<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

AS10392 -- Hijacked?

An entire BGP AS appears to have been hijacked by cybercriminals who are now using it as a source of spam. ThreatSTOP has therefore added the IP netblocks in this AS* to our emergency feed which will block these addresses for 24 hours. It seems likely that during this time the AS and associated netblocks will be returned to proper control but if not we will either maintain them in the emergency feed or place them in one of our standard lists.

Read More

Share this:

STUXNET fallout

Via my friends at Control Global, I've found and started to read the summary analysis of the STUXNET worm by Ralph Langner. Langner shows what looks like fairly strong circumstantial evidence that STUXNET was a deliberate cyberwar attack - presumably on the Iranian nuclear program, with possible spin offs to also affect nuclear research in other countries as well. Politically, this is fascinating stuff, but as this blog is about cyber security I prefer to look at some of the security issues it raises.

Read More

Share this:

Social Media - the New Exploit Frontier

One of the things that ThreatSTOP does is protect against known malware dropboxes - that is to say the servers that actually deliver the "Fake AV" or trojan when you accidentally visit the "wrong page". Of course these days the "wrong page" is frequently just the ads delivered at an otherwise perfectly legitimate page. Furthermore as companies like Sucuri point out repeatedly, cyber criminals use a variety of security exploits to add malicious PHP to all sorts of blogs and hosted websites. What is potentially worse is that, as the Inquirer reported recently, popular social media sites like Facebook and YouTube are hosting thousands of pages which contain malware links.

Read More

Share this:

Flash - you've been botted

There are times when I disagree strongly with Steve Jobs, and times when I think he may just have a point. The point in question being his dislike of Adobe's Flash. Flash, and Adobe Reader, are in the news again because of yet another security hole that's being actively exploited by the bad guys while Adobe can only promise to fix its code sometime the week after next.

Read More

Share this:

Introducing the BOTNETS block list

Recently I blogged that we had added the abuse.ch ZeuS Tracker botnet list as a block list source. Last week we confirmed that it worked by seeing that our customers had connections to addresses on that list that were blocked by ThreatSTOP, and which came from systems later confirmed to be infected.

Read More

Share this: