Skip to main content

Posts

Showing posts from March, 2012

Twenty percent of all households have at least one bot-infected computer

...and 5% of all enterprise 'assets' are infected.

From Gunter Ollmann, VP of Research at Damballa in this post on CircleID:
"...on average, between 3-7% of assets within enterprise networks are identified as being infected...""Within the ISP/Telco world that have chosen to deploy the Damballa CSP product, between 18-22% of unique subscriber IP addresses are actively seeking to connect to known C&C servers." Ouch.

Note that this is bot-net infections only, not the broader category of computers infected with malware in general. 

When I first started securing systems a couple decades ago there were no external threats. We had Netware, IPX and Arcnet. The only path to a compromise of confidentiality or integrity originated on a keyboard withing the campus. There were no external threats. The threat to our systems was from the inside, and the risk from insiders was mitigated by the assumption that we'd be able to pin the actions initiated a keyboard…

Micrsoft and its partners seize servers...

Microsoft press release on their Zeus botnet server seizure:

"This disruption was made possible through a successful pleading before the U.S. District Court for the Eastern District of New York, which allowed Microsoft and its partners to conduct a coordinated seizure of command and control servers running some of the worst known Zeus botnets."

"As a part of the operation, on March 23, Microsoft and its co-plaintiffs, escorted by the U.S. Marshals, seized command and control servers in two hosting locations, Scranton, Pa., and Lombard, Ill., to seize and preserve valuable data and virtual evidence from the botnets for the case."

Emphasis is mine.

From the actual seizure order:

"There is good cause to believe that the Defendants have engaged in…Trademark Infringement, False Destination Origin, and Trademark Dilution…"

Emphasis is mine.

So if I'm reading this correctly, Microsoft seized the servers, not federal law enforcement. Individuals who work for…

I thought I had this privacy thing figured out, but…

…maybe not. I’m trying out the Collusion plugin for Firefox and the results are interesting. After a couple evenings of my normal surfing routine, the plugin looks like:Yuk.As expected, Google appears at or near the center of attraction.I use the Google suite for anything related to my profession and I use Google’s competition for anything unrelated to my role as an IT professional. My theory is that as a public employee in Minnesota, pretty much everything I do professionally is public anyway, so I figure that there is no net loss to using the Google stack. The Collusion plugin shows that I’m merging the two realms far more than I thought.Also unexpected are several domains that I’ve never heard of, including something called imrworldwide:I have no idea who they are, but they know more about me than I’d like. I use Adblock Plus and NoScript plugins and I accept third party cookies, but I clear all cookies each time I close Firefox (once every few weeks), so I’ve assumed that I’m les…