03.21.2010 | STERLING, VA
iDEFENSE LABS IN THE NEWS
iDEFENSE LABS IN THE NEWS
iDEFENSE LABS IN THE NEWS
MySpace Users Get MyMalware
PCMAG.COM
MySpace users who expressed an interest in patio furniture got more than they bargained for if they clicked on an ad for DeckOutYourDeck.com earlier this month.
Michael La Pilla, an analyst for VeriSign iDefense, was searching MySpace on July 16 when he discovered that a patio furniture ad prompted a file called exp.wmf. If installed, up to five adware programs could have landed on the users' computers. La Pilla contacted MySpace but the company's defense team had already taken the ad down and was working to find its source.
QAEDALIST.COM
New York Post
U.S. intelligence agencies have begun monitoring a frightening new Web site that functions as a "Craig's List" for terrorists across the globe, The Post has learned.
In the past month, membership on the site has grown by 200 people a day, and it swelled to 10,322 in the days and weeks following the announcement that mystery man Abu Hamza al-Muhajir was named as the new leader of al Qaeda in Iraq.
A man with a similar name is listed as the administrator of the Web site, called Mohajroon.com, and his caricature pops up when outsiders try to access secret members-only sections, according to Andretta Summerville of the cyber security firm iDefense.
The Web site has been functioning as a one-stop shopping place for terrorists, wannabes and their supporters around the world and appears to serve as an important part of the support network for the murderous al Qaeda in Iraq, Summerville said.
Hackers Target University Computer Assets
TechNewsWorld, May 30, 2006
"Universities have been a target of attackers for well over a decade, because there is a wealth of information there that is useful for exploitation. There are young students there who have credit cards, Social Security numbers, bank accounts and other types of online assets that are valuable to criminals," Ken Dunham, senior engineer at threat intelligence firm iDefense , told TechNewsWorld.
While corporations may have large security budgets and IT staff, universities often do not enjoy the same level of resources to safeguard information. Universities are typically understaffed, and their IT employees often are undertrained to deal with computer security, Dunham noted. These educational IT gurus may be ale to deal with standard system administration, but the challenge is to move beyond mere functionality into security.
"Unlike a corporation, universities have unique challenges that are extremely difficult to manage. They often have a very large number of users and support a wide range of computers," said Dunham. "It's very different from a small business that wants to adopt a bunch of Microsoft (Nasdaq: MSFT) computers and call it good. These guys might have to support Apples and PCs and have them talk to each other. It makes it increasingly complex."
Anatomy of a Threat
Wall Street Journal, Feb. 13, 2006
During the quiet post-holiday evening of Dec. 27, an anonymous message appeared on an email list where techies share information about vulnerabilities in computer security. The note claimed that hackers had discoveredand were exploitinga previously unknown hole in Microsoft Corp.'s Windows operating system.
This type of situation, known as a "Zero Day" attack, is rare and perilous: Usually, by the time security holes are revealed publicly, Microsoft is aware of them and has a solution ready. In a Zero Day attack, millions of computer users are left exposed while the software giant rushes to fix the problem.
"The nature of attacks has changed dramatically," says Ken Dunham, director of the rapid-response team at iDefense, the VeriSign unit that monitors the hacker underground and analyzes security threats. "In the last few years, we've gone from code for fun to code for cash."
E-mail worm bent only on destruction
USA TODAY, Jan. 30, 2006
iDefense, a VeriSign company, confirmed the deletion program works. More than 500,000 PCs are believed to have been infected since it first appeared on Jan. 16. That's a modest infection rate, but victims face grim consequences. On Friday Feb. 3 any infected machines will lose all Microsoft documents and Adobe files.
Victims can tell they've been infected if they clicked on an e-mail attachment and had their keyboard and mouse freeze up, forcing them to reboot, says Ken Dunham at iDefense.
Latest Sober Worm to Spawn Nazi Hate E-Mails
Washington Post, Dec. 7, 2005
iDefense president Joseph Payne said he hoped law enforcement action could help stymie the launch of the next Sober variant or its fascist-themed spam run.
