January 30, 2009 - PandaLabs has been buzzing with activity as we’re gearing up for the first Security Blogger Summit in Madrid, Spain. On Tuesday, February 3rd, the world’s foremost security experts and bloggers will convene to discuss the most important (continue reading...) Read more
January 30, 2009 - There is no trying when it comes to protecting your customer’s data: Heartland tries to rally industry in wake of data breach (Network World) The CEO of Heartland Payment Systems (Robert Carr) is calling for the card payment industry to (continue reading...) Read more
January 30, 2009 - Our previous post calculated the worldwide Downadup infection count at approximatively 2.4 million computers.Toni Koivunen from our Response Team has once again used his special techniques to update his previous results.Today's total infection (continue reading...) Read more
January 30, 2009 - Downadup worms attempt to call home.They do this by trying to connect to various Web addresses. And if the worm finds an active Web server at one of these domains, it will download and run a (continue reading...) Read more
January 29, 2009 - At Davos this week, I’ve had the opportunity to speak with world leaders about the most pressing issues of the day. Among the issues we’ve been discussing is the true cost of cybercrime, and the incredible drag it’s creating on (continue reading...) Read more
January 29, 2009 - Downadup variants use algorithmically determined URLs to report back to the bad guys.Reverse engineering the worm's code provides us with the method to predict which domains may be used in the future.Today's preemptive (continue reading...) Read more
January 29, 2009 - The purpose of embassies as a diplomatic channel is continuously being tainted by cybercriminals. Initially reported by researcher Dancho Danchev in his blog, the Indian Embassy in Spain was found serving malware through an injected malicious iFrame. The said malicious (continue reading...) Read more
January 29, 2009 - Late last year, my sister forwarded to me an email that foretold of great evil and destruction should anyone open an email with a “Happy New Year” greeting for a subject. The email begged us to save the world by (continue reading...) Read more
January 28, 2009 - Recently, xiaonei.com (a Chinese social-networking site, similar to Facebook) fixed a cross-site scripting (XSS) vulnerability known as “HTTP Response Splitting.” This flaw occurs when a web application does not properly filter carriage returns and linefeeds (%0d%0a). This allows an attacker (continue reading...) Read more
January 28, 2009 - Our post on Tuesday included a list of domains used by the Downadup worm.Today's list includes 1,500 additional sites used by the worm. Click the image below to view the list: (continue reading...) Read more
January 28, 2009 - Tuesday's post refers to Downadup/Conflicker as an MS08-067 worm variant. What do we mean by that?Downadup and other such similar worms exploit a vulnerability in the Windows Server service.Server Service Vulnerability — CVE-2008-4250. (continue reading...) Read more
January 27, 2009 - Although Data Loss Prevention (DLP) has been recognized as a defined market by analysts like Gartner and Forrester, it’s still not seen as a fully matured market. Perhaps that is why there is still a lot of confusion around this market. Another (continue reading...) Read more
January 27, 2009 - In addition to everything else, Downadup is also a USB worm.USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the (continue reading...) Read more
January 27, 2009 - Parts 1 and 2 happened in succession in November two years ago: the open redirection services of Google and AOL were used by spammers to trick unknowing email recipients into clicking links which led them to different websites. (continue reading...) Read more
January 26, 2009 - So it was inauguration day and I had a dentist appointment. My family was asking me how I managed to schedule an appointment on such a historic day. All I can think is that they have plasmas all over the (continue reading...) Read more
January 26, 2009 - All parents’ greatest concern is sexual predators. A few years ago we thought we understood which children were at risk more than others. But since then we have learned that there are several profiles of children and teens who are (continue reading...) Read more
January 26, 2009 - All of us have watched Chris Hansen’s To Catch a Predator series on Dateline. We sit in front of our TV with baited breath, wondering if that overweight creep will actually walk through the door and if the is stupid (continue reading...) Read more
January 26, 2009 - Google Yourself (and Your Kids)! No, I haven’t changed my policy on using inappropriate language. Google is the search engine and information gathering phenomenon that collects bits and pieces of information available online. Kids have dubbed searching for yourself or (continue reading...) Read more
January 26, 2009 - Websense Security Labs™ ThreatSeeker™ Network has discovered that a subdomain of the International Electrotechnical Commission (IEC) Web site has been compromised. The IEC is an international standards organization that prepares and publishes International Standards for all electrical, electronic, and related (continue reading...) Read more
January 26, 2009 - No thanks! Buying meds from spammers is not a good idea. If you’re a man and you’ve used the Web, chances are you have received or are receiving lots of emails from a bunch of people you don’t know, who really (continue reading...) Read more