Cisco Blogs


Cisco Blog > Security

ZeuS: Getting a Taste of its Own Medicine?

This week brought us a wide variety of news about the ZeuS malware platform and its criminal users. While the platform has been very successful at stealing banking credentials and money from its victims, it may be showing some promising signs of weakness to the security community. While it has long been recognized as a modular and adaptable platform, the rising complexity in the system may be exposing it to security concerns found in traditional enterprise software. Identifying and exploiting these weaknesses may be an essential factor in disrupting its botnets and tracking down its controllers.

One of those features, highlighted in this week’s Cyber Risk Report, was a jump into mobile malware. One particular ZeuS adaptation has appeared as a combined threat between desktops and smartphones, with the ultimate goal of intercepting not only keyboard-entered user credentials, but also SMS messages from banks used for out-of-band user authentication.

Read More »

Tags: ,

Largest Fake Pharmacy Spam Affiliate Program Closes

October 5, 2010 at 10:33 am PST

On Monday morning, I woke up and started my weekly routine by looking through the spam captured by our traps over the weekend. It feels as though I am still dreaming, because the most notorious pharmacy affiliate program, Spamit, seems to have made good on its threat of closing its doors. Brian Krebs blogged about this last week, citing that “Spamit administrators blamed the impending closure on increased public attention to its program.” So far, we have seen no sign of spam advertising “Canadian Pharmacy” and our SenderBase and SpamCop services are both showing a significant decrease in global spam volumes.

Sun Tzu famously said, “Keep your friends close, and your enemies closer.” Spamit, along with the rest of the fake online pharmacy community, has been very near and dear to us at Cisco Security Intelligence Operations (SIO) for several years. We visited the Subway restaurant in Toronto, Canada supposedly occupied by “My Canadian Pharmacy,” an affiliate program run by bulker.biz, Spamit’s main competitor. Read More »

Tags: ,

Borderless Networks: Where Has the Firewall Gone?

Few aspects of networking have experienced as much change in recent years as the network firewall.  Once considered a desktop security device, then embraced as the cadre of gateway security for businesses of all sizes, the firewall has lost its “place”.   Don’t get me wrong, I’m not belittling the importance of the network firewall – in fact, my intention is quite the opposite!

Today Cisco made an announcement that supports the notion that the network firewall is more important than ever.  But where does it belong?  Marketers and IT professionals, alike, are all guilty of using the silly “brick wall” graphic in all our presentations.  I’ve done it myself more times than I can count – right there, between the network edge and the DMZ.  After all, that’s where it has traditionally lived, right?

The problem is that with the advent of cloud computing, virtualization, and the ability to gain anytime/anywhere access to data from a wide range of devices, it’s hard to tell where the network begins and where it ends these days.  And if we can’t find the network edge, where do we place the firewall?  How do we protect our network assets from the deluge of Internet-borne threats? Read More »

Tags: , ,

A New Twist on Denial of Service: DDoS as a Service

At Cisco, we are fortunate to be at the vanguard of many exciting developments in networking and IT technology. Borderless Networks — where we connect anyone, anywhere, any device, and enable voice, video, and data — is a prime example. Enabling secure access to the cloud, powering SaaS for the enterprise, and helping IT successfully cope with the consumerization of enterprise IT are core elements of this effort.

Trends can sometimes run in surprising directions. While the white hat side of the house is enabling services and applications (Salesforce.com), and even core IT functions such as email and office productivity (Google Docs) are available in hosted or web delivered forms, the black hat side of the house is also not letting technology pass them by. For instance, take IMDDOS, a Chinese company with a name that should perhaps be read “I’m DDoS.”

Read More »

Tags: , ,

Cisco Security Tracks LinkedIn Spam Attack

September 27, 2010 at 12:00 pm PST

Starting this morning—Monday, September 27, at 10am GMT—cyber criminals sent spam email messages targeting users of the LinkedIn social media community. This is the largest such attack known to date.

Read More »

Tags: , , , ,