"I'd hope that by [Jan. 5] authorities have pretty much managed to beat this into the ground to ensure that the sites we've identified are shut down and that this whole thing fizzles out by then," Payne said. But he cautioned that whoever is behind the Sober worm has shown a remarkable ability to evade law enforcement.
The latest version impersonated e-mails not just from the highest echelons of U.S. law enforcement, but from similar investigative branches in Britain and Germany.
"It takes a pretty brazen person to draw the attention of the world's leading law enforcement agencies. ... This is a person or group that is dead set on getting their message across," Payne said.
Cyber criminals peddle wares on ignored Web sites
Reuters India, Dec. 1, 2005
Dormant Web sites no longer monitored by administrators have in effect created hundreds of online bazaars for criminals, said Jim Melnick, director of threat intelligence for VeriSign Inc.'s security unit iDefense.
"I compare it to a low-income area where a landlord is not keeping up certain buildings, or the drug trade," he said. "If a person gets busted on one corner they will move to another."
iDefense's Melnick said he expected more underground users to flock to these forgotten sites after a government crackdown last year sent cyber criminals searching for other places on the Web to sell their goods.
Malicious Keyloggers Run Rampant on Net
eWeek, Nov. 28, 2005
Anti-virus companies have developed signatures that will stop many of those programs before they can be installed, but new programs with unique signatures are readily available from malicious code download sites. In some cases, the programs' source code can be purchased so buyers can create their own keylogger variants, Dunham said.
Windows OneCare Beta Is Ready to Roll
eWeek, Nov. 23, 2005
According to an advisory from iDefense, Windows AntiSpyware is one of several applications that insecurely call the "CreateProcess()" and "CreateProcessAsUser()" functions.
"This creates a scenario whereby arbitrary code could be executed," iDefense warned, noting that the attack scenario would involve some form of social engineering to get the arbitrary code installed in the correct location.
Technology: Who's Got My Keys?
Newsweek International Edition, Nov. 22, 2005
Joe Payne, vice president of Reston, Virginia-based iDefense, calls identity theft the biggest issue facing e-commerce, and notes that keylogging in particular is a crime of opportunity. "It's so easy to create [keyloggers]," he says, "and there's very little risk of being caught." According to Payne, the fact that keylogging code is freely available tempts many people who wouldn't otherwise engage in criminal schemes. By the end of the decade, biometric security measures could put the keyloggers out of business. Until then, the best protection is an up-to-date firewalland perhaps a prayer.
Cyber crooks break into online accounts with ease
USA Today, Nov. 3, 2005
Apart from data thieves, another kind of crook specializes in converting the stolen ID data into goods and cash, using the Internet as a communications and distribution network.
"The market is becoming more sophisticated," says Jim Melnick, former analyst for the Defense Intelligence Agency, now director of threat intelligence at security firm iDefense. "There's more differentiating of roles and services to streamline and accelerate cybercriminal activity."
Malware Writers Exploit Skype Hype
TechNewsWorld, Oct. 18, 2005
Dunham said when it comes to getting hooks in naive or unsuspecting customers, e-mail trumps traditional junk mail by far because of its widespread distribution and the available assets that are tied to a person's identity. What's more, he said personal information is exploitable at a much higher level online.
"It's easier to commit fraud through e-mail than traditional junk mail because e-mail is anonymous. It's more difficult for people to see what's real and not real," Dunham said. "E-mail fraud is actually a very low cost and low risk for hackers."
Exploit code raises Windows worm alarm
ZDNet, Oct. 14, 2005
Furthermore, code that exploits a flaw in Microsoft's Windows FTP client (MS05-045) is available publicly on the Internet, said Michael Sutton, director at security intelligence company iDefense, a part of VeriSign.
"Patching is very urgent," Sutton said. "We expect public exploit code to become available, especially for the MSDTC issue."
Mobile Workers Cut Gaping Hole in Security
IT Management, Oct. 11, 2005
"What it means is this is a whole different medium to manage," [Ken Dunham, a senior engineer for VeriSign iDefense Intelligence based in Mountain View, Calif.] adds. "If you're going to have mobile users, you have to manage them. Companies struggle to identify what the risks are for mobile users. They don't have good models in place because they're not used to dealing with it. But today a lot of people are using laptops so we're going to see better security than we have in the past. It does mean there are unique challenges to making sure laptops are secured and locked down."
