Distributed SSH Brute Force Attacks
Recently a couple of news reports have come in that suggest that someone has changed how they do SSH brute force attacks: Spike in failed SSH logins could be beginnings of a coordinated attack, ISC...
View ArticleWalking Waledac
First, it looks like Waledac is the Storm Worm infrastructure and group but with new malcode. I now fully support this conclusion and have for several days based on evidence from reliable sources. OK,...
View ArticleTwo Weeks of Conficker Data and 12 Million Nodes
I got access to some sinkhole logs for Conficker to do some processing. The logs are so big (this is one big sinkhole) that processing them took a few days. I only wanted to focus on the worm’s biggest...
View ArticleThe Conficker Cabal Announced
Today Microsoft announced a broad industry alliance to combat Conficker, the savage Windows worm taking advantage of MS08-67. The Conficker group isn’t going to be formed, it’s been happening for a...
View ArticleQuick Notes on Cyber Warfare News
First, Radio Free Europe/Radio Liberty is reporting that a Kazakh website was crushed by a DDoS attack. The site, zonakz.net, appears to be a news site that may have posted, from time to time, articles...
View ArticleHas Conficker Growth Slowed?
Or is it too early to tell? I suspect that things like this are always best determined long after they’ve happened. The bottom of a recession or the top of the bubble, the end or even just the...
View ArticleConficker Did Not Melt the Internet
But it is busy. Last week’s April 1 trigger date for the new routines in Conficker.C/D (depending on the vendor) was mis-reported by some press agencies as the date many in the CWG said the Internet...
View ArticleLessons for the Internet from Swine Flu: Bear with me!
This morning on my drive to work I listened to a story on NPR about swine flu in relation to past epidemics. Just an hour or so earlier I had sent a message over Twitter that I was trying to avoid the...
View ArticleConficker Working Group Lessons Learned Document
On the Conficker Working Group’s website, the Lessons Learned document has finally been made public. Sponsored by the US DHS, with key efforts at getting it written from Rick Wesson and David Dagon,...
View ArticleArbor Networks at Virus Bulletin 2011
Arbor’s ASERT team has a paper at this year’s Virus Bulletin conference in Barcelona, Spain. The paper, by Arbor’s Jeff Edwards and Jose Nazario, is titled A survey of Chinese DDoS malware and is based...
View Article
