Botnets targeting enterprises and they are lean & mean

This post at Damballa Botnet Size within the Enterprise highlights few important points about botnets in the enterprise

- Less than 100 member botnets are 57% of botnet population & these may be targeting specific enterprises or verticals

- Probably more professionally managed specifically targeting corporate systems & data within the target enterprise.

- Maybe the work of employees backdooring critical systems for comforts of remote management bypassing security policies but these are made out DIY malware construction kits.Hence providing a parallel path for the DIY kit providers to access those critical systems.

Posted via email from Ramki's posterous

Few interesting things observed this week -wk-39

Security stuff:

Damballa says that botnet infections in enterprises have increased and these could be custom made for the targeted organisation 

"The bad guys are also finding that deploying a small botnet inside a targeted organization is a more efficient way of stealing information than deploying a traditional exploit on a specific machine"

These botnets are very intelligent

"they are typically more automated than bots in the big botnets" and "are also increasingly using more and different types of malware rather than one particular family in order to evade detection"

Source article: Up To 9 Percent Of Machines In An Enterprise Are Bot-Infected -Most are members of tiny, unknown botnets built for targeting victim organizations

Security monkey has has posted What Does The Internet Know About You? providing good advice & tips for protecting your privacy on the Internet

Looks like the state of affairs with merchants/retailers are so bad that this post on darkreading hints cash: Debit Or Credit? Neither

Neat post providing information about malware  characteristic Categories of Common Malware Traits

This white paper is a must read for any one thinking about NAC and of course users also; A technical exploration of why NAC is failing

PCI Virtualization Special Interest Group (SIG) is addressing the PCI DSS virtualization compliance questions in the next update due next year

General stuff: 

This writeup has some good pointers for those CCNA's wondering what next after CCNA?

Cyborg's could become a reality Pentagon has developed a cyborg beetle... hope my son will see a real terminator kind of cyborg :-)

MIT has conceptualised and is developing a camera-glasses & implantable microchip that could help blind gain some amount of vision. Though this is ground breaking stuff the article also cites couple of other similar efforts in progress as early as 2002. 

Posted via email from Ramki's posterous

BHO dropping Monkif is growing & delivering specialized payloads

"Trojans such as Monkif often deliver a specialized payloads comprised of predetermined malicious code and wait to engage in more generic activity"

"Due to their unrestricted access in browsers such as the Internet Explorer event model, malware such as that downloaded and executed by Monkif has been created as BHOs.  In many instances, such code is capable of detecting secure HTTP sessions between a financial institution and the compromised host, and subsequently setting in motion a series of events that capture all information associated with a given users key strokes"

I wouldn't say things like change to non-windows, dont use IE, etc. Its highly critial to have systems fully patched (means applications also), a/v updated, run periodic maintenance such as adware/spyware scans... this should help in reducing your exposure.

Source article is here Monkif’s Metamorphosis to Full Blown Botnet

Posted via email from Ramki's posterous