Profile of a Virus Writer: Pride to Profit
TechNewsWorld, Oct. 6, 2005
Ken Dunham, senior engineer for iDefense VeriSign, said there has also been an increase in the criminalization of creating malicious code, referring to bounties and law enforcement efforts.
"It's a multi-billion dollar interruption to businesses," he told TechNewsWorld regarding malware attacks. "Today, there is more of a focus on it, and if they play the pride game, there's a lot more risk."
Agents Target Online Criminal Underground
Boston Globe, Sept. 25, 2005
In addition, agents must keep up-to-date on the lingo and locations of thieves' websites, which change frequently as governments agents or the servers that they are hosted on shut them down, said John Watters, vice president and general manager of the intelligence division for VeriSign iDefense.
"You've got to know the language and the secret handshakes," he said. ''Once you're in there, everyone watches everyone to see who's a fed."
Credit Reporting Companies Co-Opt Encryption
E-Commerce Times, Sept. 23, 2005
"Whenever we have collaboration to improve security, and when we're looking at core components such as encryption, it's good," he [VeriSign iDefense senior engineer Ken Dunham] said. "The danger of any such program is, you have to realize it has to be a comprehensive plan. An insider might steal information and compromise the entire database."
Report: Attackers Quietly Target Desktops, Personal Data
TechNewsWorld, Sept. 19, 2005
"The whole threat landscape has changed dramatically in the last two years," VeriSign iDefense senior engineer Ken Dunham told The E-Commerce Times. "It's these little nickel and dime exploitations that are giving hackers access into big networks and big assets. The risk has gone up with increased exploitation capabilities."
Hackers work to exploit latest Firefox flaw
CNET News.com, Sept. 13, 2005
The problem in Firefox, Mozilla and Netscape has to do with the way the browsers handle International Domain Names. IDNs are domain names that use local language characters. Security experts advise Firefox and Mozilla users to apply the temporary fix provided by the Mozilla Foundation, which disables the IDN feature.
"I would certainly recommend that users implement the vendor workarounds until a patch is made available," said Michael Sutton, director of security intelligence company iDefense Labs. "We feel that exploit code can and will be created."
Bug Hunters, Software Firms in Uneasy Alliance
CNET News.com, Sept. 6, 2005
"Many companies are getting better at dealing with security researchers" said Michael Sutton, director of iDefense Labs, which deals with researchers and software makers. "The environment has definitely changed from two or three years ago, though there are vendors who are going in the opposite direction" he said.
Suspected ZoTob Hacker Also Wrote MyTob Worm
InformationWeek, Aug. 29, 2005
"Early analysis by others, including Ken Dunham, senior engineer with VeriSign iDefense, pegged ZoTob and MyTob as close relations." Hackers took the MyTob worm code and replaced the e-mail function in MyTob with the exploit of the MS05-039 vulnerability," said Dunham two weeks ago when the ZoTob attack first began."
Chinese Takeout
Forbes, July 25, 2005
"Nothing suggests that Chinese authorities are vigilantly prosecuting those who are attacking foreign interests," says John Watters, chief of iDefense, the Reston, Virginia intelligence firm. "They turn a blind eye to it as long as it doesn't oppose national interests."
Remote Attackers Could Break Windows
TechNewsWorld, July 19, 2005
Michael Sutton, director of iDefense Labs, told TechNewsWorld that any time there is the possibility of a remote attack on a widely deployed system, it is reason for concern. While it is not a critical flaw, he said it is serious because so many machines could be affected by this vulnerability.
"Microsoft does not believe that this flaw can be taken beyond denial of service," Sutton said. "It could be used to remotely knock somebody's computer offline, but it couldn't be used to remotely take control of that computer, which is certainly an important factor. Another risk mitigator is the fact that there is no known public exploit of the vulnerability."
Process Monitoring: Looking at Threats or Low Priority?
