28 Jul Amazon S3 exploiting through SpyEye Jorge Mieres
11 Jun Offensive attacks and the World Cup 2010 Dmitry Bestuzhev
25 Mar Named & shamed! David
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
Cloud Computing providers offer gigabytes of storage for free, and the cybercriminals use to maintain and spread malware of all the kind. At the same time, many legitimate services are not free, but are still very attractive to cybercrime gangs. In the case of Amazon, Amazon Simple Storage Service (Amazon S3) does the trick.
Despite being a paid service, the cost is not an obstacle for profitable attackers. In fact, my colleague Dmitry Bestuzhev recently told us about the spread of malware exploiting this service to "the cloud".
The truth is that these cases are not isolated. According to our research, cybercriminals have been running SpyEye activities and from Amazon for the past couple of weeks.
The World Cup 2010 is the most popular event running right now. The cyber criminals didn’t want to lose such “good” opportunity for them and already took advantage in some ways like sending spam leading to phishing sites, to spread malware and so on. All that attacks go through the end-point machines stealing personal information of the users. This is the most common “modus operandi” of the cyber criminals.
However today we found an interesting attack apparently not related to money. The attack was on the Indonesian government Web server. The gang behind the attack put a defacement on the hacked Web server clearly related with the World Cup activities:
If you visit the hacked Web site you will also be listening an official WorldCup song. In the past we saw a lot of cases when the Web servers were hacked based on political, racial and other motivations. Today we see sport related motivations joined by competitive spirit are also an influence on cyber criminals for launching offensive campaigns.
In the time when the cyber criminal’s activity is higher than usual, please pay special attention to your security. If you don’t want to be a victim, just use the following basic security tips:
StopBadware.org, launched in January by Harvard University's Berkman Centre and the Oxford Internet Institute, is designed to put pressure on purveyors of 'badware' programs by 'naming and shaming' them. 'Badware', according to the organization's site, is 'malicious software that tracks your moves online and feeds that information back to shady marketing groups so that they can ambush you with targeted ads'. The project is supported by Google, Sun and Lenovo.
StopBadware.org positions itself as 'a "Neighbourhood Watch" campaign aimed at fighting badware.' The project will 'seek to provide reliable, objective information about downloadable applications in order to help consumers make better choices about what they download onto their computers.' It also 'aim[s] to become a central clearinghouse for research on badware and...[those] who spread it, and become a focal point for developing collaborative, community-minded approaches to stopping badware.'
Yesterday StopBadware.org issued its first reports, naming and shaming Kazaa, MediaPipe, SpyAxe and Screensaver.com as applications that 'contain annoying or objectionable behaviors'.