Rustock Spammers Sought

spam-e-mailThe Rustock spamming botnet was one of the biggest spamming nets in the world until its takedown in February of 2011, this has seen many users have slightly less spam email in their inbox than usual.

Now the authorities and companies involved with the removal of this botnet are after the creators, who that say may number in the handful.

The Rustock botnet, which sent up to 30 billion spam messages per day, might have been run by two or three people.

“It does not look like there were more than a couple of people running it to me,” said Alex Lanstein, a senior engineer at security firm FireEye, which helped with the investigation into Rustock.

That work by FireEye, Microsoft, Pfizer and others culminated on 16 February with simultaneous raids on data centres in seven US cities that seized 96 servers which had acted as the command and control (C&C) system for Rustock.

Read the full article at BBC Technology News HERE

Microsoft Update KB2524375 to Block Fraudulent Certificates

Privacy 001This update is one you will wish to make sure you have installed, its purpose is to block a set of Certificates that had the digital signature of Comodo as the Certification Authority on them, this could have lead to users going to an unsafe or spoofed website, which had been exploited.

Mozilla the makers of Firefox Browser have also updated Firefox to take into account of these fraudulent certificates, so do update that browser to the latest version.

Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

The following domains are affected by the certificates:

  • login.live.com
  • mail.google.com  
  • login.yahoo.com (3 Certificates)
  • login.skype.com
  • www.google.com
  • addons.mozilla.org
  • Global Trustee

You should have already been offered this update over the last few days via Windows Update, but if you have not then run Windows Update or you can visit the download site of KB2524375  – Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing HERE (just choose your Windows version and download and double click the file to install)

Read the full text of the advisory HERE

If you wish to double check to see if you have this update already, just open up Windows Update and click Update History, then look down the list for KB2524375, if you have it then you are ok, if not go to Windows Update or download from the link posted earlier.

Hackers take on Secure ID Tokens

hackerI would say not the best security in the world to let this information out in to the wild and for hackers to actually get to the data, while RSA state that its not as bad as portrayed, I can imagine its not good either.

“Hackers have stolen data about the security tokens used by millions of people to protect access to bank accounts and corporate networks.

RSA Security told customers about the “extremely sophisticated cyber attack” in an open letter posted online.

The company is providing “immediate remediation” advice to customers to limit the impact of the theft

It also recommended customers take steps, such as hardening password policies, to help protect themselves.”

Read full Article HERE at BBC Technology News