TechNewsWorld, July 19, 2005
However, Dunham reiterated that when IT or security departments are managing tens of thousands of machines, they are more focused on the network than on individual PCs, much less processes.
"You're just looking at the big picture stuff," said Ken Dunham, iDefense director of malicious code intelligence. "Nobody's surprised to have a few viruses in their systems. Process monitoring may be useful for a small office or a SOHO, but it's definitely not a core of security today."
Black Market In Credit Cards Thrives on Web
The New York Times, June 21, 2005
The Federal Trade Commission estimates that roughly 10 million Americans have their personal information pilfered and misused in some way or another every year, costing consumers $5 billion and businesses $48 billion annually.
"There's so much to this," said Jim Melnick, a former Russian affairs analyst for the Defense Intelligence Agency who is now the director of threat development at iDefense, a company in Reston, Va., that tracks cybercrime. "The story that needs to be told is the larger, long-term threat to the American financial industry. It's a cancer. It's not going to kill you now, but slowly, over time."
Trend Micro Acquires Antispam Specialist
TechNewsWorld, June 15, 2005
"Phishing attacks attacks are commonly generated through spam e-mails or through malicious codes that perform the spammings. But typically it's some kind of spam that redirects people to hostile Web sites," Dunham said. "Those are two separate threats. But from a manual mitigation standpoint it makes a lot of sense to have two companies together that can help to blacklist and or help identify hostile URLs."
Another Cold War is About to Start
SC Magazine, June 16, 2005
Ken Dunham, director of infosec intelligence analysis company iDefense, cites the example of electronic greeting cards which, once the user agrees to the license agreement, installs a mass mailer that trawls through a user's Outlook address book and then sends itself to everyone in that file. He said these were "technically equivalent to mass-mailing worms." The legal aspect - the fact that people have "agreed" to install adware/spyware - provides a headache for vendors selling anti-spyware products in what to call such software without inviting lawsuits.
"So the difficulty facing some vendors is what to term software like this, which might be legally OK, but is morally questionable," he says. He prefers the term "potentially unwanted software."
New Bagle variants spreading
Computerworld, May 31, 2005
Damage from the new Bagle variants should be minor as antivirus vendors react quickly to the attacks, said Ken Dunham, director of malicious code at iDefense Inc., another cybersecurity vendor. The first two variants seen today were tentatively dubbed Bagle.CA and Bagle.CB, which would make them the 79th and 80th Bagle variants.
"We're a long way down the line of Bagle worms," Dunham said. "It's very similar to former Bagle attacks."
Dunham encouraged computer users to update their antivirus software, use firewalls and avoid opening suspicious files attached to e-mail. "Just because it looks like it was from your billing department, or it was from your friend doesn't mean it is," he said. "Be careful on e-mail -- don't trust anything."
Hacker Hunters
BusinessWeek, May 20, 2005
Little was heard from the HangUp Team for the next two years. But in 2003 the gang released the viruses Berbew and Webber. Then last year the group infected online stores with a fiendish piece of software called the Scob worm. Scob waited for Web surfers to connect, then planted software in their hard disks that spied on their typing and relayed thousands of passwords and credit-card numbers to a server in Russia, police say.
"These guys have set a new standard for sophistication among criminal hackers," says A. James Melnick, 51, director of threat intelligence at iDefense, a Reston (Va.) cybersecurity firm.
Cisco's Free Threat-Alerts Service Uses CVSS
eWeek, May 27, 2005
iDefense Inc., of Reston, Va., is also testing CVSS internally and plans to add CVSS scores to its alerts soon. iDefense, which buys the rights to information on security flaws found by underground researchers, will also offer CVSS scores alongside its own proprietary system, said Sunil James, director of vulnerability intelligence.
In an interview, James said internal testing of CVSS shows the system was "very consistent" with iDefense's own approach, which rates flaws on a tiered scale from minimal to extreme. "We're hoping it will eventually turn into a standard but that means that everyone has to get on board and start testing it."
Time Warner's personal data on 600,000 missing
USA Today, May 3, 2005
"The underground economy is more than just credit cards and bank-account information," says John Watters, CEO of security firm iDefense. "They want your entire information set - passwords, Social Security number, passport, driver's license - to increase their profit potential."
