http://www.secureworks.com/research/blog Information security analysis and commentary from the research team at SecureWorks. http://secureworks.com/research/blog/index.php/2009/10/30/toorcon-11-a-success There are two things one can count on every year at ToorCon: the amazing San Diego weather and excellent presentations about new and emerging security research. This year's ToorCon 11 did not disappoint, and delivered a lot of great content and new security research throughout the weekend. http://secureworks.com/research/blog/index.php/2009/10/30/toorcon-11-a-success http://secureworks.com/research/blog/index.php/2009/9/29/monkifdlkhora-botnet-hiding-its-commands-as-jpeg-images The SecureWorks Counter Threat Unit (CTU) has been carefully monitoring the activity of the Monkif/DlKhora botnet. This bot is an example of a Downloader trojan, in that its primary purpose is to receive instructions to download and execute other malware. The trojan also attempts to disable anti-virus and personal firewall software to maintain its foothold on the system. http://secureworks.com/research/blog/index.php/2009/9/29/monkifdlkhora-botnet-hiding-its-commands-as-jpeg-images http://secureworks.com/research/blog/index.php/2009/9/25/skype-eavesdropping-trojan Recently, programmer Ruben Unteregger released the source code for a Trojan that allows an attacker to listen in on a victim's Skype conversations. For approximately seven years, Unteregger has worked as a software engineer for ERA IT Solutions AG where he developed the trojan. Skype traffic is encrypted using a 256-bit AES block cipher, the kind approved by the US Government to protect "TOP SECRET" information. http://secureworks.com/research/blog/index.php/2009/9/25/skype-eavesdropping-trojan http://secureworks.com/research/blog/index.php/2009/9/4/twitter-based-botnet-command-and-control Twitter is a social networking and microblogging service launched in late 2006. Once logged in, users post small updates to the site frequently throughout the day. These short update messages, known as "tweets," may not exceed 140 UTF-8 encoded characters. http://secureworks.com/research/blog/index.php/2009/9/4/twitter-based-botnet-command-and-control http://secureworks.com/research/blog/index.php/2009/8/27/crypto-attacks Black Hat USA 2009 brought us the latest release of Moxie Marlinspike's sslstrip tool. sslstrip is a tool for performing man-in-the-middle (MITM) attacks against TLS/SSL sessions. The previous version simply terminated the TLS connection at the MITM point and forwarded on an unencrypted connection to the client. http://secureworks.com/research/blog/index.php/2009/8/27/crypto-attacks http://secureworks.com/research/blog/index.php/2009/7/24/browser-memory-models-firefox-catching-up Recently announced was a radical change to Firefox's memory model. A new project called Electrolysis aims to outfit Firefox with multi-process capabilities. This is great news for Firefox fans. The Electrolysis page states that a future goal of the new memory model may be to provide security enhancements as well. http://secureworks.com/research/blog/index.php/2009/7/24/browser-memory-models-firefox-catching-up http://secureworks.com/research/blog/index.php/2009/6/30/zango-decision-offers-legal-safeguards-to-the-security-community One of the provisions of the Communications Decency Act (Section 230 of the US Code) established a safe harbor for ISPs so that they couldn't be held liable for the speech of their users. If you take umbrage at something someone said on the Internet, your remedy is to sue the speaker, not their ISP or telephone company. http://secureworks.com/research/blog/index.php/2009/6/30/zango-decision-offers-legal-safeguards-to-the-security-community http://secureworks.com/research/blog/index.php/2009/6/3/sha-1-collision-attacks-now-252 Eurocrypt 2009 was recently held from April 26-30 in Cologne, Germany. Sponsored by the International Association for Cryptologic Research (IACR), the website states that "It is devoted to all aspects of cryptology." This year's Eurocrypt rump session was held on April 28, which featured a talk entitled "Automatic Differential Path Searching for SHA-1". http://secureworks.com/research/blog/index.php/2009/6/3/sha-1-collision-attacks-now-252 http://secureworks.com/research/blog/index.php/2009/5/20/on-the-new-cybersecurity-bill On April 1, 2009, while the rest of the cybersecurity world was largely focused on the Conficker worm, Senators John (Jay) Rockefeller and Olympia Snowe introduced the Cybersecurity Act of 2009. Since the hype over Conficker has died down now, I've had a chance to review the text of this somewhat controversial bill and add my two cents to the discussion. http://secureworks.com/research/blog/index.php/2009/5/20/on-the-new-cybersecurity-bill http://secureworks.com/research/blog/index.php/2009/5/12/following-the-trojan-trail In this post I will go over the latest botnet making the headlines. The "Finjan botnet" appears to be large and strikes fear into many. As an average computer user, should you be afraid of the botnet, or should you be scared of being compromised by a Trojan? How bad can one piece of malware be? http://secureworks.com/research/blog/index.php/2009/5/12/following-the-trojan-trail