Report

McColo (Nov. 08), Torpig (May 09), MegaD (Nov. 09), Lethic (Jan 10) The Darkreading.com site is reporting that researchers with communications security firm Neustar, of Sterling, Va., working with ISPs has taken over the command-and-control servers and shut down the Lethic botnet. The owners of the Lethic network specialized in diploma, pharmaceutical and replica spam. It is believed that Lethic was responsible for 10 percent of spam. Other recent botnet takedowns include: — McColo (Nov. 08), — Torpig (May 09), — MegaD (Nov. 09) ...

Looking at a random new incoming malware sample in F-Secure sample automation systems. Notice the Mutex names it uses: Hey STFU yourself, why don’t you? P.S. It’s detected as Email-Worm:MSIL/Agent.MXK

The spammers and malware authors profited of the holiday time when a lot of people are at home and sent a large amount of emails just before the official free days. As can be seen in the graphic below, we registered a higher activity in the two days before the holidays and immediately after them. The red bars are either weekend days or holidays (25.12 and 1.1). What kind of spam was sent? ...

Angelina Jolie and Barack Obama are the #1 celeb subjects of choice for spammers, according to McAfee January Spam Report. The report also reveals: • The top 25 men and women that were spammed • Chinese pharma spam isn’t going away – in fact, on Dec 14, spam levels skyrocketed with subject lines advertising discounts on Pfizer drugs • “Free-hosting” websites to provide spam URLs has become a major target for spammers ...

The third version of Firefox has emerged as the most successful leader in the browser category of all alternatives to Internet Explorer. Since the official launch of its first release in mid 2008 has not only grown in use but also in popularity, although during this time there was a launch of the greatest threat that has known so far, Google Chrome. That is why, people from Mozilla are working hard to beat newcomer in the race to become the most popular browser. It is true that the current “saga” still has to cut fabric, then Firefox 3.6 It is planned for early 2010, and Firefox 3.7 will happen a few months later, respectively including versions 1.9.2 and 1.9.3 Gecko engine. ...

California software company Cybersitter LLC, has sued the People’s Republic of China and seven computer manufacturers in U.S. Federal court for stealing 3,000 lines of its Internet filter software code and using it in last year’s Green Dam fiasco in China. The suit, “Cybersitter v. the People’s Republic of China,” was filed in U.S. District Court, Central District of California (Los Angeles). It also names Acer, Lenovo, Sony Corp., Toshiba, Asustek Computer Inc., Benq Corp. and Haier Group as defendants. ...

There has been extensive news coverage this week of Adobe’s plans for ramped-up security in its popular Reader, Acrobat and Flash Player applications, especially the Reader and Acrobat updates promised next week. A vulnerability that was publicized in December in Reader and Acrobat allows an attacker to execute arbitrary code with a specially crafted PDF file using ZLib compressed streams. In a short time, proof-of-concept code was made public. In the past week, anti-virus companies began intercepting malicious .pdf files that exploit the vulnerability to install a back door on victims’ machines. ...

Seal Shield, a Jacksonville, Fla., company that makes washable computer keyboards and mice, said it will introduce the world’s first washable cell phone at the Consumer Electronics Show in Las Vegas this week. The company’s washable mice, keyboards and TV remotes can be cleaned in a dishwasher. This might be good. I have three 20-something step children who have discovered that cell phones as we have come to know them do not survive being dropped in toilets. ...

The massive growth of gold farming – the exchange of real money for virtual goods – might result in an increase in gaming Trojans and other malware aimed at gamers in the future. A well-respected researcher has described the incredible growth of “gold farming,” an significant industry and source of employment in China and other parts of Asia. He estimates there are 400,000 people, working for gold farming companies. They spend as much as 12 hours per day playing online games in order to accumulate virtual goods which can be sold to some of the 50 million on-line game players world wide for real cash. ...

Mike Cardwell, an IT consultant in Nottingham, UK, reported on his blog finding a Y2010 bug in Spam Assassin. He found an error in a rule that Spam Assassin folks thought they fixed. “I think a lot of systems will be experiencing false positives on their ham because of this at the moment. It is a particularly high scoring rule considering that the default threshold is 5.0,” he wrote. For further information see: SpamAssassin Rule: FH_DATE_PAST_20XX ...