Over the past few years, the Zeus virus has infected millions of financial systems worldwide, capturing account credentials that cybercriminals use to gain access to corporate networks and steal sensitive data. While there have been competitive programs designed to dethrone Zeus and remove the widespread malware from infected systems, a newly announced malicious software is threatening to one-up the infamous do-it-yourself banking Trojan. Continue reading this post…
From the “what more proof do you need?” file: 90% of the most secure firms may be affected by botnets…
An RSA study released on Wednesday claims that most major U.S. corporations — including up to 88% of Fortune 500 companies — may be affected by botnet activity from computers compromised by the Zeus Trojan.
In the article, “88 percent of firms show Zeus botnet activity,” RSA’s FraudAction Anti-Trojan services analyzed data stolen by Zeus from infected computers that included IP addresses and emails that belonged to the corporations. Among the stolen data found on the sites where infected computers drop the stolen data was compromised email addresses from about 60% of the firms. Continue reading this post…
Top Endpoint Security Stories for November 2009
November was a busy month for security stories. The month kicked off with more stories of massive security patches from both Microsoft and Apple leaving me to wonder when the patching madness will ever end. Windows 7 was found to have a flaw that allows denial of service attacks. Internet Explorer v7 (IE7) even made it into the news with the latest vulnerability, but I question efforts to patch an aging application, why not just upgrade or use Firefox? If they aren’t willing to upgrade, do people really think they will patch IE7?
Without further delay, here are the stories that caught my eye in November: Continue reading this post…
Social network security key issue for business in 2010
There have been many cases of social networks overlapping security software this year. Whether they are using Twitter or Facebook for botnet control or propagating phishing links through shortened URLs, online criminals are finding ways to tap into the explosive growth of social networks and use that to exploit end users and their devices.
A recent article in SearchSecurity.com, “Hackers to sharpen malware, malicious software in 2010″, points to increasing sophistication in cybercriminals’ use of social networking sites. Continue reading this post…
Don’t miss the point of 60 Minutes grid security story – Cyber threats are real
In the wake of the 60 Minutes story there has been both a significant amount of attention given to the story online as well as expected complaints that the story was over hyped. The specific complaint was the citation by “prominent intelligence sources” that the Brazilian power outage was caused by cyber attacks. I even received some tweets dinging me for propagating the hype from my last post on the original 60 minutes story.
The complaint is that 60 Minutes didn’t do their homework and that there is no proof that the actual outage was caused by hackers. I won’t get dragged into that dispute here, but I would like to address the conclusion that some have made that hacking in general is overstated.
To those who work in the security industry and say that the cyber threat to both Government and private systems is over hyped, my answer is have they even been paying attention? Both foreign governments and organized online crime have been carrying out attacks with specific purposes with increasing frequency and the evidence is all around us. Continue reading this post…