Month: February 2008

New Twist in IRS Phishing Scams

Jose Nazario on February 28, 2008.

Earlier today I got a new phishing scam in my inbox, this one for the IRS. I’d love a tax refund, but I don’t think this is how they normally notify you. The lure email is shown below, and is quite standard in its formatting. […]

Internet Routing Insecurity::Pakistan Nukes YouTube?

Danny McPherson on February 25, 2008.

So, assume you’re an ISP in Pakistan and, for whatever reason, you receive an order such as this (PDF) from the Pakistan Telecommunication Authority (PTA). The letter is from the Deputy Director of Enforcement with the PTA, and is requiring that you immediately block access […]

DDoS Events of Note: WordPress, Gambling Sites

Jose Nazario on February 20, 2008.

The popular blogging site WordPress suffered a DDoS attack a few days ago. Sites like this are often hit, sometimes for inexplicable reasons. Someone gets mad, someone holds a grudge, someone wants retaliation, someone wants to try and hurt the target. I don’t know why […]

New Storm Valentine’s Day Campaign

Jose Nazario on February 11, 2008.

While we saw the Valentine’s day campaign start in January, it’s morphed. This time using the following approaches (some old, some new) raw IP addresses in the spam lures the filename is now “valentine.exe”, using a redirect and a clickable link much more simple HTML […]

SecureWorks: Ozdok/Mega-D Trojan Analysis

Danny McPherson on February 11, 2008.

Enabled by some spam samples Marshal provided, Joe Stewart and the good folks @SecureWorks, with an assist from Team Cymru and my|NetWatchman, have identified the malware and botnet referred to as Mega-D. It turns out Mega-D is composed of bots from the little-known Ozdok malware […]

Mega-D Spambot Follow-up

Danny McPherson on February 5, 2008.

Just to close the loop on this… Phil Hay from the TRACE team at Marshal got back to me yesterday afternoon regarding my query about Mega-D. He provided some clarifications on some of what he referred to as “misleading press reports”. Here’s a quick summary […]

Ahhh.. Mega-D == Cutwail et al.

Danny McPherson on February 4, 2008.

So, no word back from the TRACE folks, however, a couple of sources suggested that what they’re calling Mega-D is actually a downloader Trojan, akin to Cutwail, and is also affiliated with Prg, NTOS, Wsnpoem and Pandex. As the SecureWorks folks stated in their advisory […]

Mega-D Botnet or Mega-Confusion?

Danny McPherson on February 4, 2008.

I read this slashdot article over the weekend and was a bit surprised that I hadn’t heard of this Mega-D botnet before. So, I reached out to a few colleagues of mine and asked if they’d heard anything of it – beyond the press release […]

Asert

Arbor’s Security Engineering & Response Team (ASERT) delivers world-class network security research and analysis for the benefit of today’s enterprise and network operators. ASERT engineers and researchers are part of an elite group of institutions that are referred to as ‘super remediators’ and represent the best in information security. ASERT has both visibility and remediation capabilities at nearly every tier one operator and a majority of service provider networks globally.

ASERT shares operationally viable intelligence with hundreds of international Computer Emergency Response Teams (CERTs) and with thousands of network operators via in-band security content feeds. ASERT also operates the world’s largest distributed honeynet, actively monitoring Internet threats around the clock and around the globe.

Arbor Networks has collaborated with Jigsaw (formerly Google Ideas) to create a data visualization that shows how Distributed Denial of Service (DDoS) attacks have become a global problem. The data is updated daily from Arbor’s global network of sensors and can be viewed at www.digitalattackmap.com