Flashback botnet checker...
FYI...
Flashback botnet checker ...
- http://atlas.arbor.net/briefs/index#-1335098248
April 09, 2012 - "This resource allows a manual pasting of a OSX systems unique identifier into a form that will show if that machine is part of the Flashback botnet.
Analysis: This tool is provided by Dr. Web who first published details on the OSX Flashback infections. It does not scale well but allows for manual checking and can be helpful for end users."
Source: http://public.dev.drweb.com/april/
"Dear Mac OS user..."
- http://atlas.arbor.net/briefs/index#-824346427
April 09, 2012
___
Symantec OSX.Flashback.K Removal Tool
- http://www.symantec.com/security_res...041214-1825-99
April 12, 2012
F-secure Flashback Removal Tool
- http://www.f-secure.com/weblog/archi...ackRemoval.zip
"... tool linked above has been updated April 12th..."
Infection by OSX version - chart
- https://www.f-secure.com/weblog/arch...OSXVerions.png
> http://forums.spybot.info/showpost.p...3&postcount=44
April 12, 2012
:spider:
Flashback numbers -not- going down...
FYI...
Flashback numbers -not- going down - still over half a million
- http://www.h-online.com/security/new...ew=zoom;zoom=1
Graphic - 24 April 2012
- http://www.intego.com/mac-security-b...hout-password/
April 23, 2012
:mad: :sad:
Google: infected users affected by the DNSChanger malware ...
FYI...
Google: infected users affected by the DNSChanger malware
- http://googleonlinesecurity.blogspot...nschanger.html
May 22, 2012 - "Starting today we’re undertaking an effort to notify roughly half a million people whose computers or home routers are infected with a well-publicized form of malware known as DNSChanger. After successfully alerting a million users last summer to a different type of malware, we’ve replicated this method and have started showing warnings via a special message* that will appear at the top of the Google search results page for users with affected devices...
* http://4.bp.blogspot.com/-EY9pz56oz_...er+warning.png
... Our goal with this notification is to raise awareness of DNSChanger among affected users. We believe directly messaging affected users on a trusted site and in their preferred language will produce the best possible results. While we expect to notify over 500,000 users within a week, we realize we won’t reach every affected user. Some ISPs have been taking their own actions, a few of which will prevent our warning from being displayed on affected devices. We also can’t guarantee that our recommendations will always clean infected devices completely, so some users may need to seek additional help. These conditions aside, if more devices are cleaned and steps are taken to better secure the machines against further abuse, the notification effort will be well worth it."
___
DNS Changer Eye Chart:
>> http://www.dcwg.org/detect/
:fear:
Zbot relentless - Anti-emulations ...
FYI...
Zbot relentless - Anti-emulations
- http://www.symantec.com/connect/blog...nti-emulations
July 3, 2012 - "A couple of months ago, Microsoft took out some Trojan.Zbot servers across the world. The impact was short-lived. Even though for a span of about two weeks, we saw virtually no Trojan.Zbot activity, relentless Trojan.Zbot activity has resumed — with some added new social-engineering techniques as well as some new techniques to help Trojan.Zbot avoid antivirus detection... The effort that has been made by the Trojan.Zbot malware writers is not limited to one, or even a couple of techniques. In most malware variants there are many simple or complicated techniques to help avoid detection... These techniques are part of ever-evolving malware techniques, especially from professional malware writers who invest a large amount of time researching new techniques to -evade- antivirus detection..."
Botnet infections in the enterprise
- http://atlas.arbor.net/briefs/index#730205984
July 03, 2012
The scope and costs of botnet infections require a change in tactics.
Analysis: While automation is critical, automated security systems such as IDS's, firewalls, vulnerability scanning solutions, etc. are -not- a fool-proof solution and must be augmented and run by skilled practitioners. Attackers know how to bypass many security systems, and without skilled practitioners in the loop, this trend will continue...
:sad: :mad:
Godaddy DDoS attack in progress
FYI...
Godaddy DDoS attack in progress
- https://isc.sans.edu/diary.html?storyid=14062
Last Updated: 2012-09-10 21:39:54 UTC ...(Version: 2)
Update: GoDaddy appears to make some progress getting services back online. The web site is responding again. DNS queries appear to be still timing out and logins into the site fail. (17:30 ET) GoDaddy is currently experiencing a massive DDoS attack. "Anonymous" was quick to claim responsibility, but at this point, there has been no confirmation from GoDaddy. GoDaddy only stated via twitter: "Status Alert: Hey, all. We're aware of the trouble people are having with our site. We're working on it." The outage appears to affect the entire range of GoDaddy hosted services, including DNS*, Websites and E-Mail. You may experience issues connecting to sites that use these services (for example our DShield.org domain is hosted with GoDaddy)..."
* Alternate DNS: http://208.69.38.205/
:mad:
GoDaddy's network status ...
GoDaddy's network status:
- http://support.godaddy.com/system-alerts/
"Recently Resolved Issues
Resolved September 10, 2012 at 6:41 PM
... Known Issues
Updated:
06:22 MST
No issues to report"
___
- https://www.godaddy.com/newscenter/r...ws_item_id=410
"... We have determined the service outage was due to a series of internal network events that corrupted router data tables... We have implemented measures to prevent this from occurring again. At no time was any customer data at risk or were any of our systems compromised...
- Scott Wagner Go Daddy CEO"
.