Your Cyber Intelligence Source

A story published recently by a researcher at Cisco does a great job of illustrating what it takes to setup, manage, and profit from a botnet. The story details many of the typical activities performed by the criminals who manage and sell botnets. What is unique about the story is that the information is obtained directly from correspondence and discussions with an actual criminal behind the botnet. The story can be found at: http://www.cisco.com/web/about/security/intelligence/bots.html

What is especially unnerving about the story to many security professionals is the ease of which the criminals are able to perpetrate their activities. The criminals behind the botnets can bypass many security technologies through malware and phishing attacks. Additionally, these criminal enterprises can be extremely profitable despite recent claims to the contrary by researchers at Microsoft.

Further evidence of the relative ineffectiveness of some of the most well-known security technologies is illustrated by test results in one of our recent reports, Cyveillance Intelligence Report 1^st Half 2009. The report can be downloaded at http://www.cyveillance.com/web/forms/request.asp?getFile=115

Despite the success of the more sophisticated online criminals, some progress in the fight against online crime has been been made. Cyveillance long noticed the trend of criminals being forced to develop very sophisticated methods to bypass detection and security countermeasures. This is a clear indication that the efforts of Cyveillance and others in the security industry are working. As we enter a new era in Security and Intelligence with our acquisition by Qinetiq NA, Cyveillance will continue to make the investments in personnel and technology needed to protect our customers and always stay one step ahead of the bad guys.

Antivirus and Anti-Phishing Tools Provide Inadequate Detection of Cyber Attacks During Critical First 24-Hour Period

In addition to the AV, Web browser anti-phishing and consumer protection application testing, other key findings in the report include:

• Cyveillance tracked an online “fraud chain” which included malware components that store and serve malware executables, distribute malware to consumers and receive and store confidential information collected from infected computers.
  • The United States and China continue to host the majority of malware executables representing 33 percent and 21 percent of attacks, respectively, which make up over half of the malware found during the first half of this year. 
• During the first half of 2009, there was an average of over 23,000 unique phishing attacks per month, which makes phishing still one of the top threats on the Internet.
• Popular consumer applications used for detecting phishing attacks do not provide adequate protection. Initially, Symantec’s Norton SafeWeb only blocked/warned against 4.4 percent of phishing attacks and increased to only 5 percent after the first 24-hour period.
• During the first half of 2009, 200 unique brands were first-time targets of phishing attacks, which represents a 26 percent increase over new brands phished in the second half of 2008.

View the report: http://www.cyveillance.com/web/forms/request.asp?getFile=115