security

<
TwitterFacebook
Get flash to fully experience Pearltrees
According to the Betteridge’s Law of Headlines “ Any headline which ends in a question mark can be answered by the word ‘no’ “. Nonetheless, I use this type of a headline for this post because this was the question I asked myself when I came across the following attack. The script was at the very top of the HTML code and in the middle of the page. It was a WordPress site so I suggested to check the index.php and theme files for the malicious code. The topmost script was indeed in the theme’s index.php file. But theme files didn’t contain the script that I found in the middle of web pages’ HTML code.

Unmask Parasites. Blog.

http://blog.unmaskparasites.com/
Earlier, we posted about our operation on the Kelihos.B/Hlux.B botnet takedown that was conducted with by security experts from Dell SecureWorks, CrowdStrike, Kaspersky, and the Honeynet Project. On initial view, the operation seems very clear cut: the bad guys are running a botnet that is doing havoc on the Internet; on the other side, are the good guys that have found a way to disable the botnet. The situation is much more nuanced. The Honeynet Project has been conducting security research for over a decade now and since our early days, we made it a priority to balance benefit and risks in our research. You can trace this back to when the Honeynet Project first defined "data control" as one of the requirements for honeynet/honeypot deployments. The purpose of data control was to minimize potential harm to others resulting from honeypots, which by their nature are vulnerable systems we expect to be compromised and used by malicious actors.

Honeynet Project Blog | The Honeynet Project

http://www.honeynet.org/

‘Mariposa’ Botnet Authors May Avoid Jail Time — Krebs on Securit

http://krebsonsecurity.com/2010/03/mariposa-botnet-authors-may-avoid-jail-time/ Three Spanish men were arrested last month for allegedly building an international network of more than 12 million hacked PCs that were used for everything from identity theft to spamming. But according to Spanish authorities and security experts who helped unravel the crime ring, the accused may very well never see the inside of a jail cell even if they are ultimately found guilty, due to insufficient cyber crime legislation in Spain. According to Spanish security firm Panda Security, the massive botnet, dubbed “Marioposa” (Spanish for “butterfly”), was rented out to criminals as a delivery platform for installing malicious software such as the data-stealing ZeuS Trojan and pay-per-install toolbars.