anyone for
internet banking?
Criminal hackers have penetrated the networks of almost 2,500 companies and government agencies in a coordinated campaign that began 18 months ago and continues to steal email passwords, login credentials, and other sensitive data to this day, a computer security company said. The infections by a variant of the Zeus botnet …
As a first line of defence, all these organisations should mandate use of plain-text email and ban HTML. That would remove several attack vectors (I bounce HTML email by default, it takes out a lot of spam).
A second line of attack would be to automatically remove attachments from incoming mail and put them on an internal server where they can be quarantined/verified in a safe environment before being dowloaded by the original recipient. Still not foolproof, but it would help reduce the incidence of clueless users blindly opening attachments while not inconveniencing them too much.
Maybe I am reading it wrong, but it seems like the researchers can ID the drone PCs.
Send the IP addy to the ISP (along with datetime info, in case the IP is shared) and give the ISP 24 hours to block 75%+ of all reported drones.
If they do not comply, block the ISP until such times as they do.
All ISP costs should be recovered for the negligent users.
How friggin' hard is it, just how hard? Can anyone tell me? Am I asking for the impossible?
Users are 100% responsible AT ALL TIMES for any damage caused by a device under their control. Be that a car, gun, power tool or PC.
This post has been deleted by its author
I've got you beat there... I've been running MacOS since 1985, before the big '88 Worm -- I used Virex and Norton until they got to be more trouble than they were worth, as they kept flagging down benign CDEVs and INITs -- and haven't been touched yet, thanks to a bit of common sense and Little Snitch (under OSX). I automatically "deny" any numeric IP addresses -- not to mention the usual suspects, such as doubleclick -- as Little Snitch (which has saved my ass on numerous occasions) catches and flags them, and that's worked really well for me.
Don't they have a Little Snitch equivalent for Windows?
Wake up call required eh.
FFS, just how long is this charade going to continue.
Didn't think it could happen to them, wasn't worth the investment.
I'm sure we've all read the security briefs and then had to pull in our necks when being told why we can't implement the required strategy.
Well someone is going to wake up much richer today.
And some are not being so Fortunate, hee hee hee.
Make way idiots !
ALF
I have little sympathy for some of these companies - who to this day /insist/ that their desktops carry IE6 and no other web browser(*). That puts their employees right there in the danger zone any time they do anything to do with the internet ... even unknowingly, opening HTML email on a Windows desktop.
{* I work for one of the larger investment banking organisations, who operate this adbsurd policy.}
I also worked at a large financial organization, and while IE6 was the "standard", so was Nestcape 4. That was because Netscape 4 is the most recent browser with OS/2 support; go figure.
The good thing is that those OS/2 beasts with Netscape4 are basically malware-proof, as there's no chance in hell they'll even be able to run the malware!
Many companies mandate IE6 and WinXP due to problems vetting newer browsers/OSes. The Gov't in particular probably runs custom software that demands a certain browser or uses an out-of-date plugin that requires an older OS. I work in Healthcare and I know of several EMR solutions that either directly embed browser windows into their interface (thus requiring IE6 for instance, so everything stays working as intended), or uses some plugin for managing PDFs or images that is running 4 revisions out-of-date which only supports XP. Why? It costs money to buy licensing for the new plugin, or to pay someone to update the interface, etc. Until people start refusing to use software solutions that REQUIRE them to stay on older, more insecure, platforms, nothing will be done by those lazy software vendors.
How exactly the perps choose what information (if any) is worth siphoning off to the [former Soviet] Republic of Bulvania for closer inspection. Sending, say, the entire contents of the HD and then examining that is probably not feasible. I suppose doing the same for "C:\Documents and Settings" would be a start, but still ...
This seems to come just at the right time when Symantec Endpoint Protection that is so widely used in big companies as their corporate anti-virus has failed miserably on Jan 1st, 2010 (see this: http://www.theregister.co.uk/2010/01/09/symantec_endpoint_manager_bug/).
Because of this major goof tens (hundreds?) of thousands of PCs have been left with outdated signatures for weeks. I know from first hand information that in some big places, desktops with signatures 3 weeks+ old were not uncommon until very recently. Symantec has come up with a fix some time ago but due to propagation delays and intranet servers being overloaded in companies, it took forever for signatures to catch up.
Keeps me wondering why SEP is still so popular after so many failures of this basically broken product. On top of this the "corporate" aspects fail just any functionality tests.
I worked for a local council and I had the oppurtunity to try using some of their web browser based software with FF portable out f curiousity. From the front end it seemed to work fine, would retrieve the information, would send the information back etc. (I can't say for the back end or all of it but I used the 'user end' of it pretty extensively),. I'd say a certain lack of interest in their IT dept, plus outside the IT dept a combination of no one in the place ever wanting to be the one who sticks there neck out upsets the status quo and no one wanting to risk being the one who might be culpabe if its is a problem or doesnt work, plus most of the end users are clueless about the problem. means the place is still using ie6 its will still probably be using it when we are making gestures to browse.
These simialir attitudes cause some vast waste in our public money elsewhere as well for simialir status quo reasons, after working there a year I used to resent paying my council tax cos I knew it was being pissed up the wall for little good reason.
This is a variant of the well known Zeus bot otherwise known as Zbot. Once executed on the target machine –which becomes an infected bot- it downloads a configuration file from the C&C server (Command & Control server) which instructs the bot to capture desired data.
It creates a hidden folder on the infected machine and it drops a modified copy of itself to avoid security scanner detection.
The bot periodically uploads the captured data to the server and schedules an update of the configuration files permitting the criminal hacker to change the instructions of the bot.
Additionally it disables the firewall on the target machine.
Rossano Ferraris, CA ISBU Research Team