PCMAG.COM
MySpace users who expressed an interest in patio furniture got more than they bargained for if they clicked on an ad for DeckOutYourDeck.com earlier this month.
Michael La Pilla, an analyst for VeriSign iDefense, was searching MySpace on July 16 when he discovered that a patio furniture ad prompted a file called exp.wmf. If installed, up to five adware programs could have landed on the users' computers. La Pilla contacted MySpace but the company's defense team had already taken the ad down and was working to find its source.
QAEDALIST.COM
New York Post
U.S. intelligence agencies have begun monitoring a frightening new Web site that functions as a "Craig's List" for terrorists across the globe, The Post has learned.
In the past month, membership on the site has grown by 200 people a day, and it swelled to 10,322 in the days and weeks following the announcement that mystery man Abu Hamza al-Muhajir was named as the new leader of al Qaeda in Iraq.
A man with a similar name is listed as the administrator of the Web site, called Mohajroon.com, and his caricature pops up when outsiders try to access secret members-only sections, according to Andretta Summerville of the cyber security firm iDefense.
The Web site has been functioning as a one-stop shopping place for terrorists, wannabes and their supporters around the world and appears to serve as an important part of the support network for the murderous al Qaeda in Iraq, Summerville said.
Hackers Target University Computer Assets
TechNewsWorld, May 30, 2006
"Universities have been a target of attackers for well over a decade, because there is a wealth of information there that is useful for exploitation. There are young students there who have credit cards, Social Security numbers, bank accounts and other types of online assets that are valuable to criminals," Ken Dunham, senior engineer at threat intelligence firm iDefense , told TechNewsWorld.
While corporations may have large security budgets and IT staff, universities often do not enjoy the same level of resources to safeguard information. Universities are typically understaffed, and their IT employees often are undertrained to deal with computer security, Dunham noted. These educational IT gurus may be ale to deal with standard system administration, but the challenge is to move beyond mere functionality into security.
"Unlike a corporation, universities have unique challenges that are extremely difficult to manage. They often have a very large number of users and support a wide range of computers," said Dunham. "It's very different from a small business that wants to adopt a bunch of Microsoft (Nasdaq: MSFT) computers and call it good. These guys might have to support Apples and PCs and have them talk to each other. It makes it increasingly complex."
Anatomy of a Threat
Wall Street Journal, Feb. 13, 2006
During the quiet post-holiday evening of Dec. 27, an anonymous message appeared on an email list where techies share information about vulnerabilities in computer security. The note claimed that hackers had discoveredand were exploitinga previously unknown hole in Microsoft Corp.'s Windows operating system.
This type of situation, known as a "Zero Day" attack, is rare and perilous: Usually, by the time security holes are revealed publicly, Microsoft is aware of them and has a solution ready. In a Zero Day attack, millions of computer users are left exposed while the software giant rushes to fix the problem.
"The nature of attacks has changed dramatically," says Ken Dunham, director of the rapid-response team at iDefense, the VeriSign unit that monitors the hacker underground and analyzes security threats. "In the last few years, we've gone from code for fun to code for cash."
E-mail worm bent only on destruction
USA TODAY, Jan. 30, 2006
iDefense, a VeriSign company, confirmed the deletion program works. More than 500,000 PCs are believed to have been infected since it first appeared on Jan. 16. That's a modest infection rate, but victims face grim consequences. On Friday Feb. 3 any infected machines will lose all Microsoft documents and Adobe files.
Victims can tell they've been infected if they clicked on an e-mail attachment and had their keyboard and mouse freeze up, forcing them to reboot, says Ken Dunham at iDefense.
Latest Sober Worm to Spawn Nazi Hate E-Mails
Washington Post, Dec. 7, 2005
iDefense president Joseph Payne said he hoped law enforcement action could help stymie the launch of the next Sober variant or its fascist-themed spam run.
"I'd hope that by [Jan. 5] authorities have pretty much managed to beat this into the ground to ensure that the sites we've identified are shut down and that this whole thing fizzles out by then," Payne said. But he cautioned that whoever is behind the Sober worm has shown a remarkable ability to evade law enforcement.
