Recent huge Spike in PDF spam

Spammers have changed tactics and are starting to use the PDF format to send out their spam. An analysis shows that it was launched by a botnet that spanned 167 countries.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026840&pageNumber=1

[Editor's Note (Valle): Now that anti-spam companies that learned how to identify and stop image spam fairly well, the spammers have found a new technique to get their messages into people's email boxes.  Yahoo is usually very good at blocking out spam but recently I have been getting 3-4 spam messages a day for the last few weeks and surprise, surprise- they all had PDF attachments.
I talked with the IronPort folks and they said they were all over this and their customers would not be affected by this PDF spam.

Organizations blast spam without knowing it

Many companies don’t realize it but they have compromised computers that are being used by spammers.
http://www.networkworld.com/news/2007/062007-companies-send-spam.html?fsrc=rss-spam

[Editor's Note (Valle): This is a huge liability issue for companies and they need to get their arms around it before some enterprising lawyers do. A good defense against this kind of threat is the IronPort S series that can scan outgoing emails for spam.] 

Spammers overcome Hotmail and Yahoo CAPTCHA systems

An interesting blog post that speculates that the Hotmail and Yahoo CAPTCHA systems have been compromised by spammers.
http://tech.blorge.com/Structure:%20/2007/07/08/spammers-overcome-hotmail-and-yahoo-captcha-systems/

[Editor's Note (Valle): I'm sure the good guys are developing new CAPTCHA systems that can't be easily read by computers. In the meantime, we will all probably see a rise in spam.  The IronPort S series appliance with its SenderBase technology would help mitigate this issue.

Cisco plans to integrate IronPort technology

In this article Cisco talks about its plans to integrate the IronPort SenderBase technology into its products by 2008.
http://www.darkreading.com/document.asp?doc_id=127721

[Editor's Not (Valle): When Cisco pulls this off they will be raising the bar on what constitutes a robust firewall or secure router.  This will also force the other large network/security companies to come up with (or buy) similar technology to make their security products comparable]

Gartner predicts that by end of 2007, 75% of enterprises will be infected

Once these corporate computers become infected they will be turned into “bots” that can be used for spam campaigns and DDOS attacks.
http://www.networkworld.com/columnists/2007/060707
edit.html?page=1

Editor’s note (Valle): The legal issues that corporations have to face if they are infected by bots are multifaceted.  The bots can steal personal data from employees and customers and intellectual property from the company as well as cause disruption to others as part of a DDOS attack or spam campaign.
MARS would be able to easily find infected computers from their network behavior and as Steve Davies from IronPort mentions in the comment section of my June 7th post “Computer hackers steal Carson funds” the IronPort S series appliance monitors all out-bound traffic and can catch a bot calling home.]

Compromised web servers play “hide and seek”

Cyber-criminals are developing a new genre of highly sophisticated and evasive attacks designed to bypass signature-based and database-reliant security technology…Compromised web servers are keeping track of IP addresses of visitors so that they can hide malicious pages when anti-malware crawlers used by URL filtering, reputation services and search engines come for a visit and therefore look like a “clean” site.
http://www.vnunet.com/vnunet/news/2191298/
hackers-turn-genre-evasive

[Editors note (Valle): In this escalating cat and mouse game I'm sure we'll start seeing anti-malware companies start to dynamically change the IP addresses of their web crawlers in order to fool these compromised web servers.
CSA and the IronPort C appliance would be good defenses against malware coming over HTTP (port 80)]

Computer hackers steal Carson funds

A real-life story of the damage a key stroke logger can do on the right (or should I say wrong) computer.
http://www.latimes.com/news/local/la-me-hackers1jun01,0,2083352.story?coll=la-home-local

[Editor's note (Valle) It will be interesting to find out how the key stoke logger got on the Treasurer's computer. The most common vector for this type of attack is opening an email that has the key logger within the email or by following a link in an email to a website that will deposit the key logger through a vulnerability in the user's browser.
Also relevent to this post was the news that a new variant of the Gozi virus (which had a key stoke logger included) was found last week by a security researcher.  Most of the A/V vendors at the time could not recognize this new variant so we really do not know how many computers were infected by it.
CSA would have stopped these key stroke loggers from executing and IronPort appliances would have added an additional layer of defense by filtering email (C series appliance) and web traffic (S series appliance) for malicous traffic.]

People click on the darndest things

A security researcher decided to test how gullible web surfers really were and created a Google advertisement that prodded people to click on it and get infected.  Guess how many people clicked?
http://www.computerworld.com/action/article.do
?command=viewArticleBasic&articleId=9019922
&source=rss_topic85

[Editors Note (Valle) It just goes to show you that now matter what sort of security defenses you put up in your company the weak link will always be the people. A good Cisco (IronPort) product to position for this would be the IronPort C series appliance which can filter HTTP traffic coming over Port 80]

Google Sees Heavy Numbers of Drive-By Downloads

Google has found that almost 1 in 10 websites has some sort of malicious code..
http://www2.csoonline.com/blog_view.html?CID=32927

[Editor's Note (Valle) Google has confirmed what many security companies having been saying for a while: Many websites are now compromised and making bot nets out of their victims.  This study also validated new malware trends:

1) Hackers are using scripting languages to determine how a computer is vulnerable and then requesting an appropriate exploit from a centeral server.
2) Hackers are changing binaries to get by AV programs.

 As per the previous post, the IronPort C series appliance would help enterprises stop trojans and malware from being downloaded and as another layer of defense CSA could be recommended as well