Back in the day Cisco used to ship network gear with backdoor accounts preloaded with default accounts/passwords. It didn’t take long for the Cisco employees to leak the details before a very large number of network devices got compromised.

Apple continues the idiotic default account/password tradition established by many hardware system manufacturers with its default “alpine” root and mobile user system account passwords used by the iPhone.

Since jailbreaking leaves SSH enabled by default, this opens doors for into millions of jailbroken iPhones. Given that most jailbroken iPhone owners are not tech savvy, they do not plug the security hole.

It takes little effort to write a network port scanner to scan through the open SSH connections on the network e.g. AT&T. Once the devices are accessed using the default passwords, one could easily take over the unsecured devices and harness the power of a mobile botnet that changes IPs as users hop from one cell tower to the next throughout the day.

The iPhone botnets will rise as the worms are starting to spread. There are now several known worm varieties that rickroll or in some cases maliciously target Dutch ING customers for their banking information.

Here’s the source code for one of the worms that connects to a web-based command & control center running at 92.61.38.16 in Lithuania.

It won’t be long before jailbreaking software starts prompting users to change the default passwords. Until then, it’s pretty easy to change the default passwords via the Cydia’s MobileTerminal.

Looks like another hack has hit jail-broken iPhones in Europe again. This time, the worm attacks “jail-broken” phones and redirects ING bank’s customers to a lookalike site with a log-in screen. Currently the Netherland folks who are using their iPhones for internet banking with Dutch online bank are the ones being affected.

The new worm is more serious than the first because it can behave like a botnet, warns F-Secure, and allows the hacker to remotely control and access the phone. In addition, all this can be spread via WiFi and affect other iPhones connected to an open WiFi network.

[via BBC]

Nossa rede de honey pots (servidores usados como isca para apontarem tendências nos ataques contra infraestrutura de internet) apontaram na semana 15/11/2009 – 21/11/2009 em relação à semana anterior, um aumento abrupto (mais de 1300%) nos ataques de força bruta contra senhas em nossos servidores  e imaginamos que isso venha ocorrendo em diversos outros data centers.

Os ataques desse tipo testam milhares de combinações de usuário/senha na tentativa de encontrar uma combinação fraca e ganharar acesso a servidores, podendo assim usá-los para crimes dos mais diversos, como pishing.

Observamos também grande aumento nos ataques tentando sucesso com a técnica do SQL Injection, onde o atacente tenta executar comando SQL arbitrários na esperança de manipular ou roubar dados em bancos de dados.

Os ataques vem partindo principalmente de redes nos EUA (The Planet em especial), Brasil (máquinas contaminadas com bots principalmente no provedor Speedy da Telefonica) e em menor escala vindos da França, Bélgica e Reino Unido.

Entramos constantemente em contato com os administradores dessas redes para informar os ataques, para que eles tomem as providencias necessárias, mas não vemos uma diminuição provavel na frequencia, pelo menos para as próximas semanas. Um novo surto é esperado para o fim do ano, onde cracker deverão tentar novos defaces e comprometimento de servidores para pishing, aproveitando o aumento do número de transações online para as festas de fim de ano.

Os ataques em geral, como descritos acima, vêem principalmente de servidores Windows comprometidos com malwares, servidores Linux em menor escala e em especial de máquinasde usuários residenciais contamionadas com bots, formando botnets.

Não tivemos nenhum ataque bem sucedido reportado em nossa rede de servidores de hospedagem compartilhada (tradicionalmente os mais problemáticos para segurança) após a implantação de medidas defesnsivas e de contra-inteligência feitas nos últimos 2 meses (http://bsrsoft.wordpress.com/2009/10/29/bsrsoft-nova-ferramenta-contra-ataques-ao-php-implementada-em-nossos-servidores/).

Com elas, mesmo aplicações escritas de maneira insegura por clientes nossos, tornaram-se bem menos vulneráveis. Outra coisa que aumento o nível de segurança nesse segmento de serviços da BSRSoft foi a exigência via sistema de senhas seguras, longas o bastante e com entropia (complexidade) altas. Os usuários foram todos obrigados a mudarem suas senhas para seguirem este novo padrão.

