Blog

Spearphishing APT-itude Test

My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack. Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself clarifying why I don't find the APT buzzword particularly useful (hat tip to SC Magazine UK's Dan Raywood for turning my thoughts in that direction).Randy Abrams subsequently raised another point worth thinking about, though. Rivner's blog classifies the targeted attack as spear-phishing, and like a number of other commentators, I've taken his word for it.

Threat Trends Report

The March Threatsense report at http://www.eset.com/us/resources/threat-trends/Global_Threat_Trends_March_2011.pdf includes, apart from the Top Ten threats:a feature article on Japanese-disaster-related scamming by Urban Schrott and myselfnews of the Infosec Europe expo in London on the 19th-21st April, the AMTSO and CARO workshops in Prague in May, and the EICAR Conference in Austria that followsthe story of a fake AV package passing itself off as an ESET productcommentary on a premature requiem for the firewallcommentary on a lo-tech ATM scam reported by Randy AbramsWhile the top ten ran like this:INF/AutorunWin32/ConfickerWin32/PSW.

How to Avoid a Phishing Attack

With the breach of Epsilon, we are going to see a huge influx of phishing attacks before it settles back down to the normal level of tons of phishing attacks. So you aren’t a computer expert, how do you protect yourself?Don't worry about spotting the phish, it is more important that you do not take the actions that make the attack successful.There are a few simple rules to follow that will almost certainly prevent you from becoming a victim… if you are diligent.Fundamentally there are two ways the phishing attacks work.

Information Wants to be Free – So Epsilon Thinks

Information Wants to be FreeIf you are a member of the technology advocate crowd that uses this slogan for a mantra, you are going to love the Epsilon Company. Reports starting coming out on April 2nd that the mega email marketing giant, Epsilon was breached and millions of names and email addresses of customers of very large banks and retailers were “liberated”.If Epsilon isn’t familiar to you that is understandable They are a kind of behind the scenes company that major retailers and banks use who don’t really want you to know how much information about you they have aggregated use. Epsilon is the email machine these companies use to generate massive amounts of something that most people call spam.

Samsung and I Got Bit by a VIPRE

Yesterday I reported that Samsung laptops were infected with a keystroke logger. This certainly appeared to be the case as a Samsung supervisor reportedly confirmed (http://www.networkworld.com/newsletters/sec/2011/040411sec1.

Three questions on World Backup Day: What? How? When?

A number of organizations dedicated to online hosting have launched an interesting initiative by naming this day, March 31th, World Backup Day. Who hasn’t ever lost a USB device and has regretted not having a backup? Who hasn’t experienced the death of a hard drive only to lose information that won’t ever be able to be recovered? I’m sure most of the readers have been through this, and that is why I invite you to take this day to think about the importance of backups.So, if moved by the premise you want to take advantage of today's date to start backing up your systems, I’m sharing the three questions that must be answered before any backing up takes place:What information should be backed up? A backup is not only the indiscriminate storage of all system files, therefore it is important in some way (at least in a simple one) to prioritize the information and decide which data needs to be backed-up. For example, a folder containing pictures of your family and children is not equal in value to a folder containing interesting wallpapers.

More SC Magazine Blogs

In Giving the cybercriminals a helping hand, Randy Abrams discusses how most Facebook app developers are making session hijacking too easy for the cybercriminals.In A tsunami is also a crime wave I talk about the range of cybercrimes that have come out of the Japan earthquakes and tsunami.And in Supporters Club I return to the topic of support desk scams, offering to sell you services to deal with malware that isn't on your system.David Harley CITP FBCS CISSPESET Senior Research Fellow.

Facebook Fixes Flaw – Farmville Compromises Facebook

After the release of FireSheep, Facebook took an important step to help protect Facebook user accounts by allowing users to choose to keep an encrypted connection as long as they used just Facebook and intelligently designed apps.Savvy users immediately discovered that if they tried to use grossly insecure apps such as Farmville, 21 Questions, or a variety of apps by Rockyou then you were switched back to an unencrypted connection.Having an unencrypted connection means that if you are on an unsecured network, such as those frequently found in coffee shops, airports, and many other public places, then another person can mess around with your account and do things like post messages as if they were you. In fact, they are actually logged into your account for the session, but they don’t have your password, so there are some security features they can’t change.

Got a Samsung? You Got Owned

If you have a Samsung computer check it out. If there is a directory called c:\windows\SL. This is a directory used to house a commercial keystroke logger that it appears Samsung is using to steal your passwords, screen shots, and other data.An article at http://www.

The End of Win32/Swizzor?

It appears that the group behind the Win32/Swizzor malware family has put an end to their operation. This malware family has been around since 2002. Security companies have seen hundreds of thousands of unique binaries classified as this family, which was installed on PCs through "affiliate" programs. The malware is used to display unsolicited advertisements on infected systems.