The latest version impersonated e-mails not just from the highest echelons of U.S. law enforcement, but from similar investigative branches in Britain and Germany.
"It takes a pretty brazen person to draw the attention of the world's leading law enforcement agencies. ... This is a person or group that is dead set on getting their message across," Payne said.
Cyber criminals peddle wares on ignored Web sites
Reuters India, Dec. 1, 2005
Dormant Web sites no longer monitored by administrators have in effect created hundreds of online bazaars for criminals, said Jim Melnick, director of threat intelligence for VeriSign Inc.'s security unit iDefense.
"I compare it to a low-income area where a landlord is not keeping up certain buildings, or the drug trade," he said. "If a person gets busted on one corner they will move to another."
iDefense's Melnick said he expected more underground users to flock to these forgotten sites after a government crackdown last year sent cyber criminals searching for other places on the Web to sell their goods.
Malicious Keyloggers Run Rampant on Net
eWeek, Nov. 28, 2005
Anti-virus companies have developed signatures that will stop many of those programs before they can be installed, but new programs with unique signatures are readily available from malicious code download sites. In some cases, the programs' source code can be purchased so buyers can create their own keylogger variants, Dunham said.
Windows OneCare Beta Is Ready to Roll
eWeek, Nov. 23, 2005
According to an advisory from iDefense, Windows AntiSpyware is one of several applications that insecurely call the "CreateProcess()" and "CreateProcessAsUser()" functions.
"This creates a scenario whereby arbitrary code could be executed," iDefense warned, noting that the attack scenario would involve some form of social engineering to get the arbitrary code installed in the correct location.
Technology: Who's Got My Keys?
Newsweek International Edition, Nov. 22, 2005
Joe Payne, vice president of Reston, Virginia-based iDefense, calls identity theft the biggest issue facing e-commerce, and notes that keylogging in particular is a crime of opportunity. "It's so easy to create [keyloggers]," he says, "and there's very little risk of being caught." According to Payne, the fact that keylogging code is freely available tempts many people who wouldn't otherwise engage in criminal schemes. By the end of the decade, biometric security measures could put the keyloggers out of business. Until then, the best protection is an up-to-date firewalland perhaps a prayer.
Cyber crooks break into online accounts with ease
USA Today, Nov. 3, 2005
Apart from data thieves, another kind of crook specializes in converting the stolen ID data into goods and cash, using the Internet as a communications and distribution network.
"The market is becoming more sophisticated," says Jim Melnick, former analyst for the Defense Intelligence Agency, now director of threat intelligence at security firm iDefense. "There's more differentiating of roles and services to streamline and accelerate cybercriminal activity."
Malware Writers Exploit Skype Hype
TechNewsWorld, Oct. 18, 2005
Dunham said when it comes to getting hooks in naive or unsuspecting customers, e-mail trumps traditional junk mail by far because of its widespread distribution and the available assets that are tied to a person's identity. What's more, he said personal information is exploitable at a much higher level online.
"It's easier to commit fraud through e-mail than traditional junk mail because e-mail is anonymous. It's more difficult for people to see what's real and not real," Dunham said. "E-mail fraud is actually a very low cost and low risk for hackers."
Exploit code raises Windows worm alarm
ZDNet, Oct. 14, 2005
Furthermore, code that exploits a flaw in Microsoft's Windows FTP client (MS05-045) is available publicly on the Internet, said Michael Sutton, director at security intelligence company iDefense, a part of VeriSign.
"Patching is very urgent," Sutton said. "We expect public exploit code to become available, especially for the MSDTC issue."
Mobile Workers Cut Gaping Hole in Security
IT Management, Oct. 11, 2005
"What it means is this is a whole different medium to manage," [Ken Dunham, a senior engineer for VeriSign iDefense Intelligence based in Mountain View, Calif.] adds. "If you're going to have mobile users, you have to manage them. Companies struggle to identify what the risks are for mobile users. They don't have good models in place because they're not used to dealing with it. But today a lot of people are using laptops so we're going to see better security than we have in the past. It does mean there are unique challenges to making sure laptops are secured and locked down."