This paper focuses on distinguishing human-generated activity from bot-generated activity. Then, human-generated activity can be given preferential treatment (e.g. favorable routing of traffic, not being treated as spam). Their measure for distinguishing human-generated actions from machine-generated actions is pretty coarse and imprecise: an action is human-generated if it is preceded by keyboard or mouse input within a certain amount of time.

To implement this scheme, they go into considerable (exhaustive) detail about how to use the Trusted Computing Module (TPM) to build a trusted path between the physical input devices (keyboard, mouse) and a small piece of software called the attestor. The certify an action as human-generated, applications ask the attester for an attestation, passing a hash of the content to the attested for. If there has been user input within a predefined period, the attester returns a cryptographically-signed token that can be attached to the user action. When an upstream service receives the user action (e.g. HTTP request, email), it can verify the attestation by hashing the content of the action, and checking the cryptographic signature. Incorporating the content hash prevents an attestation for action x being used instead with action y. The verifier also needs to check that attestations are not reused, so the attester includes a nonce in the attestation token.

It is possible that a bot can monitor user actions, and submit malicious content to the attester whenever the user uses an input device. This would allow attestations to be created for malicious content, which means upstream software cannot blindly trust attested-for content. To reduce the impact of this attack, the paper suggests rate-limiting attestations to one per second.

Discussion

I liked how the paper discussed an alternative approach to the same problem (having the attester track keyboard and mouse inputs, and then match that recorded history against the content that is to be attested, looking for a correspondence). Many papers present the solution they chose as the only alternative, when in fact it usually represents only one point in a much richer design space.

In some sense, the inverse of the proposed functionality would be more useful: i.e. being able to assert “this content was definitely bot-generated.” As proposed, it might be very hard for upstream services to make use of the certifications unless this idea saw widespread adoption. For example, suppose that 0.1% of your traffic is guaranteed by NAB to be human-generated. The remaining traffic may or may not be bot-generated, so you effectively can’t discriminate against it.

The paper suggests that, using this approach, human-generated content on a bot-infested machine can be effectively distinguished from bot-generated traffic. This seems pretty unlikely: the bot software can simply suppress all outgoing attestations (e.g. by installing a rootkit and interfering with the API used to request attestations), leaving upstream software in the same state as they would be without NAB.

Botnets are used for various nefarious ends; one popular use is sending spam email by creating and then using accounts on free webmail providers like Hotmail and Google Mail. In the past, CAPTCHAs have been used to try to prevent this, but they are increasingly ineffective. Hence, the BotGraph paper proposes an algorithm for detecting bot-created accounts by analyzing user access behavior. They describe the algorithm, its implementation with Dryad, and present experimental results from real-world Hotmail access logs.

Algorithm

BotGraph employs three different ideas for detecting automated users:

1. They regard sudden spikes in the number of accounts created by a single IP as suspicious. Hence, they use a simple exponentially-weighted moving average (EWMA) to detect such spikes, and throttle/rate-limit account signups from suspicious IPs. This has the effect of making it more difficult for spammers to obtain webmail accounts.
2. They argue that the number of bot machines will be much smaller than the number of bot-created webmail accounts; hence, one bot machine will access a large number of accounts. They also argue that a single bot-created webmail account will be accessed from multiple bots on different autonomous systems (ASs), due to churn in the botnet (although this seems pretty unconvincing to me), and the fact that rate-limiting makes it more difficult to create large numbers of bot accounts. Hence, they look for pairs of user accounts that had logins from an overlapping set of ASs.
3. Finally, they consider a user’s email-sending behavior:
   

   Normal users usually send a small number of emails per day on average, with different email sizes. On the other hand, bot-users usually send many emails per day, with identical or similar email sizes

   Hence, they regard users who send 3+ emails per day as “suspicious”; they also regard as suspicious users whose email-size distributions are dissimilar from most other users.

They use feature #1 primarily to rate-throttle new account creations. Feature #3 is used to avoid false positives.

Feature #2 is the primary focus of the paper. They construct a user-user graph with a vertex for each user account. Each edge has a weight that gives the number of shared login ASs — that is, the number of ASs that were used to login to both accounts. Within the user-user graph, they look for connected components with an edge weight over a threshold T: they begin by finding components with T=2, and then iteratively increasingly the threshold until each component has no more than 100 members.

