Tag: infosec

  1. The Storm Worm botnet learns some new tricks - like phishing.

    10 January 2008

    Scarcely one year after the initial appearance of the Storm Worm and its resulting botnet, some heretofore untapped functionality's been pushed out in one update or another in just the past couple of days: Not only is the botnet sending out phishing-related spam but the phishing sites are hosted on the infected machines themselves. The information security community is speculating that it may now be possible for the controller of the botnet to partition it and assign different tasks to different segments of the infected net.population. As if that weren't problem enough, the domains that the phishing sites use …

    Read more...

  2. Contractors do the dumbest things sometimes.

    12 July 2007

    Like putting classified material online where anyone can stumble across it it.

    It has come to the attention of the news media that documents that really shouldn't be getting out (like blueprints of high-security military installations) are being stashed on publically accessible web and FTP servers around the net, sometimes on the networks of the subcontractors themselves where anybody with the time and patience to go digging has a chance at finding it. During research for this article, reporters working for the Associated Press found dozens of sensitive documents that weren't even protected with a basic password. Moreover, sometimes you …

    Read more...

  3. Webloggers be warned: Wordpress v2.1.1 is compromised!

    05 March 2007

    A recent emergency bulletin from Matt of the Wordpress weblogging software project is highly distressing to say the least: someone cracked one of the project's servers and inserted a pair of backdoors into v2.1.1, which make it possible for a malicious user to remotely execute aribitrary code on the server hosting a Wordpress blog.

    What I want to know is this: Why wasn't the Wordpress project at the very least posting hashes of the distribution archives, or PGP/GPG signing the archives and posting detached signatures for the files? Looking at the Wordpress download page shows a pair …

    Read more...

  4. Malware infestations can be bad, but this takes the taco.

    23 January 2007

    I was wrong, things can get more weird. Malware researcher Joe Stewart has been working on a new infective agent called SpamThru, and discovered some very unusual things about it: It goes to incredible lengths to ensure that it is the only infection on the machine in question, namely, it downloads and installs a pirated copy of Kaspersky Antivirus, hacks it so that it doesn't check for a valid license key, and scans the infected machine to get rid of every other piece of malware that isn't SpamThru. Control of zombied machines is done with a peer-to-peer protocol that can …

    Read more...

  5. There's something odd on the Net these days...

    20 January 2007

    The handlers over at the Internet Storm Centre have been noticing a disturbing trend lately, namely, seeing the DNP protocol appearing on the open Net. You probably don't care about this because you've never heard of it before, but the protocol called DNP is used by process automation systems (SCADA) that control things like power generators and substations, pipelines, and other systems that have points of control scattered far and wide, systems in which a problem in one place can cascade into major problems everywhere downstream of the first problem. Now, maybe it's just me, but I find it worrisome …

    Read more...

3 / 3