Profile of a Virus Writer: Pride to Profit
TechNewsWorld, Oct. 6, 2005
Ken Dunham, senior engineer for iDefense VeriSign, said there has also been an increase in the criminalization of creating malicious code, referring to bounties and law enforcement efforts.
"It's a multi-billion dollar interruption to businesses," he told TechNewsWorld regarding malware attacks. "Today, there is more of a focus on it, and if they play the pride game, there's a lot more risk."
Agents Target Online Criminal Underground
Boston Globe, Sept. 25, 2005
In addition, agents must keep up-to-date on the lingo and locations of thieves' websites, which change frequently as governments agents or the servers that they are hosted on shut them down, said John Watters, vice president and general manager of the intelligence division for VeriSign iDefense.
"You've got to know the language and the secret handshakes," he said. ''Once you're in there, everyone watches everyone to see who's a fed."
Credit Reporting Companies Co-Opt Encryption
E-Commerce Times, Sept. 23, 2005
"Whenever we have collaboration to improve security, and when we're looking at core components such as encryption, it's good," he [VeriSign iDefense senior engineer Ken Dunham] said. "The danger of any such program is, you have to realize it has to be a comprehensive plan. An insider might steal information and compromise the entire database."
Report: Attackers Quietly Target Desktops, Personal Data
TechNewsWorld, Sept. 19, 2005
"The whole threat landscape has changed dramatically in the last two years," VeriSign iDefense senior engineer Ken Dunham told The E-Commerce Times. "It's these little nickel and dime exploitations that are giving hackers access into big networks and big assets. The risk has gone up with increased exploitation capabilities."
Hackers work to exploit latest Firefox flaw
CNET News.com, Sept. 13, 2005
The problem in Firefox, Mozilla and Netscape has to do with the way the browsers handle International Domain Names. IDNs are domain names that use local language characters. Security experts advise Firefox and Mozilla users to apply the temporary fix provided by the Mozilla Foundation, which disables the IDN feature.
"I would certainly recommend that users implement the vendor workarounds until a patch is made available," said Michael Sutton, director of security intelligence company iDefense Labs. "We feel that exploit code can and will be created."
Bug Hunters, Software Firms in Uneasy Alliance
CNET News.com, Sept. 6, 2005
"Many companies are getting better at dealing with security researchers" said Michael Sutton, director of iDefense Labs, which deals with researchers and software makers. "The environment has definitely changed from two or three years ago, though there are vendors who are going in the opposite direction" he said.
Suspected ZoTob Hacker Also Wrote MyTob Worm
InformationWeek, Aug. 29, 2005
"Early analysis by others, including Ken Dunham, senior engineer with VeriSign iDefense, pegged ZoTob and MyTob as close relations." Hackers took the MyTob worm code and replaced the e-mail function in MyTob with the exploit of the MS05-039 vulnerability," said Dunham two weeks ago when the ZoTob attack first began."
Chinese Takeout
Forbes, July 25, 2005
"Nothing suggests that Chinese authorities are vigilantly prosecuting those who are attacking foreign interests," says John Watters, chief of iDefense, the Reston, Virginia intelligence firm. "They turn a blind eye to it as long as it doesn't oppose national interests."
Remote Attackers Could Break Windows
TechNewsWorld, July 19, 2005
Michael Sutton, director of iDefense Labs, told TechNewsWorld that any time there is the possibility of a remote attack on a widely deployed system, it is reason for concern. While it is not a critical flaw, he said it is serious because so many machines could be affected by this vulnerability.
"Microsoft does not believe that this flaw can be taken beyond denial of service," Sutton said. "It could be used to remotely knock somebody's computer offline, but it couldn't be used to remotely take control of that computer, which is certainly an important factor. Another risk mitigator is the fact that there is no known public exploit of the vulnerability."
Process Monitoring: Looking at Threats or Low Priority?
TechNewsWorld, July 19, 2005
However, Dunham reiterated that when IT or security departments are managing tens of thousands of machines, they are more focused on the network than on individual PCs, much less processes.