Implementation

They describe two ways to implement the construction of the user-user graph using a data-parallel system like MapReduce or Dryad, using the login log from Hotmail (~220GB for one month of data):

1. Partition the login records by client IP. Emit an intermediate record (i, j, k) for each shared login on the same day from AS k to accounts i and j. In the reduce phase, group on (i, j) and sum. The problem with this approach is that it requires a lot of communication: most edges in the user-user graph have weight 1, and hence can be dropped, but this approach still requires sending them over the network.
2. Partition the login records by user name. For each partition, compute a “summary” of the IP-day keys present for users in that partition (the paper doesn’t specify the nature of the summary, but presumably it is analogous to a Bloom filter). Each partition sends its summary to every other partition. Using the summaries, each partition can exchange login records with other partitions in a way that allows edge weights to be computed, but doesn’t require sending weight 1 edges over the network.

They argue that the second method can’t be implemented with Map and Reduce, although I’m not sure if I believe them: multicasting can be done by writing to HDFS, as can shipping data between logical partitions.

Discussion

I think the major problem with their experimental results is that there’s effectively no adversary: botnet operators presumably weren’t aware of this technique when the experiments were performed. Hence, they haven’t adapted their tactics — which might actually be quite easy to do.

For example, it seems like it would be quite easy to defeat their EWMA-based throttling by simply increasing the number of signups/time gradually. Essentially, the bot machine acts like an HTTP proxy with a gradually-increasing user population. One can imagine such a bot even mimicking the traffic patterns exhibited by a real-world proxy (e.g. increase at 9AM, decrease at 5PM). Certainly using a simple EWMA seems too primitive to defeat a dedicated adversary.

Similarly, it also seems quite easy to avoid sharing a single webmail account among multiple botnets: simple assign a single webmail account to a single bot machine, and don’t reuse webmail accounts if the bot machine becomes inaccessible. The idea, again, is to simulate an HTTP proxy that accesses a large number of webmail accounts. Intuitively, the argument that “churn” requires reuse of webmail accounts “to maximize bot-account utilization” is unconvincing. Since this is the entire principle upon which their technique is based, I’d be quite concerned that a relatively simple adaptation on the part of botnet operators would make this analysis ineffective.

I thought the paper’s wide-eyed tone toward using MapReduce-style systems for graph algorithms was annoying. Lots of people do large-scale graph algorithms using MapReduce-style systems; in fact, that’s one of the main things MapReduce was originally designed for (e.g. computing PageRank). The paper is not novel in this respect, and I was surprised that they didn’t cite one of the many prior papers on this subject.

Robot ağlar (botnet’ler) ne tür riskler getiriyor?
Robot ağlar pek çok riski beraberinde getiriyor. Bir bilgisayara bir robot bulaştığında, çok farklı suçlar için kullanılabilir ve çoğunlukla kullanılır. Bilgisayar, diğer bilgisayarlara saldırmak (DDoS), istenmeyen e-posta göndermek, tehdit içeren ya da yasadışı web sitelerini barındırmak, hem sabit sürücüdeki dosyalar hem de günlük oluşturucu tuş vuruşları olmak üzere gizli bilgileri çalmak ve bunları suçlulara göndermek için kullanılabilir.

Bu bilgisayarlar, sahte antivirüs programları gibi kendisine gösterilen başka tehdit içeren yazılımları da indirip yükleyebilir. Online oturumlarla kesişebilir ve onları (bankacılık gibi) değiştirebilir. Robot bulaşmış bilgisayarlar, istenmeyen e-posta ya da tehdit içeren yazılımları dağıtması için genellikle başka suçlulara kiralanır ve çoğu zaman tek seferde birden fazla aktif tehdit içeren bileşen içerir.

‘DonBot’ targets Twitter and Facebook users

A major malware botnet has sprung to life and is making a huge spam run through social networking sites.

Researchers at Symantec’s MessageLabs branch said that the DonBot network has begun sending spam emails in large numbers, accounting for as much as four per cent of the total global spam load since 18 November.
The messages advertise a ‘work at home’ programme which promises $300 (£180) a day for posting information online.

