[IS&T Security-FYI] SFYI Newsletter, December 1, 2008
Monique Yeaton
myeaton at MIT.EDU
Mon Dec 1 13:03:10 EST 2008
In this issue:
1. Spam Down (But Not For Long) After McColo Taken Offline
2. Cyber Thieves are After Corporations
3. Advanced SANS Forensics Course
---------------------------------------------------------------------------
Spam Down (But Not For Long) After McColo Taken Offline
---------------------------------------------------------------------------
In the last issue of SFYI, I reported the shut down of one of the
biggest spam enablers, McColo Corp. The results after McColo's
takedown were dramatic. About half of the spam on the Internet
disappeared. But it appears that no legal action has been taken
against the company, and the spam wars continue.
That story can be found here:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9121599
>
Another ComputerWorld article reports that spam will begin to rise
again:
The big spam-spewing botnet shut down two weeks ago has been
resurrected, and is again under the control of criminals. The "Srizbi"
botnet returned from the dead late Tuesday [November 25], said Fengmin
Gong, chief security content officer at FireEye Inc., when the
infected PCs were able to successfully reconnect with new command-and-
control servers, which are now based in Estonia.
This story can be found here:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9121678
>
-----------------------------------------------
Cyber Thieves are After Corporations
-----------------------------------------------
There has been a noticeable change of direction in how cyber criminals
are making money these days. Here are some excerpts from an article
posted a few weeks ago in USA Today:
In the past nine months, data thieves have stepped up attacks against
any corporation with weak Internet defenses. The goal: harvest wide
swaths of data, with no specific buyer yet in mind, according to
security firm Finjan.
"Cyber criminals are focusing on data that can be easily obtained,
managed and controlled in order to get the maximum profit in a minimum
amount of time," says Yuval Ben-Itzhak, Finjan's chief technical
officer. He calls it the "grab-and-run" technique.
Knowing that some governments and companies will pay handsomely for
industrial secrets, data thieves are harvesting as much corporate data
as they can, in anticipation of rising demand.
Elite cyber gangs can no longer make great money from stealing and
selling personal identity data. Thousands of small-time, copycat data
thieves have over-saturated the market, driving prices for credit
cards or social security numbers down. Those on the cutting edge are
forging ahead. They're culling the ocean of stolen personal data for
user names and passwords to access corporate systems. The target is
corporate employees who use free Web tools, such as instant messaging,
Web-based e-mail and group chats on social networking sites. Most
fertile turf: AOL, Yahoo and MSN instant messaging; YahooMail,
HotMail, and GMail; and MySpace and FaceBook.
Last month, enterprising thieves discovered a big security hole in
millions of work computers that forced Microsoft to issue a rare
emergency patch. The flaw, in Windows XP and Windows Server PCs, makes
it possible to control any Internet-connected PC without having to
trick the user into clicking on a tainted attachment or Web page.
Criminals implanted a program in corporate PCs that automatically
turned on every 10 minutes, says Sunbelt Software researcher Eric Sites.
The program copied and extracted all personal data stored by a PC's
Web browser and registry, which gives the Web location of the machine,
then turned off. "This looks like something very customized, targeting
very specific people," says Sites. "They could be after business
intelligence or military secrets. These are not your average attackers."
[source: USA Today, November 12, 2008]
The full article can be read online here:
<http://abcnews.go.com/Business/story?id=6234194&page=1>
--------------------------------------------
Advanced SANS Forensics Course
--------------------------------------------
Prepare for a GCFA certification using a locally run, 10 week class,
in Boston. Beginning on January 13, SANS Mentor Evan Wheeler will be
leading this mentor-led class that covers SANS and GIAC Certification
Orientation, Forensic and Investigative Essentials, Forensic
Methodology Illustrated using Linux Parts I and II, Windows 2000/XP
and NTFS Filesystem Forensics, Computer Crime Law and Best Practices:
Managerial and Legal Issues, and Advanced Forensics.
For complete details, see <http://www.sans.org/info/30523>.
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for your password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20081201/8256d524/attachment.htm
More information about the ist-security-fyi
mailing list