Internet's 'bad neighborhoods' mapped

[waltky]

Internet's 'bad neighborhoods' mapped...

Internet's 'bad neighbourhoods' spread scams and spam
15 March 2013 - About 50% of all junk mail on the net emerges from just 20 internet service providers (ISPs), a study has found.

The survey of more than 42,000 ISPs tried to map the net's "bad neighbourhoods" to help pinpoint sources of malicious mail. The survey by a researcher in Holland found that, in many cases, ISPs specialise in particular threats such as spam and phishing. Methods to thwart attacks and predict targets also emerged from the study. The large-scale study was carried out to help fine-tune computer security tools that scrutinise the net addresses of email and other messages to help them work out if they are junk or legitimate. Such tools could make better choices if they were armed with historical information about the types of traffic that emerge from particular networks.

In his analysis Giovane Cesar Moreira Moura who studied at the University of Twente found that some networks could be classed as "bad neighbourhoods" because, just like in the real world, they were places where malicious activity was more likely.

Knowing where mail comes from can help spot if it is likely to be junk or malicious

Of the 42,201 ISPs studied about 50% of all junk mail, phishing attacks and other malicious messages came from just 20 networks, he found. Many of these networks were concentrated in India, Vietnam and Brazil. On the net's most crime-ridden network - Spectranet in Nigeria - 62% of all the addresses controlled by that ISP were seen to be sending out spam. Networks involved in malicious activity also tended to specialise in one particular sort of malicious message or attack, he discovered. For instance, the majority of phishing attacks came from ISPs based in the US. By contrast, spammers tend to favour Asian ISPs. Indian ISP BSNL topped the list of spam sources in the study.

Analysis tools

Mr Moreira Moura pointed out that malicious traffic coming from one network did not reveal its ultimate source. Many cybercriminals route spam and other traffic through hijacked PCs or send it across compromised corporate networks that join the net via an ISP.

The data gathered for the study is helping to create analysis tools that will do a better job of assessing whether traffic coming from sources never seen before is good or bad. In the same way that people avoid walking through parts of towns and cities known to be dangerous, security tools can start to filter traffic from ISPs known as historical sources of malicious messages. "If security engineers want to reduce the incidence of attacks on the internet, they should start by tackling networks where attacks are more frequently originated," he wrote the in the research paper.

BBC News - Internet's 'bad neighbourhoods' spread scams and spam

 

[Mad Scientist]

"If security engineers want to reduce the incidence of attacks on the internet, they should start by tackling networks where attacks are more frequently originated," he wrote the in the research paper.

Right! Because shutting down parts of the Taxpayer Funded Internet is Freedom!

Walt, I get a kick out of your signature:

Kinda funny how, instead of a 'sequester', the Wall Street bankers got bailed out.

Why you bad mouth America's Owners? That's called Capitalism! That's called Freedom!

By the way, the Federal Reserve is printing $80 Billion a month for it's own purposes yet the entire gov't shuts down for $43 billion?

Americans are easy to defeat nowadays.

 

[waltky]

Watch out for email from the .su domain suffix...

USSR's old domain name attracts cybercriminals
May 31,`13 -- The Soviet Union disappeared from the map more than two decades ago. But online an `e-vil empire' is thriving.

Security experts say the .su Internet suffix assigned to the USSR in 1990 has turned into a haven for hackers who've flocked to the defunct superpower's domain space to send spam and steal money. Capitalist concerns, rather than Communist nostalgia, explain the move. "I don't think that this is really a political thing," Oren David, a manager at security firm RSA's anti-fraud unit, said in a recent telephone interview. David noted that other obscure areas of the Internet, such as the .tk domain associated with the South Pacific territory of Tokelau, have been used by opportunistic hackers. "It's all about business," he said.

David and others say scammers began to move to .su after the administrators of Russia's .ru space toughened their rules back in late 2011. Group-IB, which runs one of Russia's two official Internet watchdogs, says that the number of malicious websites hosted across the Soviet Union's old domain doubled in 2011 and doubled again in 2012, surpassing even the vast number of renegade sites on .ru and its newer Cyrillic-language counterpart. The Soviet domain has "lots of problems," Group-IB's Andrei Komarov said in a phone interview. "In my opinion more than half of cybercriminals in Russia and former USSR use it."

