by process automation systems (SCADA) that control things like power generators and substations, pipelines, and other systems that have points of control scattered far and wide, systems in which a problem in one place can cascade into major problems everywhere downstream of the first problem. Now, maybe it's just me, but I find it worrisome …
