Computerworld recently reported on the shut down and subsequent resurrection of the Srizbi botnet. When the ISP hosting the Srizbi command and control (C&C) servers was taken offline, spam levels for the entire Internet dropped by 41%. The welcome reduction in junk mail was short-lived, however, when hackers regained control of infected machines yesterday. After such a successful botnet take-down, how did authorities allow this to happen? Also, what did the hackers do wrong that allowed their botnet to be shut down for so long?

(more…)

Are you concerned about protecting confidential data on computers in your organization? Sometimes it can be difficult, even for security experts, to know exactly what they are up against. This article not only enumerates threats to confidentiality, but also compares the ability of different security products to combat these threats. The resulting threat matrix paints a clear picture of exposure. This matrix also highlights the role of my own security software, Web Tap, which is partially responsible for the recent reduction in blog post frequency.

(more…)

Mengjun Xie et al. presented a paper today on detecting and suppressing IM-based malware using a honeypot approach. The idea is to create decoy IM accounts and add them to random users’ buddy lists in an enterprise environment. Then, when these accounts are hit with file transfer requests or links to malicious software, HoneyIM sounds an alarm and detects the infection. Unfortunately, their approach only works on so-called “hit-all” worms that go after every user in your buddy list, which the authors admit in the paper. HoneyIM would not work against a worm that interjected links in the middle of conversations, for example. It would also fail against targeted attacks with a human behind the keyboard. This article suggests a better, alternative approach to the problem of IM malware that would detect even one instant message containing a malicious link. (more…)

The other day I was helping a family friend move into the dorms at the University of Michigan and set up her very first personal computer. The question came up: What should I do to keep my computer running smoothly and free from unwanted software? All security experts know the answer to this question, but it can be very difficult to articulate when asked by someone who does not share the same intimate knowledge of security threats. This article does its best to explain secure personal computer usage in a way that is simple, memorable, and effective. It is a great starting point for security education in an enterprise or home environment. (more…)

Last night I was using the popular peer-to-peer file-sharing program LimeWire. When I tried to search for a file, the first result that came up was a 75 KB executable named “Urgent LimeWire Update – Please download and install now.” (This file was obviously some sort of malware, not a LimeWire update.) This got me thinking, how many ways are there to infect someone’s computer with malicious software? More importantly, what can an administrator do to protect systems from malware, and is it possible to eliminate all infection channels? In this article we focus on web browser and e-mail based malware infections, and take a look at how e-mail could be improved to provide greater security. (more…)

Downloading software from the internet is one of the easiest ways to become infected with malware. Some organizations have a central authority that verifies software integrity before releasing it in the local network, but how does the central authority know that the binary or source code is free from malware and known security vulnerabilities? The current method, which is not secure, is to run software through a virus checker and/or verify cryptographic file checksums posted on the same server that hosts the software. This post suggests a better way of doing things. (more…)