The most notorious site was Exposed.su, which purportedly published credit records belonging to President Barack Obama's wife, Michelle, Republican presidential challengers Mitt Romney and Donald Trump, and celebrities including Britney Spears, Jay Z, Beyonce and Tiger Woods. The site is now defunct. Other Soviet sites are used to control botnets - the name given to the networks of hijacked computers used by criminals to empty bank accounts, crank out spam, or launch attacks against rival websites.

Internet hosting companies generally eliminate such sites as soon as they're identified. But Swiss security researcher Roman Huessy, whose abuse.ch blog tracks botnet control sites, said hackers based in Soviet cyberspace can operate with impunity for months at a time. Asked for examples, he rattled off a series of sites actively involved in ransacking bank accounts or holding hard drives hostage in return for ransom - brazenly working in the online equivalent of broad daylight. "I can continue posting this list for ages," he said via Skype.

MORE

See also:

Tips to Minimize Your Risks From Cybercrime
May 31, 2013 > Cybercrime strikes an estimated 1.5 million people every day. That’s about 18 victims every second, 556 million people around the world, every year. While experts say the people who commit these crimes are becoming more sophisticated, you don’t have to be another statistic. There are effective ways businesses and individuals can minimize their risks.

Protecting organizations and individuals from data thieves is a multibillion-dollar industry. There's a good reason. Alan Edwards, the president of WhiteHorse Technology Solutions says anyone with access to the Internet should be worried - because cybercrime is no longer limited to your home, your office or your bank. “You have your iPad you’re carrying around, you have iPhones, your android tablets, your laptops. So much information walks out the door of the office,” says Edwards.

For hackers - all that mobile data spells opportunity. Criminology professor David Maimon says one way to reduce your risks is to be very careful about what you post on social networking sites. “I think the fact that you report to everyone about your actions 24/7 is problematic because if someone wants to victimize you, all they have to do is look at your Facebook account," said Maimon.

A little common sense can pay dividends:

 

[waltky]

Feds and Microsoft team up to take down Citadel botnet...

FBI and Microsoft take down $500m-theft botnet Citadel
6 June 2013 > The FBI and Microsoft have broken up a huge network of hijacked home computers responsible for stealing more than $500m (£323m) from bank accounts.

The Citadel network had remotely installed a keylogging program on about five million machines to steal data. About 1,000 of the 1,400 or so networks that made up the Citadel botnet are believed to have been shut down. Co-ordinated action in 80 countries by police forces, tech firms and banking bodies helped to disrupt the network. "The bad guys will feel the punch in the gut," Richard Boscovich, a spokesman for Microsoft's digital crimes unit said.

Control code

The cybercriminals behind Citadel cashed in by using login and password details for online bank accounts stolen from compromised computers. This method was used to steal cash from a huge number of banks including American Express, Bank of America, PayPal, HSBC, Royal Bank of Canada and Wells Fargo. Citadel emerged after core computer code for a widely used cybercrime kit, called Zeus, was released online. Underground coders banded together to turn that code into a separate cybercrime toolkit that quickly proved popular with many malicious hackers. In a blogpost detailing its action, Microsoft said Citadel had also grown because malicious code that could take over a PC had been bundled in with pirated versions of Windows.

The millions of PCs in the criminal network were spread around the globe, but were most heavily concentrated in North America, Western Europe, Hong Kong, India and Australia. Despite the widespread action, which involved seizures of servers that co-ordinated the running of Citadel, the identity of the botnet's main controller is unknown. However, Microsoft has started a "John Doe" lawsuit against the anonymous controller, believing him to use the nickname Aquabox and be based in Eastern Europe.

In addition, the FBI is working with Europol and police forces in many other countries to track down and identify the 81 "lieutenants" that helped Aquabox keep Citadel running. Microsoft has also started action to help people clean up an infected computer. Typically, it said, machines compromised by Citadel were blocked from getting security updates to ensure those computers stayed part of the botnet. With the network disrupted, machines should be free to get updates and purge the Citadel malware from their system.

BBC News - FBI and Microsoft take down $500m-theft botnet Citadel

 

[Snookie]

Nuke them!