Dennis Fisher

From The H Security
A network of hijacked Linux servers is apparently being used to distribute malicious software to Windows PCs. According to an analysis by web developer Denis Sinegubko, the comprised systems all have one thing in common: the light weight web server nginx is running and serving content through port 8080. Otherwise, these systems are inconspicuous and appear to operate quite normally. This new tactic was discovered when links to malware posted in China were replaced by dynamic DNS names from DynDNS.com and No-IP.com. Read the full story [The H Security].

From The Washington Post (Brian Krebs)

Finding the notorious Clampi banking Trojan on a computer inside your network is a little like spotting a single termite crawling into a crack in the wall: Chances are, the unwelcome little intruder is part of a much larger infestation. At least, that’s the story told by two businesses which recently discovered Clampi infections, compromises that handed organized cyber gangs the access they needed to steal tens of thousands of dollars.Read the full story [Washington Post].

Dennis Fisher talks with Stephen Toulouse, director of policy and enforcement for Xbox Live at Microsoft, about his years at the Microsoft Security Response Center, the evolution of security at Microsoft and the joy and pain of being the bad guy on Xbox Live.

From The Last Watchdog (Byron Acohido)

A strong dose of déjà vu enshrouds the heightened security advisory Microsoft issued today about the newly-disclosed SMB2 zero-day vulnerability in the Windows Vista and Windows Server 2008 operating systems. It was one year ago today — September 2008 — that Chinese malware brokers were spotted selling a $37 tool kit that allowed anyone to exploit a newly-disclosed RPC-DCOM vulnerability in Windows XP and Windows Server 2000. Read the full story [The Last Watchdog].

The last couple of years have seen a dramatic rise in the number and quality of malware-as-a-service and hacking-as-a-service providers, with many of them advertising their services on the Web. And while law enforcement officials are well aware of the problem, they’re not having much luck in finding or prosecuting the criminals behind the schemes.

Vendors are finally releasing patches today for the TCP vulnerabilities first publicized nearly a year ago that affect a huge range of networking products, including any device running a version of Cisco’s IOS software, and a number of Microsoft server and desktop operating systems. Both Microsoft and Cisco released fixes for the vulnerabilities on Tuesday.

Nils Gilman, an author and entrepreneur, details the common themes and techniques that connect the actors in the illicit economies around the world, including the malware and botnet economies.