Korean DDoS malware may self destruct

Earlier this week, we reported a series of attacks on key South Korean and U.S. government servers that took some of them offline. The attacks are still under investigation, but a blog post on the Washington Post’s website suggests that the botnet being used to deliver the DDoS (distributed denial of service) attack could self destruct.

An attack bot of this nature works by first infecting vulnerable computers around the world. The computer user is unaware of its presence and continues going about his business. Meanwhile, the bot uses that person’s computer to attack another, usually a server. With the coordinated effort of possibly thousands or even millions of computers, it easily disrupts service of the server or multiple servers. With some botnets, after the task is completed, they wipe the person’s hard drive.

According to security expert Joe Stewart, director of malware research at SecureWorks, this particular form of malware is a version of the Mydoom worm, includes a Trojan horse program that will overwrite all of the data on a victim’s hard drive. Microsoft Windows PCs are vulnerable to this attack, and experts believe that between 60,000 to 100,000 PCs may have been infected with the malware. South Korean government officials have also warned their citizens about this danger, saying that at least 20,000 PCs in South Korea are infected.

Source: Washington Post
Photo: Flickr

New service detects malware on websites

Dasient is a new web site service created by former Google employees, Neil Daswani and Shariq Rizvi, and Ameet Randive. The service crawls the web and detects malware, malicious software that is harmful to computers. The software locates the problematic code on the site and then quarantines it, effectively cleaning the site of malware.

Using the Desient technology, web hosting providers will be able to diagnose malware before hey are blacklisted and thereby lose customers. The new company received $2 million in funding from several companies.

It’s “a challenging engineering problem,” says Daswani of performing diagnostics on malware-infected sites and quarantining code without disrupting site use. The Dasient Web Anti-Malware service, which starts from $50 per month, is still in an “alpha” stage in some respects, especially the malware-quarantining capability, Dasient’s co-founders acknowledge. The malware quarantining feature requires a Dasient software module to be installed on a Web server for protection.

Source: Computerworld
Photo: Flickr

Triple Fiber Network Responds to Shutdown

A week ago from today, the FTC shut down California web host Triple Fiber Network (3FN) for hosting illegal content, including child pornography, malware, and the infamous “Cutwail” botnet.

In a press release riddled with broken English and grammatical errors, the company responded to the shutdown.

Triple Fiber blasted the FTC for shutting down all its servers without prior notification and went on to declare its innocence, claiming it “never provided any services for illegal businesses intentionally.” It offered to help with the investigation, but added there was no evidence to convict it of wrongdoing.

Our company has always been willing to assist authorities in their investigations. Accusing the provider in illegal actions made by its customers is not the way out and will not solve anything. It causing more damage to law-abiding customers than helps successfully fighting cyber criminals.

The company also stated that the evidence the FTC collected against it, including instant message logs of sales pitches to spammers and hackers, “can not be the evidence of [3FN] complicity.”

Triple Fiber Network said millions of dollars have been lost so far by the shutdown. It claims to be doing everything in its power to recover customer accounts, but has not revealed in what manner it is doing so and what, if any, progress has been made.

Photo: Flickr

FTC Shuts Down California Web Host

Earlier this week, the Federal Trade Commission shut down a California web hosting firm for involvement in spam operations. This is the first time the FTC has ever taken action against a hosting provider.

The company, Triple Fiber Network, hosted some 15,000 websites at a data center in San Jose, California. The sites were taken offline Tuesday after the FTC told its bandwidth provider to stop routing the host’s traffic.

Triple Fiber allegedly hosted all sorts of illegal content, including malware and child pornography. “Anything bad on the Internet, they were involved in it,” FTC Chairman Jonathan Leibowitz said. “We’re very proud, because in one fell swoop we’ve gone after a big facilitator of some of the utterly worst conduct.”

The FTC stated:

[Triple Fiber Network] hosts very little legitimate content and vast quantities of illegal, malicious, and harmful content, including child pornography, botnet command and control servers, spyware, viruses, trojans, phishing related sites, illegal online pharmacies, investment and other Web-based scams, and pornography featuring violence, bestiality, and incest.

The black market provider also hosted the control servers for one of the world’s largest botnets, “Cutwail.” According to the government agency, the host marketed itself to overseas criminals by placing ads in the “darkest corners of the Internet.”

Most of the host’s personnel work overseas. In a message to customers, Three Fiber promised to be back up within days in another location. Meanwhile, some of its customers have already found other hosts and have placed their illegal content back online.

Source: Washington Post
Photo: Flickr

Symantec Releases MessageLabs Intelligence Report

Computer security giant Symantec announced the release of its May 2009 MessageLabs Intelligence Report. Covering a wide variety of Internet threats, the report details some disturbing new trends.

Most notably, spam has increased by 5.1% since April. It now accounts for 90.4% of email. Where you live depends on what time of day you receive spam. American spam activity peaks between 9-10 AM, while Europeans get a steady spewing of unwanted email all day. Asians get their spam in the wee hours of the morning.

Interestingly, there’s been a trend for spammers not to write long emails, but just include a message title and link. If more spam is being sent out, at least no one is having War and Peace delivered to their inbox each day.
Read More >>

Cyber security organizations create "Chain of Trust"

The Anti-Spyware Coalition (ASC), National Cyber Security Alliance (NCSA) and StopBadware.org have joined forces to create the Chain of Trust Initiative aimed at putting an end to the distribution of malware on the Internet. The goal is to combat malware by working in coordination with security companies, registrars, web hosting companies, network providers, and others to combat malware.

“One thing that’s come up repeatedly is a lack of clear standards and expectations, and inability for one party to feel comfortable being protected legally if they make a determination on something and take action on it unilaterally,” Maxim Weinstein, Stopbadware.org Manager told SCMagazineUS.com Tuesday.

They are concerned that many hosting providers do not concern themselves with whether or not their clients are engaged in distribution of malicious software. They will now address such providers head-on, hoping that the collective pressure will work in a similar manner to the successful battle against Adware companies in the past. The organization is currently meeting to setup a plan of action and will place a suggestion form on their website for any who wish to contribute.

Source: SC Magazine
Photo: SXC

MessageLabs: Over 3,500 Malicious Sites Created Daily

MessageLabs’ monthly Intelligence Report for April 2009 indicates that spam levels have spiked in 2009, climbing well above 85 percent, higher than it has been since 2007. Most of these are new image-based spam emails originating in China. Rather than including the images within the email as an attachment, the malicious images are hosted on a remote site and linked to by the email.

Usually, the email will claim to be from Facebook or another service that might have personal information about the user. Upon clicking on the link, the user is transported to a web site that appears to match the email’s claims but is actually redirects them to a .cn (China) domain.

One in 304 emails contains a virus and one in 404 emails is a phishing attack, the report says. The danger of malicious web sites is much higher. On average 3,561 new malware websites are setup daily.

The United Kingdom is the most spammed country in the world with spam levels reaching 94 percent of all email, followed by China (90%), Hong Kong (89%), Australia (88%), Japan (86%), Germany (83%), the US (79%), the Netherlands (78%), and Canada (77%).

Source:SecurityProNews
Photo: Flickr