“The apparent aim of these emails is to get people to fall for ‘get rich by working at home’ schemes where the victim is encouraged to pay an initial fee for a trial and then sit back and watch the cash come in,” wrote Symantec malware analyst Paul Wood in a blog post.

Clicking on the spam image sends victims to one of any number of Twitter pages which contain links to a third-party site which asks the user to pay the ‘trial fee’.

Researchers believe that the operation uses hijacked and specially created spam accounts on Twitter. Some hijacked Facebook pages are also being used to spread the links.

Source: www.v3.co.uk

This is the third attack on the InBoxRevenge antispam forums within one month. The first DDoS attack which was posted below was on October 28, 2009.

Since about 10:45 Eastern Time on Monday, November 16th, 2009, IBR’s forums are once again offline.

We will give you more details as they become available. It seems that spammers are definitely still very angry with the content posted on IBR.

We will continue to spread information online via various twitter accounts, blogs, and other websites about collecting information which leads to shutting down illegal spammer operations. Attacks such as this one and others do not stop our efforts as we continue to report spamming operations.

As a reminder, check out our other websites online for updates:

Twitter: http://twitter.com/inboxrevenge
Other blogs:

http://garwarner.blogspot.com/

http://inboxrevenge.blogspot.com

http://inboxrevenge.spaces.live.com

Wiki:

http://spamtrackers.org

Please note: that SiL also has his two blogs, which also accept moderated comments:
http://ikillspammers.blogspot.com

http://spamitmustfall.blogspot.com

Last year around this time I was sending out a post on holiday email viruses. While I haven’t seen any outstanding holiday items yet, I did have one possible scam in relation to a just completed online bank transaction. Their email displayed the bank’s logo and looked pretty official. However, it suggested I sign back on to the bank website from the email, and some words were misspelled. I forwarded it to the bank’s abuse email site.

I don’t know about PC’s since I work off a Mac, but when I receive an email, my app has a drag down on the toolbar that says “Source”.  It shows you some of the code, addresses and delivery route that got the subject email to your box. Often the addresses are obviously hooey. For example, something like Earthlink.com, instead of Earthlink.net, or some weird or personal name that doesn’t make any sense. In my above noted case, the source code might have been obvious to an expert, but it wasn’t to me.  However, I think you have to vigilant. If any one thing about an email seems fishy, don’t respond to it.

In any event, I swam over to look at the FBI’s website, to see what they were up to. It looks like a bit. They have 12 notices for this year. It turns out their most recent notice dated 11/3/09 might actually relate to mine above.

The FBI, in it’s efforts to be precise, has utilized some umbrella titles on their notices that make it difficult for us average non-bureaucrats to immediately understand what the heck they are talking about. However, I encourage you to read the text of the bulletins to see if one relates to you. Their link is HERE.

Dark Reading, an Internet Publication put out by InformationWeek. Has a nice article entitled: “ISPs: Email Abuse Down But Not Out”. I don’t know if you will be able to read the link without completing a free registration first. However, if you like computerese they always have interesting things to say. It appears the US might actually be a leader in this category for spam reduction. Also, approximately 90% of email is still spam, which in fighting, is creating a large resource drain for ISP providers.

Then there is Grumblar, a malware botnet that has been around for a while, crashing websites with complex file architecture like WORDPRESS!?!. NetWorkWorld reports: Botnet authors crash WordPress sites with buggy code. Other sites that use complex PHP are also affected.

The vermin who produced Grumblar, in their effort to improve it, goofed up. Even though the older version is still around, the newer one produces a fatal error message on your website, showing you’ve been compromised. If you think you are in that fix, and you are a computer doofus like me, contact WordPress or whomever your Webmaster is, on what to do. If you know a little more, you might try following one of the links in the NetWorkWorld article above.

Last, but not least, if you are shipping via UPS, here is their link entitled: Protect Yourself Against Fraud. Their page links show examples of email and website fraud, in .pdf form.

Are you a Verizon Wireless customer?  Well if you are, then pay special attention.  There is a new scam in the wild right now that is targeting Verizon Wireless customers directly.  It is estimated that about 16% of all Verizon Wireless customers have come into contact with this scam.  This is how it works.

