TRAC

August 8, 2013

SECURITY

DNS Compromise Distributing Malware

3 min read

DNS records are an attractive target for distributors of malware. By compromising the DNS servers for legitimate domains, attackers are able to redirect visitors to trusted domains to malicious servers under attacker control. DNS requests are served from dedicated servers that may service many thousands of domains. Compromising these servers allows attackers to take over […]

August 2, 2013

SECURITY

Error Correction Using Response Policy Zones: Eliminating the Problem of Bitsquatting

3 min read

A memory error is a condition that occurs any time one or more bits being read from memory have changed state from what was previously written.  By even the most conservative of estimates Internet devices experience more than 600,000 memory errors per day.  Cosmic radiation, operating a device outside its recommended environmental conditions, and defects […]

July 29, 2013

SECURITY

Security Implications of Cheaper Storage

3 min read

An advert from Byte magazine dating from July 1980 proudly offers a 10MB hard disk drive for only US$3495. Accounting for the effects of inflation, that equates to approximately US$10,000 in today’s prices. If data storage prices had remained constant, this would mean that the 1GB flash drive in my pocket would cost in excess […]

July 22, 2013

SECURITY

July, a Busy Month for Breaches

4 min read

This month has been particularly prevalent for the loss of personal information. At the beginning of the month it was reported that Club Nintendo had been breached with the personal data of up to 4 million stolen by attackers [1]. Subsequently, the forums of Ubuntu were hacked with the loss of 1.82 million usernames, passwords […]

July 19, 2013

SECURITY

Zeus Botnet Impersonating Trusteer Rapport Update

1 min read

Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer product called […]

July 17, 2013

SECURITY

Network Solutions Customer Site Compromises and DDoS

1 min read

Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were redirected away from their proper IP addresses. This […]

June 27, 2013

SECURITY

Expiring Albert: Recycling User IDs and the Impact on Privacy

4 min read

Within many organisations offering online services to the public, there must be a great temptation to expire redundant user accounts that occupy desirable user IDs but which are never used by their users. Presumably the user IDs have been registered by someone, used on a couple of occasions, and then forgotten about. Expiring and recycling […]

June 20, 2013

SECURITY

‘Hijacking’ of DNS Records from Network Solutions

2 min read

UPDATE: This blog post is related to the redirection of domain name servers that occurred back in June 2013.  This post is NOT related to the ongoing activity occuring July 16, 2013.  Cisco TRAC is currently analyzing the ongoing issues with Network Solutions’ hosted domain names and has more information available here. Multiple organizations with […]

June 13, 2013

SECURITY

Scope of ‘KeyBoy’ Targeted Malware Attacks

2 min read

On June 6, 2013, malwaretracker.com released an analysis of Microsoft Office-based malware that was exploiting a previously unknown vulnerability that was patched by MS12-060. The samples provided were alleged to be targeting Tibetan and Chinese Pro-Democracy Activists. On June 7, 2013, Rapid7 released an analysis of malware dubbed ‘KeyBoy,’ also exploiting unknown vulnerabilities in Microsoft Office, similarly patched by MS12-060, […]