no-image

NSAccess Control Lists

Last week, I attended the International Conference on Cyber Security at Fordham University in NYC. This event brought together participants from government, the private sector and academia. The closing session was a panel featuring the directors of the CIA, FBI and NSA… Read Full Article

no-image

ASP.NET Holiday Patches

It’s the end of 2011 as we know it, and Microsoft feels fine finishing out the year with a handful of out-of-band holiday patches. This round is important not because the vulnerabilities directly impact massive numbers of customers and their online behavior on Windows laptops, tablets, and workstations, but because ASP.NET maintains vulnerable code allowing for easy DoS of hosting websites, authentication bypass techniques, and stealth redirections to other websites (most dangerously those sites host phish and hosting client side exploits). All of this could curdle your eggnog in the coldest of weather. Read Full Article

no-image

Dark Market

Dark Market was one of the most famous underground forums ever, for several reasons. The most important one was that one of the administrators was an infiltrated FBI agent running a covert operation that ultimately lead to the arrest of 60 people worldwide. The forum was shut down in 2008, when Dark Market was probably the most important carding forum in the world. Read Full Article

no-image

Java Malware Reconsidered, or, Java Brews a Fresh Bot of Malware

At Virus Bulletin 2011, we presented on the exploding level of delivered Java exploits this year with “Firing the roast – Java is heating up again”. We examined CVE-2010-0840 exploitation in detail, along with variants of its most common implementation on the web and some tools and tips for analysis. Microsoft’s security team presented findings for 2011 that mirrored ours in relation to Java exploit prevalence on the web – it is #1! At the same time, it is striking that it has been very uncommon to see Java backdoors, Trojans and spyware. But that lack of Java malware variety is beginning to change. At the same time, aside from the recent, well-known BEAST Java implementation, it is striking that it has been very uncommon to see Java backdoors, bots, Trojans and spyware. But that lack of Java malware variety is beginning to change. My colleague Roman Unucheck identified a new Java bot with some interesting characteristics that we named “Backdoor.Java.Racac”.

Read Full Article

no-image

Virus Bulletin 2011 – Chinese DDoS Bots

Hello from Virus Bulletin 2011! Several talks this morning were very good, and an unusual topic about DDoS in the east was presented early in the afternoon.

Over 40 families of bots were identified by Arbor Networks and have been tracked over the past year. Online occurance of the malware itself is increasing. A ton of these families are cropping up all the time, at least a new one every week appears with an unusual new capability.

Read Full Article