You will receive an email, which appears to be from Verizon Wireless, which states that you have exceeded the minutes limit on your account and asks you to check your account by downloading a “balance checker” tool.  Keep in mind that this message looks exactly like a legitimate Verizon message.  But it is not from Verizon Wireless. If you should download and run the tool, what you are in fact doing, is installing a Trojan Horse. By installing this Trojan Horse, you open up your computer to a myriad of other malware from the Zbot Botnet.  This Bot is notorious for lifting banking and credit information from User’s accounts.  So as you can see, this is a serious threat.

The first emails were sent around 11:30 AM Pacific Time on Friday, 11/13/09.  Friday the 13th’s are always notorious for the launch of new scams on the internet.  Since then, it has been estimated that about 200,000 messages have been sent per hour.  So this scam is already well established.

So how do I know if the Verizon Wireless message is legit? and what should I do if I do receive this message?  First off, and I have stated this many times before in past posts, do not EVER open a message that states that there is a problem with your account from an email that you receive without having asked for the information prior to receiving the message.  Even then, I would be real cautious.  The best way to keep yourself from falling for these scams, is to never open an email from anyone, even if you have an account with them, that states that there is a problem with your account.  Instead, go to the company’s website, in this case Verizon Wireless’, and log into your account.  From there, you can check to see if there is anything that needs your attention.  As always, make sure that you log in over SSL, meaning that the URL starts with ‘https://” and not “http://”.  I cannot say this strongly enough……never, ever open a link in which the email states that there is a problem with your account.  These are almost always scams as companies do not alert you of problems in this manner.  Always, manually log into your account and check it once you are securely logged into your account.

This new Verizon Wireless scam will render your computer useless, should you fall for it, and believe me, it is easy to do.  These scammers know what they are doing and create fake sites, and messages that look exactly like one that you would receive from Verizon Wireless, complete with logo.  They are easy to fall for.  Knowing the basics is all you need though to ensure your safety. Always delete those emails alerting you to account problems and log into your account from the vendors website and check to see if the message is valid from there.  Never click on any link that was sent to you without you asking for it. It is that simple.

For more information, check out the Trend Micro Security Blog Site.

Watch out for this scam as it is a serious one and is easy to fall for.

Let me know your thoughts……

Software that deciphers botnet communications could help infiltrate criminals’ networks.

Networks of compromised computers controlled by a central server, better known as botnets, are a Swiss Army knife of tools for online criminals. Hackers can use these co-opted systems to churn out spam, host malicious code, hide their tracks on the Internet, or flood a corporate network to cut off its access to the Web.

Whenever a new botnet appears, researchers race to reverse engineer the software it installs on a victim’s machine, and to decode the way each bot communicates with the controlling server. Because these communications are often encrypted, such analyses can take weeks or months. Now researchers from the University of California at Berkeley and Carnegie Mellon University have created a way to automatically reverse engineer the communications between compromised computers and their controlling servers.  Read more:  http://www.technologyreview.com/computing/23924/?nlid=2506&a=f

Un anno fa riportavo qui gli effetti osservati a seguito della chiusura forzata di McColo, hosting provider californiano pesantemente implicato in una grande fetta delle attività criminali online dell’epoca.

A 12 mesi di distanza è possibile guardare indietro per vedere cosa è successo nel frattempo e stabilire con maggior chiarezza quale è stato l’effetto degli eventi di allora.

Il solito Brian Krebs ne fa qui un succulento riassunto.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Security firm chokes sprawling spam botnet

The efforts of a research firm took down a botnet responsible for 33% of the world’s spam.

The attack was multipronged. First the security firm reported abuses to ISPs regarding certain IP addresses. Secondly, the firm worked with registrars to deactivate registered names. Third, the firm registered backup domains that were not used, and fourth, the botnet was able to generate random domains based on a specific algorithm. The firm understood the algorithm and registered names possibly generated by this algorithm.

The effect was a botnet that had no where to turn. Now the individual bots have been orphaned and the security firm is working with the ISPs to notify the computer owners whose computers were once members of the botnet.

