The Root of the Botnet Epidemic

Over the course of a few days in February 2000, a lone hacker was able to bring some of the Web’s larger sites to their knees, using just a few dozen machines and some relatively primitive software to cripple Yahoo, eBay, E*trade, Amazon, ZDnet and others for hours at a time. No one knew it at the time, but these attacks would come to be seen in later years as some of the earlier outbreaks of what has become a massive online pandemic.Jose Nazario on Botnets and the History of DDoS AttacksDennis Fisher talks with Jose Nazario of Arbor Networks
about the Mafiaboy attacks, the history of DDoS attacks and the botnet

Trojan Horse Behind Flash Install Spam

The latest malware spam email requests users to click on Flash download and install the “flashinstaller.exe,” but it has banking trojan behind it. Read the full article. [HelpNet Security]

Facebook administrators have blocked a clickjacking exploit that
displayed images of a scantily clad woman on profile pages without
first prompting the user for permission. Read the full article. [The Register]

Security researchers have identified a new worm spreading across
Facebook, luring people out to adult Web sites and automatically
replicating itself across people’s profile pages. Read the full article. []

Kaspersky Lab malware analyst Vyacheslav Zakorzhevsky has written an in-depth article describing the scareware (fake anti-virus) epidemic.  The article touches on the common distribution techniques, the tricks used to scare users into paying fraudsters for a removal tool and the way code generators are being used to create these malicious programs.  It also provides some infection statistics and some practical protection advice.  Read the full article []

The same-origin policy vulnerability in Adobe Flash that was disclosed last week by a researcher at Foreground Security is more serious than just a simple software flaw, experts say. It illustrates a fundamental flaw in the way that Flash objects are handled by Web servers and Web browsers, alike, leading to a serious weakness on both ends of the Internet communication channel.

Heads up to all Microsoft Windows users: If you’re running Windows
2000, Windows XP or Windows Server 2003, stop what you’re doing and immediately download and apply the MS09-065 update released earlier this week.

Security researchers say it’s only a matter of time — days not weeks
— before malicious hackers start exploiting one of the vulnerabilities
via booby-trapped Web pages or Office (Word or PowerPoint) documents.

By Vitaly KamlukWe’ve been looking at the infrastructure of the Gumblar malware and found some curious facts on how Gumblar operates which we would like to share to make hosting owners aware of the Gumblar threat.Analysis of some infected websites showed that the only way to inject the infection of Gumblar was by using FTP access, because those websites have no server-side scripting. Later this was proved by an analysis of FTP log files.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.