Archive for February, 2011

Malware toolkits fuel the botnet epidemic

Posted in IT Security on February 17, 2011 by cobra

This article is referred from
http://www.h-online.com/security/news/item/Malware-toolkits-fuel-the-botnet-epidemic-1191981.html

In a current reportPDF, anti-botnet specialists at Damballa write that the number of bot-infected PCs worldwide increased sevenfold within a year, although no absolute figures are mentioned. The researchers consider that the expansive growth in 2010 was caused by the increasing availability of “exploit packs” and trojan toolkits. Such tools enable criminals without programming skills to assemble their attack weapons and malware with a few simple mouse clicks. Toolkit prices range between $100 and $1,000.

Among the most popular toolkits in terms of deployment is the Alureon bot, aka TDL, which has rootkit capabilities. To infect a system, Alureon can even bypass the extra security measures available in the 64-bit versions of Windows 7 and Vista.

An Alureon-based botnet operated by a cyber gang called RudeWarlockMob was responsible for almost 15% of the total number of infections registered by Damballa. Microsoft had made similar observations in the first half of 2010, and even, for example, held Alureon responsible for a third of all infections in Germany.

Second place in Damaballa’s statistics is occupied by the RogueAVBotnet botnet, which is apparently used to deploy scareware. In third place is the ZeuS online banking trojan, followed by Monkif and Kobbface. In mid-2010, a ZeuS botnet operated by a cyber gang called FourLakeRiders reportedly created 1.2 million zombie PCs. Overall, the 10 largest botnets were responsible for almost half of all registered infections.

Click here to read the complete Damballa 2010 Top 10 Botnets Report.

Attack Can Extract Crypto Keys From Mobile Device Signals

Posted in IT Security on February 17, 2011 by cobra

Many carriers and mobile providers are touting smartphones as the future of secure mobile payment systems, enabling users to pay for purchases with an app on their phones, and this already reality in many parts of Asia and Europe. However, researchers have discovered that some of the more popular smartphone platforms leak sensitive data during these transactions that could allow criminals to spoof a victim’s phone and make purchases with the victim’s account.

Please Click here to read the complete article. This is indeed a serious issue 😦

Google (finally) gives everyone two-factor authentication

Posted in IT Security on February 17, 2011 by cobra

Email security filters down from Google Apps.

Google will roll out two-factor authentication for all account holders over the coming days, making good on a promise it made last year. Until now the second factor – a unique code often typically delivered via SMS — had been only available to Google’s Apps customers.

Two-factor authentication relied on knowledge of a password and possession of the device that receives a one-time code. It will make it tougher for criminals scouring social networks to crack users’ login credentials.

Please enter here to read the full article.