[IS&T Security-FYI] SFYI Newsletter, December 1, 2008

Mon Dec 1 13:03:10 EST 2008

In this issue:

1. Spam Down (But Not For Long) After McColo Taken Offline
2. Cyber Thieves are After Corporations
3. Advanced SANS Forensics Course

---------------------------------------------------------------------------
Spam Down (But Not For Long) After McColo Taken Offline
---------------------------------------------------------------------------

In the last issue of SFYI, I reported the shut down of one of the  
biggest spam enablers, McColo Corp. The results after McColo's  
takedown were dramatic. About half of the spam on the Internet  
disappeared. But it appears that no legal action has been taken  
against the company, and the spam wars continue.

That story can be found here:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9121599 
 >

Another ComputerWorld article reports that spam will begin to rise  
again:

The big spam-spewing botnet shut down two weeks ago has been  
resurrected, and is again under the control of criminals. The "Srizbi"  
botnet returned from the dead late Tuesday [November 25], said Fengmin  
Gong, chief security content officer at FireEye Inc., when the  
infected PCs were able to successfully reconnect with new command-and- 
control servers, which are now based in Estonia.

This story can be found here:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9121678 
 >

-----------------------------------------------
Cyber Thieves are After Corporations
-----------------------------------------------

There has been a noticeable change of direction in how cyber criminals  
are making money these days. Here are some excerpts from an article  
posted a few weeks ago in USA Today:

In the past nine months, data thieves have stepped up attacks against  
any corporation with weak Internet defenses. The goal: harvest wide  
swaths of data, with no specific buyer yet in mind, according to  
security firm Finjan.

"Cyber criminals are focusing on data that can be easily obtained,  
managed and controlled in order to get the maximum profit in a minimum  
amount of time," says Yuval Ben-Itzhak, Finjan's chief technical  
officer. He calls it the "grab-and-run" technique.

Knowing that some governments and companies will pay handsomely for  
industrial secrets, data thieves are harvesting as much corporate data  
as they can, in anticipation of rising demand.

Elite cyber gangs can no longer make great money from stealing and  
selling personal identity data. Thousands of small-time, copycat data  
thieves have over-saturated the market, driving prices for credit  
cards or social security numbers down. Those on the cutting edge are  
forging ahead. They're culling the ocean of stolen personal data for  
user names and passwords to access corporate systems. The target is  
corporate employees who use free Web tools, such as instant messaging,  
Web-based e-mail and group chats on social networking sites. Most  
fertile turf: AOL, Yahoo and MSN instant messaging; YahooMail,  
HotMail, and GMail; and MySpace and FaceBook.

Last month, enterprising thieves discovered a big security hole in  
millions of work computers that forced Microsoft to issue a rare  
emergency patch. The flaw, in Windows XP and Windows Server PCs, makes  
it possible to control any Internet-connected PC without having to  
trick the user into clicking on a tainted attachment or Web page.  
Criminals implanted a program in corporate PCs that automatically  
turned on every 10 minutes, says Sunbelt Software researcher Eric Sites.

The program copied and extracted all personal data stored by a PC's  
Web browser and registry, which gives the Web location of the machine,  
then turned off. "This looks like something very customized, targeting  
very specific people," says Sites. "They could be after business  
intelligence or military secrets. These are not your average attackers."

[source: USA Today, November 12, 2008]

The full article can be read online here:
<http://abcnews.go.com/Business/story?id=6234194&page=1>

--------------------------------------------
Advanced SANS Forensics Course
--------------------------------------------

Prepare for a GCFA certification using a locally run, 10 week class,  
in Boston. Beginning on January 13, SANS Mentor Evan Wheeler will be  
leading this mentor-led class that covers SANS and GIAC Certification  
Orientation, Forensic and Investigative Essentials, Forensic  
Methodology Illustrated using Linux Parts I and II, Windows 2000/XP  
and NTFS Filesystem Forensics, Computer Crime Law and Best Practices:  
Managerial and Legal Issues, and Advanced Forensics.

For complete details, see <http://www.sans.org/info/30523>.

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20081201/8256d524/attachment.htm