Banking and Virus Scanning with a Live CD

Last week, Brian Krebs of the Washington Post blogged here advising business owners to perform online banking using a live CD. This excellent advice (IMHO) created quite a stir over the last week. Essentially, banking on a live CD prevents you from becoming susceptible to Windows viruses, while at the same time loading a fresh, non-compromised...

Read rest of entry

Obama Stresses Cybersecurity Awareness

"The lesson is clear, this cyberthreat is one of the most serious economic and national security challenges we face as a nation" (Obama). This is the message that Obama recently declared in a short video on the White House website. He makes it very clear, in the midst of cybersecurity awareness month, that all Americans need to be aware and secure in their online activities. "As consumers we use the internet to pay our bills,...

Read rest of entry

New Zeus Scam Emails and Download Domains

There are some new Zeus emails going around that folks should be aware of. These emails, as reported by the Securosis blog, pretend to be from a system administrator. The administrator asks them to "run SSl updates procedure" as belo...

Read rest of entry

New Twist on IRS Spam

There is a new twist on the IRS emails that have been delivering zbot and other threats over the last month. In some new emails, reports Gary Warner, the link contained in the message is to Geocities.An example from the CyberCrime & Doing Time blog:hxxp://geocities.com/FreddyCampbell36/ohuloc.htmWhile the users will ultimately end up at the commonly used http://www.irs.gov.blah.blah.co.uk/fraud_application/directory/statement.php?etc......

Read rest of entry

Green Cloud Security Firefox Add-On Collection

Firefox recently added the ability to group collections of add-ons for easy sharing. The ISC recently published their recommended add-ons and we've followed in suit. There was a couple additional add-ons, namely FlagFox and KeyScrambler, that are also useful security add-ons. Green Cloud Security Add-Ons: https://addons.mozilla.org/en-US/firefox/collection/greencloudsecur...

Read rest of entry

Spike in Blackhat SEO: Websense Monthly Report

Websense published their monthly report, "This Month in the Threat Webscape". September saw a number of new attacks and an increase in some old ones. One of the most well known and documented problems this month was blackhat SEO poisoning with malicious results leading to rogue AV and other types of malwar...

Read rest of entry

Comcast Monitoring Users for Malware and Botnet Activity

Comcast is beginning the launch of a new service to notify users when of compromised computers and botted machines. The service, called Comcast Constant Guard, has started an initial roll out in the Denver area....

Read rest of entry

Web Threats Booming: APWG First Half Report

The Anti-Phishing Working Group (APWG) released their first half "Phishing Activity Trends Report" with some startling statistics. For those that have not heard of the APWG, the organization devoted to the elimination of phishing and identity theft scams. The report gives statistics on many trends inlcuding phishing trends, rogue AV, keyloggers and others and fully reinforces the fact that the number of threats on the internet...

Read rest of entry

Evolution....New Multi-Function Trojan

Webroot has discovered a new trojan that performs a variety of malicious tasks. One of the primary functions is to crack captchas so that forms of all types can be submitted by the attacker. The trojan will download a specific set of instructions from the internet including which sites to attack, and then operate in the background - attempting to connect to targeted sites. That is not the only concern. The trojan is also capable...

Read rest of entry

Protect Against Keylogging Trojans with KeyScrambler

There has been a lot of news lately surrounding key logging trojans including Zbot, Clampi and others. These trojans are designed to steal authentication credentials and other sensitive information, especially for banking and social networking sites leaving users scrambling for ways to protect themselves. The highlights of these news articles has been how easily these trojans can evade detection even by the most current anti-virus...

Read rest of entry

Zbot Trojan: World's Most Dangerous Malware

The Zbot Trojan, aka Zeus or WSNPoem, is the world's largest and most dangerous malware. A recent whitepaper by Trusteer, who specializes in securing online transactions, proven the Zbot trojan has an incredibly low detection rate amongst anti-virus scanners. Trusteer reports that 3.6 million PCs are infected in the US alone, and even up...

Read rest of entry

Newly Listed IRS Scam and Zbot Domains

A new list of IRS Scam and Zbot domains was recently posted on malwareurl.com. These are interesting as the domain names are altered only slightly and end in .eu. There are a total of 28 domains and 20 unique IP addresses. yoky1w.eu 79.117.171.75 mi11f1.eu 187.64.34.106 mi11fa.eu 187.64.34.106 mi11fd.eu 79.184.58.166 mi11fe.eu 187.64.34.106 mi11ff.eu 85.106.95.114 mi11fi.eu 194.54.48.50 mi11fp.eu 79.184.58.166 mi11fq.eu 79.186.68.243 mi11fr.eu...

Read rest of entry

Introductory Post

As internet threats continue to evolve it's becoming clear that web threats and blended threats are becoming the most predominant danger to network security. Green Cloud Security and this blog are dedicated to the proliferation of information about web security issues - increasing awareness for both network administrators and regular internet users. The creation of this blog comes on the heels of the Websense Security Labs "State...

Read rest of entry

Resources

Below is a list of resources that can be used to analyze web based threats, viruses and malware. I will update this list continually. Web Analysis Services Virus Total - http://www.virustotal.com/ Wepawet  - http://wepawet.iseclab.org/ Virus.org - http://scanner.virus.org/ JSUnpack - http://jsunpack.jeek.org/dec/api Web Sniffer - http://web-sniffer.net/ Applications and Plugins Malzilla - http://sourceforge.net/projects/malzilla/...

Read rest of entry