Click here for more information.

MassMutual Warns of Data Breach

Employee and customer data for MassMutual could have been compromised. Data handled by a third party provider was breached.

Click here for more information.

Majority of Web Apps Have Severe Vulnerabilities

A recent report indicates that close to 9 out of 10 web applications could lead to information exposure due to flaws as 87% of the Web applications analyzed had serious vulnerabilities.

60% of Internet-based attacks targeted Web applications. 90% of web vulnerabilities rested with commercial Web applications while 8% rested with browser-run applications.

25% of the attacks were SQL Injection-based with 17% of the attacks being attributed to Cross Site Scripting

Click here for more information.

No Rush to Adopt Domain Names Written in Chinese in China

While ICANN has opened the gates for IDNs to begin in certain countries, China being one of them, it appears there is no great rush to acquire the Chinese equivalent of the currently used Latin character set.

In many cases Chinese organizations have reduced the number of characters to make it easier for Chinese to type in the URL. For example “Tenchnt” is known as “qq.com” for its users. Another company has used “163.com” as the URL for its brand name as companies often associate numbers with their brands.

In one case where someone has already grabbed the Chinese equivalent to one company’s name, the head of the company would like to purchase the name, but feels having it owned by another party would not create any harm to their existing brand.

While the Chinese character sets will aid Internet usage for the older population, the majority of China’s Internet population is already used to the current method of using the Internet.

Click here for more information.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Bot herders hide master control channel in Google cloud

Google’s “AppEngine” application was used by cybercriminals to act as the master control channel, feeding commands to large networks of infected computers.

Also, it was found that the Koobface botnet was using Google Reader to spam malicious links to social networking sites; one of which being Facebook.

Click here for more information.

Gumblar Botnet Resurges

Known as one of the largest botnets that grew dramatically this year, Gumblar has reappeared.

Gumblar works in two ways. The first is to load malware onto sites. When users visit the sites malware is downloaded onto their computers. The second way Gumblar works is to populate websites with I-frames pointing to websites containing the malware.

Click here for more information.

New Spamming Botnet On The Rise

Currently sending 2.5 billion spam messages globally a new Botnet, known as “Festi” has quickly jumped to the rank of 5% to 6% of all spam generated. The jump means more bots (or compromised computers) were added into its botnet with 60% located in Asia, 18% in Europe and 9% in North America.

Click here for more information.

Practical Analysis: The Fastest-Growing Security Threat

Having grown from a few thousand a day a year ago to more than 500,000 a day SQL Injection is the fastest-growing security threat. Through the use of automated tools cybercriminals are searching for which sites are vulnerable to SQL injection. Such attacks allow hackers to break into networks that can lead to the breach of sensitive data.

Click here for more information.

UK to push for law to retain all communications data

Citing the EU Data Retention Directive does not go far enough and to prevent serious crime and terrorism the British government is pushing for its ISPs to capture and hold data regarding instant messages, e-mail and other electronic communications. The data retained would also include data from third-party services. The data is to be retained by the respective ISPs and not in a centralized database.

Click here for more information.

Mensaje fraudulento intenta confundir al usuario suplantando la dirección de soporte de Facebook, support@facebook.com.

Diario Ti: Websense Security Labs ThreatSeeker Network descubrió una nueva ola de ataques maliciosos de correo electrónico que afirman ser una confirmación para restaurar contraseñas de Facebook.

Los mensajes contienen un archivo adjunto .zip con un archivo .exe en su interior. El archivo .exe tiene actualmente una tasa de detección de casi 30 por ciento en VirusTotal.

El archivo .exe malicioso conecta dos servidores para descargar archivos maliciosos adicionales y se une al botnet Bredolab, lo que significa que los atacantes tienen el control completo de la PC, con lo que pueden robar información de los clientes y enviar correos electrónicos no deseados. Uno de los servidores se encuentra en Holanda y el otro en Kazajstán.

Fuente: Websense.
Extraido de: diarioti.com

As of October 31st, 2009, the attackers were DDoSing InBoxRevenge website again. This is where the IBR anti-spam forum is hosted, though the content is definitely offline at this time.