"You're just looking at the big picture stuff," said Ken Dunham, iDefense director of malicious code intelligence. "Nobody's surprised to have a few viruses in their systems. Process monitoring may be useful for a small office or a SOHO, but it's definitely not a core of security today."
Black Market In Credit Cards Thrives on Web
The New York Times, June 21, 2005
The Federal Trade Commission estimates that roughly 10 million Americans have their personal information pilfered and misused in some way or another every year, costing consumers $5 billion and businesses $48 billion annually.
"There's so much to this," said Jim Melnick, a former Russian affairs analyst for the Defense Intelligence Agency who is now the director of threat development at iDefense, a company in Reston, Va., that tracks cybercrime. "The story that needs to be told is the larger, long-term threat to the American financial industry. It's a cancer. It's not going to kill you now, but slowly, over time."
Trend Micro Acquires Antispam Specialist
TechNewsWorld, June 15, 2005
"Phishing attacks attacks are commonly generated through spam e-mails or through malicious codes that perform the spammings. But typically it's some kind of spam that redirects people to hostile Web sites," Dunham said. "Those are two separate threats. But from a manual mitigation standpoint it makes a lot of sense to have two companies together that can help to blacklist and or help identify hostile URLs."
Another Cold War is About to Start
SC Magazine, June 16, 2005
Ken Dunham, director of infosec intelligence analysis company iDefense, cites the example of electronic greeting cards which, once the user agrees to the license agreement, installs a mass mailer that trawls through a user's Outlook address book and then sends itself to everyone in that file. He said these were "technically equivalent to mass-mailing worms." The legal aspect - the fact that people have "agreed" to install adware/spyware - provides a headache for vendors selling anti-spyware products in what to call such software without inviting lawsuits.
"So the difficulty facing some vendors is what to term software like this, which might be legally OK, but is morally questionable," he says. He prefers the term "potentially unwanted software."
New Bagle variants spreading
Computerworld, May 31, 2005
Damage from the new Bagle variants should be minor as antivirus vendors react quickly to the attacks, said Ken Dunham, director of malicious code at iDefense Inc., another cybersecurity vendor. The first two variants seen today were tentatively dubbed Bagle.CA and Bagle.CB, which would make them the 79th and 80th Bagle variants.
"We're a long way down the line of Bagle worms," Dunham said. "It's very similar to former Bagle attacks."
Dunham encouraged computer users to update their antivirus software, use firewalls and avoid opening suspicious files attached to e-mail. "Just because it looks like it was from your billing department, or it was from your friend doesn't mean it is," he said. "Be careful on e-mail -- don't trust anything."
Hacker Hunters
BusinessWeek, May 20, 2005
Little was heard from the HangUp Team for the next two years. But in 2003 the gang released the viruses Berbew and Webber. Then last year the group infected online stores with a fiendish piece of software called the Scob worm. Scob waited for Web surfers to connect, then planted software in their hard disks that spied on their typing and relayed thousands of passwords and credit-card numbers to a server in Russia, police say.
"These guys have set a new standard for sophistication among criminal hackers," says A. James Melnick, 51, director of threat intelligence at iDefense, a Reston (Va.) cybersecurity firm.
Cisco's Free Threat-Alerts Service Uses CVSS
eWeek, May 27, 2005
iDefense Inc., of Reston, Va., is also testing CVSS internally and plans to add CVSS scores to its alerts soon. iDefense, which buys the rights to information on security flaws found by underground researchers, will also offer CVSS scores alongside its own proprietary system, said Sunil James, director of vulnerability intelligence.
In an interview, James said internal testing of CVSS shows the system was "very consistent" with iDefense's own approach, which rates flaws on a tiered scale from minimal to extreme. "We're hoping it will eventually turn into a standard but that means that everyone has to get on board and start testing it."
Time Warner's personal data on 600,000 missing
USA Today, May 3, 2005
"The underground economy is more than just credit cards and bank-account information," says John Watters, CEO of security firm iDefense. "They want your entire information set - passwords, Social Security number, passport, driver's license - to increase their profit potential."
// media contacts
Moreover News: 