Cisco Blogs

Cisco Blog > Security

Mail – Got Mail? Got Criminals!

Who gets mail? We all do.

Mail arrives from a variety of public sector sources such as the court system inviting you to jury duty or county assessor providing you with the annual assessment and tax bill. You may also receive in your mail box your credit card statements, and personal correspondence. Perhaps your medical service provider or insurer mails to you an explanation of benefits. Merchants send you opportunities to appreciate their services. Similarly, we all have e-mail addresses; some of us have more than one. Our use of these addresses may be identical to that of our physical mail box. Sadly, the mail, both physical and electronic, is also used by the criminal world to perpetrate fraud.

Ask yourself this question: When mail is processed, arrives or is dispatched, where and how does this occur? Simple enough? Let’s discuss.

Read More »

Text Message Donations May Revolutionize Giving, Scamming

The American Red Cross had a tremendously positive response when it announced a mobile phone giving campaign in the wake of the January 12, 2010 earthquake in Haiti. The campaign was announced at 9pm on Tuesday, Jan 12; by 10am Thursday, Jan 14, the group had collected $3.4 million through mobile donations alone. Each text of the word ‘HAITI’ to the number 90999 was a $10 donation. 340,000 people gave $10 each in just over 36 hours.

I didn’t give a dime via my cell phone. The whole thing smelled like a scam to me, but 340,000 of my fellow Americans did not agree. I was wrong on this one. But given the ubiquity of scams surrounding the Haiti disaster, it would be good to know how we can tell when to trust these campaigns, or when not trust them, down the road.

Read More »

Gartner Recognizes Cisco as a Leader in the Magic Quadrant for SSL VPNs

Mobility is changing the world we work in, and the recent launch of Google’s phone shows that smartphones are here to stay. Whether we are talking about iPhones, Blackberries, or Nokia, Samsung, and Google smartphones, people are using these devices and their laptops to connect to work and personal information, no matter where they are located.

Workers must ensure that they have a secure connection when they are mobile and the key to ensuring secure remote connectivity is VPN technology. Cisco continues to invest in VPN solutions to help the mobile workforce remain secure when they are out of the office with innovative solutions that provide a seamless and secure connectivity experience.

Last month, Gartner recognized and positioned Cisco as a leader in the 2009 Magic Quadrant for SSL VPNs.

Read More »

Wikileaks and the Economics of Information Disclosure is currently experimenting with the economics of information disclosure. As of January 21, the site was offline, soliciting donations that will assist its operators to continue to provide service. That service, of course, is the coordinated disclosure of secret information that once belonged to governments, corporations, and other organizations, and the subsequent efforts to ensure that this information remains public.

When discussing the Wikileaks operational suspension, it is clear to see that there can be both positive and negative aspects to such a disclosure policy. This is to be expected — information disclosure is a risk decision, and as with all risk decisions, there are issues of risk tolerance and risk acceptance that differ among organizations. How Wikileaks chooses to approach information handling and disclosure should give some insight into their motivations and direction. But it is especially interesting to see some of the economic factors behind Wikileaks, some of their operational challenges, and what kinds of risks they are preparing to face.

Read More »

Exploring a Java Bot: Part 3

January 19, 2010 at 1:18 pm PST

Before we begin part 3 in this series, let’s review what we’ve covered so far. In the first post we learned how this bot was discovered and some basics about botnets. In the second post we covered botnet fundamentals like command and control (C&C) and various other capabilities. In this post we will examine some of the offensive features incorporated into a botnet designed to launch attacks and maintain control of hosts (aka victims). First we will discuss how botnets spread and then we will look at flooding and how it’s implemented in this bot.

There are two main ways malware spreads. It’s important to note that these two methods are not mutually exclusive. The first method, made famous by the Morris worm, involves targeting a network-based vulnerability; the author designs an exploit to spread his malware. Once the malware takes over a machine it then infects other machines. Every time the binary moves from one machine to another the botnet has the potential to see exponential growth. Most vulnerabilities only affect a specific operating system at a specific range of patch levels. Malware of this nature often hits big and then its growth rate takes a steep dive as patches become available and as malware is removed. Once the vulnerability is patched, the malware must adapt or accept a shrinking attack surface. Two recent examples of this method are Conficker and Slammer. It is important to note the distinction between the growth rate slowing down and the number of compromised machines. There are still countless machines connected to the Internet running both worms. Even as the growth rate approaches zero, many, many computers have already been infected and continue to run the malware. In two days time on a single Intrusion Prevention System (IPS) we saw over 178,000 slammer attacks.

An attacker simply needs to trick an unsuspecting user into running a binary that is under the control of the attacker. This attack vector is known as a trojan horse. A malware author would package his wares as a link from a friend, a new game of interest, or even a program to create keys for pirated software, etc.

Read More »

Tags: , , , ,