Early morning 11/1/09 it was reported by @themarkgiles Twitter user that IBR was under a flood attack from 750 bot IPs at a rate of 50/second. Source IP countries: TH (Thailand), IN (India), BD (Bangladesh), RU (Russia), BR (Brazil), PH (the Philippines), etc.

The spammers are hitting the IBR website with IPs that are compromised and under control of a botnet. Obviously some spammer is not happy with the reporting we do of  cybercriminal activities.

We will continue to post more information as it comes available.

UPDATE on 11/1/09

Taken from the most recent IBR Blogspot entry:

Good news — DDoS attacks not over

Members may have noticed another recent outage for several hours. It was another confirmed DDoS, via a method called “syn flood.” In the past, these sorts of attacks have gone on for weeks. We just roll with it.

Why is it good news? It lets us know our efforts are worthwhile, because making internet crime less profitable is exactly what we’re trying to accomplish. If we weren’t making criminals want to attack us, we’d have to wonder what we were doing wrong. We never expect to achieve the amazing level of spammer ire that Blue Security suffered in its famous 2006 attack, but then we aren’t planning to try to keep the site on line during the attacks. We just fall back to the alternate methods of spreading information. If our attackers would like to try to simultaneously take down Google, Microsoft, Twitter, WordPress, and all the other sites we’ve established a presence on, they’ll get themselves a lot more law enforcement attention than they’re currently planning on.

Comments are open for this blog, though they have to be approved by a moderator. And if you have a comment that seems to merit its own “thread,” we can repaste it as a blog post that can get its own comments.

Remember that SiL also has his two blogs, which also accept moderated comments:
http://ikillspammers.blogspot.com
http://spamitmustfall.blogspot.com

And we have our other sites for announcements:
http://twitter.com/inboxrevenge
http://inboxrevenge.webs.com
http://inboxrevenge.blogspot.com
http://spamtrackers.org
http://inboxrevenge.spaces.live.com

As always, the best response to retaliation is to continue to do the reporting you were doing before — but to do more of it.  At the time of this post update, the IBR website loads as a 403 error as of 18:00 GMT on 11/1/09.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

.TM Names Are Now One of the Most Secure on the Internet

Catering to trademarked and brand-conscience corporations serious about their corporate image the .TM Domain Registry has signed with DNSSEC, providing its users with enhanced security against phishing and the malicious community. As a first-of-its-kind for DNSSEC, .TM domain owners can update their DS records in real time.

Click here for more information.

Facebook Phishing Attack Powered by Zeus Botnet, Researchers Say

Asking Facebook users to click on the e-mail provided link to receive their updated password, phishers are using this method as another way to trick users in revealing their usernames and passwords.

Sending the phishing messages at 30,000 per minute as shown researchers the messages are coming from the Zeus botnet.

Click here for more information.

Internet phone systems become the fraudster’s tool

A new angle from cybercriminals include obtaining banking credentials by placing calls FROM the bank. Hackers are breaking into the phone systems of smaller banks because:

• Smaller banks can’t afford the security resources of larger banks.

• People like to bank with smaller local banks.

Hackers will break into phone systems and place calls to customers from the bank’s phone system. Using a prerecorded message regarding suspicious account activity bank customers are asked to respond by inputting their account number and ATM password.

This form of hacking is becoming easier because many of the phone systems are now Internet-based using VoIP.

Click here for more information.

U.K. Proposes To Cut-Off Pirates Internet Connections

The UK looks to curb illegal downloads by disconnecting violators from the internet. Violators would first receive a letter, followed by Internet slowdowns if they persist. If continued violators would face disconnection from the Internet. At this point Britain is looking at France’s 3-Strikes law in that disconnection would occur for a year.

Not mentioned was France’s use of a violator going before a judge to have their day in court before Internet connectivity has been disconnected. ISPs are not in favor of the UK’s move fearing they would have to become the police of the network.

Click here for more information.

Symantec reveals lack of confidence in online retailers

A recent study shows those in the UK have a higher trust in banks protecting their information than other organizations specializing in online retail. The same holds true with Germany in that, while not as confident as the Brits, Germans are more inclined to trust banks with their personal information than they are online-retailers.

Click here for more information.