Tag Archives: malware
One interesting fact that didn’t make it into this month’s newsletter article on “The Secret Life of Spam” is that the United States leads the world in the overall volume of spam produced. And by a huge margin, too: according to security site Sophos, 24% of all spam generated this spring. That’s nearly a quarter! France and China, the runners-up, come in at less than 7% each. The full results can be accessed here. The results may be surprising because we tend to think of spam originating in Russia or Nigeria, or the actual place where the criminals who generate it live. But spam is a world-wide problem, and one would think the bad guys generally know enough to not spoil their own nests. Instead, the countries which actually generate the most spam are those where the most computers are infected with malware. The US merits the top billing for volume not so much due to poor security practices, but to our large and highly-connected population. When the overall amount is divided by population, the US doesn’t do so badly. In a per-person comparison, we come up merely twelfth, near the bottom with Bulgaria and Belarus being tops at 2.7 and 1.9 times the American rate. However, the US is still spewing a lot of crap messages, and if you’re infected, you’re part of the problem. Once your machine becomes part of a botnet, it’s essentially a zombie out of … Continue reading
The news of the latest zero-day (or previously unknown and unpatched) exploit for Microsoft’s browser, Internet Explorer 8, being fixed is still fresh. But another has been announced. This one, however, has not been fixed. Even worse, Microsoft’s known about it for 7 months and not only hasn’t come up with a solution, they haven’t said anything except that though the hole remains wide open, they do not know of any attacks using it. The flaw was made known by the Zero Day Initiative, a site devoted to the responsible and timely announcement of security flaws by the industry. This particular vulnerability allows an attacker to run malicious code against your machine when you visit an infected website with IE8. The easiest way to protect yourself is to set your browsers security settings at the highest level, to block the operations of Active X and Active Scripting. A list of upcoming, unannounced zero day exploits may be found here.
When hackers boast of their exploits, they often claim that they had only the good of the victim at heart – no matter what kind of mischief they’ve been up to. They usually innocently say that they are exposing how they accomplished whatever remarkable invasion or feat merely to help improve security of a site or system by exposing its flaws. The team that invented the Stuxnet virus has never publicly claimed that (or anything else for that matter), but they could if they so desired. Because that is apparently exactly what’s happened. And not only that, the clever people who deployed the virus to make the world safer may well have put all of us at greater risk than ever before. The story of the Stuxnet virus may be the perfect application of the Law of Unintended Consequences to cyberwar. Like Murphy’s Law, this axiomatic principle points out how human efforts often have unforeseen effects that are quite perversely the opposite of what was desired. Of course, since nobody associated with the creation of the virus has ever spoken out, no one knows who exactly is behind it or what their exact plans were. However, in the history computer viruses, Stuxnet holds a unique place – for it is the first virus that is a true weapon. Weaponized code Stuxnet was not designed to steal cash or information but to create real-world sabotage. It was malware specifically engineered to destroy … Continue reading