Veiled Shadows

SecureWorks, an awesome company, by the way, and their mentat’s over there particularly Joe Stewart have published some very good data on the top botnets of 2008 and 2009.  This allows us to focus efforts on the most prevalent threats and analyze and target C&C’s and code from particular campaigns.  Then we can focus real world intelligence on the mal actors. 

Unfortanately the industry has not started to publish individual background dossiers on the real world locations, personalities, and networks behind this stuff.  When it does happen I think you will see the rules of the game change when you shine the light on these bastards.

If you want to track some great progress in Cyberwar and CyberIntelligence, Intelfusion is a great place to start.

For now however I predict that we will continue to be pussys, ala not outing the Storm worm authors over there in StPetersburg who are protected by “unnamed political interests”  Big freaking deal, out them.  If this was done for every positive identification of malware author and crimeware campaign network and manager we could put intense FOCUS on these people and open them to attacks, prosecution and other kinds of white hat nastiness.  Of course intel/LE will poo poo say its our job, fail to apprehend or prosecute said actors or just sit and monitor them forever with no action whatsoever.

I would like to see some real action, the the BS where a 18 year old NewZealander gets busted for running a bot net and gets 2 years probation.  Hey guys, if you really want to solve the problem give me a shout.  I have a few ideas that havent crossed your cerebral cortex’s yet.

O yea.  Pull yer pants up.  This is what the Watchers are getting from you.  Here is a digital Aids quilt of pwned users desktops and all the cool stuff they are doing.

A few techniques that have been around for a while are furthering the criminal enterprise and proving to be the bane of companies and consumers everywhere.  Here is a little roundup.

URL Shortening.  In order to get around browser capabilities that warn the user of a malicious domain, the links are getting rewritten to something more mundane and are more aesthetically pleasing to the eye from a social engineering perspective.

TinyURL

Bit.ly

W3t.org

is.gd   

Also, new on the fast flux front, ICANN just released a paper on fast fluxing pro’s and con’s.    120 pages of blather but some good nuggets inside.  Being an international organization obviously it cant make up its mind really what it wants to do as with most things Internet governance related.

From the exploit kit side of the house a new crimeware kit Adreniline was recently open sourced allowing for more sophisticated capabilities to get into the hands of every little malicious mind out there.  Mostly these backend Malware as a Service packages are trivial little PHP blobs with a MySql backend and copy pasted templates of drive by exploits, phishing and spam templates, and simplistic reporting.  Imagine what a real engineering effort could do.  5 developers and 3 million dollars should do the trick.  Just ups the game for everyone. 

In the meantime we continue to lose billions.  It would be interesting to see the comparison between War on Drugs, and the War on Cybercrime and intellectual property theft.  Of course the the biggest hack of all time is how our freaking country has deep sixed us and erased close to 10 trillion in net worth from the housing collapse, banking collapse, security derivative collapse, credit collapse, economic shrinkage, stock market collapse, income stagnation, skyrocketing national debt, hedge fund fraud, escalating foreclosures, rising unemployment (predicted at 10%) and the oncoming tidal wave of inflation.  Im sure I missed a nasty items in there but you get the point.

If you want to read more about our positive financial outlook you should check out Mogambo over at Atimes

And if you want to check out where we are going to be in the next 100 years check out this Genius (IMHO) Spengler

And why are we concerned about malware again?  O yea, its interesting.

Found a pretty cool comic that sums up a security point nicely.