Report

We see spam all the time. One of the most dependable things spammers do is to try and exploit various newsworthy events and holidays. Recently, we have seen spammers spreading malware using a combination of either or both flash updates andchristmas scams. Add one more to that list. Take for example, a spam I received today. The following email wishes the recipient a Merry Christmas and a Happy New Year, and then displays the following screen in an attempt to entice the user to click on the message. ...

The one subset of malware which does not immediately seem motivated by financial incentives is the autorun worm. In fact the raison d’etre for this class of malware seems lodged in the annals of yesteryear; summarised in three words it could be “naive script-kiddy kudos”. Unlike the propagators of other classes of malware, ie professional criminals, the writers of autorun worms are amateurish upstarts. Ample evidence for this assertion may be found in a recent sample of Sohana, a family of autorun worms, which was cloaked in three layers of known virus infections: the ancient W32/Flcss over W32/Scribble-B over W32/Impair-A. ...

With a dazzling laser show, the 26th Chaos Communication Congress (26c3) in Berlin, the last big security conference of 2009, has ended. If you haven’t been here, you might have missed fewer of the sessions than people on site, thanks to the worldwide availablility of live streams (and recordings). What you did miss was meeting all these people, though! 26c3 has simply outgrown the location it has occupied for the last few years, but this may be offset by a very successful experiment: allowing full remote access to the conference network via VPN for those who couldn’t attend. Other conferences should consider this (hey, Defcon team, are you reading this? 😉 ) as well, especially as air travel becomes less and less attractive. ...

It’s the time of year to make predictions. I only have one: in 2010, governments around the world will BEGIN to increase their efforts to do something about the massive malware threat that every Internet user on the planet faces. It’s going to be controversial and difficult legally and technically. It’s going to cost serious tax money, political capital and diplomatic work to counter this crime wave that is like nothing the world has ever known. ...

As was announced on Dec 11th, CNNIC (China Internet Network Information Center) now requires a “formal paper based application material when making the online application to the registrar.” The motivation behind this seems more related to cracking down on porn sites, but since .cn domains have been the call-to-action in 35-50% of all spam being sent for well over a year, we were wondering what effect this policy change may have on the prevalence of this TLD in spam. The graph below illustrates the percentage of spam messages sent each day that contain a .cn domain (vast majority are Canadian Pharmacy type spam) as well as the percentage of pharmacy spam messages sent that contain a link to a free webhosting service (blue). I decided to measure the .cn abuse, against free webhosting abuse, as the same Canadian Pharmacy spam that contained links to .cn domains for the past few months, now contain links to a number of free webhosting services instead. The CNNIC changes started to be applied on December 14th. ...

For the first time, the FBI has issued a public warning about the threat of rogue anti-virus software, which the agency said has resulted in more than $150 million in losses to victims. In an intelligence note posted Friday on the website of the Internet Crime Complaint Center, the FBI said users should be on the lookout for pop-up advertisements masking as legitimate-looking AV software, known as “rogueware” or “scareware.” Rogue anti-virus software typically is purveyed through malicious advertisements, or “malvertisements,” on trusted websites. When viewed or clicked, the ads lead users to sites that claim their computer is infected and, to resolve the issue, they should buy an anti-virus product, which turns out to be fake. In other instances, the ads try to install trojans onto the victim’s PC. ...