Malware Behind Oldest, Most Active Spam Botnet Gets Refresh

Posted on by admini

“This latest version has a fall-back C&C mechanism that is based upon a domain name generation algorithm (DGA),” wrote Manos Antonakakis, Damballa’s Chief Scientist and lead researcher on the report, issued Wednesday. “If the malware cannot successfully resolve any of the domains that are hard coded into it, it will start using the DGA in an effort to connect to the currently active DGA C&C.”

Researchers at antibotnet vendor Damballa Labs performed malware analysis on the new Pushdo variant and monitored several of the domains generated by the new domain algorithm to measure the scope of the new threat.

The latest domain generation algorithm technique is a backup, only used if the malware on an infected machine fails to connect with the primary command-and-control server.

“This is a very smart way to defeat generic network signature and sandboxing systems that simply block the network communication observed during the dynamic analysis of the malicious binary,” the researchers said

Link: http://www.crn.com/news/security/240154963/malware-behind-oldest-most-active-spam-botnet-gets-refresh.htm

Read more

Beware The Coming SEC Regulations On Cybersecurity

Posted on by admini

f the SEC requires details on the material loss from cyber-attacks, the actual reporting of such proof is going to be a tall order on a company that’s already strapped for specialized IT security talent and working at fever pitch to manage risk. Until then cyber incidents continue to financially drain private and public companies, IT must clean up the mess and put a lid on it in order to save face with stakeholders.

As corporate data theft continues and investors demand answers, here are recommended actions companies can take now within their IT departments to ensure they are prepared to not only answer to to the SEC and investors, but also better prepared for managing the risks associated with maintaining and relying on global computer networks:

It’s All or Nothing: With today’s emerging technologies such as cloud computing, mobility and virtualization, it’s important to have a complete view of your IT landscape.

Less is More: Those with experience with Sarbanes-Oxley understand that access and entitlements to financial reporting systems is a vital control to exhibit, mainly due to the potential impact of manipulation of those systems.

Most companies that have their data or systems compromised as a result of security incident know full well the costs of repair and remediation; costs of deploying cybersecurity protections (including software like my company develops), litigation costs and the worst: reputational damage to brands and stock price.

While companies are following the guidance, many that have been the targets of these successful attacks have denied any material impact in their SEC filings – the lack of these filings proves that.

Link: http://www.forbes.com/sites/ciocentral/2013/05/15/how-to-prepare-for-when-the-sec-comes-asking-about-cybersecurity-risk/2/

Read more

HBGary Announces Next-Gen Responder™ Pro

Posted on by admini

In a move to significantly close the gap between discovery and mitigation of targeted attacks, HBGary, a subsidiary of ManTech International Corporation, unveiled the next-generation version of Responder™ Pro, the de facto industry standard in automated Windows® physical memory analysis. By leveraging Digital DNA™ 3.0, HBGary’s flagship technology, Responder™ Pro…

Read more

The Onion reveals how Syrian Electronic Army hacked its Twitter Read more: http://www.itproportal.

Posted on by admini

At least one employee entered their credentials, allowing the attackers entrance to their account, from which the SEA sent the same email to more Onion staff. The last attack compromised at least two more accounts, one of which was used to control the Twitter account.

One in particular —Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Deaths At Hands Of Rebels — angered the attacker, who began posting edtorial email addresses on the SEA account.

At the end of the day, at least five Onion accounts were compromised; the company forced a password reset on every staff member’s Google Apps account.

Link: http://www.itproportal.com/2013/05/13/the-onion-reveals-how-syrian-electronic-army-hacked-its-twitter/

Read more

Welcome to the red team!

Posted on by admini

Internet Explorer has been in the press over the years for the number of vulnerabilities that it once had, but nowadays, Java is a prime target for red teams because Java is meant to run on 3 million devices – providing what’s called a large ‘attack surface’.

Attacking the software is getting harder these days, but there’s one component of an organization’s computer system that is always potentially vulnerable – and that’s the people who use the computers. Another technique is to send infected memory sticks to staff, who often plug them in to see what’s on them, and, again, the malware strikes!

Red team members can now use social media to find the names of staff as well as details of their experience, so that e-mails and phone calls from the red team can sound quite legitimate.

The other part of the solution is education of staff so that they don’t insert memory sticks or click on attachments from unknown sources.

The red team could, perhaps, get a piece of malware onto someone’s tablet, which then gets connected to network, which then starts opening security doors all the way to the mainframe.

But most organizations can learn from the types of vulnerability red teams exploit, and take steps to ensure that they are not at risk from them.

Link: http://it.toolbox.com/blogs/mainframe-world/welcome-to-the-red-team-56048

Read more