[SecurityRatty] tag: asia

Trend Micro: India is highest-spamming nation in Asia

Tue, 07 Oct 2008 20:00:00 +0000

India is the 7th largest spam sender in the world, according to Trend Micro Incorporated, a company dealing with Internet content security (also the makers of Trend Antivirus and other security software). India is the leader among Asian countries in spam, accounting for more than 4% of the total global spam. It is ahead of other Asian countries such as China (3.39%), Republic of Korea (2.57%) and Thailand (2.04%). Asia contributes 16.57% of the global spam volume.

OWASP AppSec Asia 2008: Proxy Caches and Web Application Security

Fri, 03 Oct 2008 07:05:04 +0000

Back to travelling a bit, I have accepted an invitation from Wayne Huang, Chapter Leader, OWASP Taiwan, to give the following presentation at OWASP AppSec Asia 2008, October 27 - 28, 2008, in Taipei:

Proxy Caches and Web Application Security

Abstract: Proxy caches, combined with poorly written session management code, can easily lead to serious Internet security breaches. Web application developers cannot know whether their content is consumed directly or via a proxy cache. Developers cannot assume that the HTTP responses will be delivered to the intended browser. Moreover, developers cannot be sure that the intended browser even receives the intented content. Consequently, proxy caches are a serious theat to web application security. In the presentation, we will discuss the recent security breach Tim found in Google Docs and review web application security and session management topics related to proxy caching.

Schneier Interview in Telecom Asia

Fri, 19 Sep 2008 09:55:11 +0000

I was interviewed for Telecom Asia.

New fraud report: Information theft is Asia's biggest fear

Mon, 15 Sep 2008 20:00:00 +0000

A major survey of global executives has found that physical theft (41%) is the most common problem for companies in Asia, followed by information theft (31%) and regulatory or compliance breaches (28%).

Southeast Asia: Perspectives on Compliance

Tue, 02 Sep 2008 20:00:00 +0000

This past weekend, I left Southeast Asia after a week-long trip to Bangkok, Singapore and Manila. The week was spent in back-to-back meetings with customers and our local sales teams, and the majority of our discussions centered on PCI DSS and compliance in general. One clear takeaway: Compliance is one of THE growing areas of concern for businesses in the region.

I found the degree to which customers in the region were concerned about compliance to be a bit of a surprise. I say 'surprise' because I often hear that compliance isn't as much of an issue outside of the U.S. From what we're seeing, though, the regulatory environment in non-U.S. geos, including Southeast Asia, is becoming more complicated...

Gartner Event Processing Summit (and EPTS Meeting), Sept 2008

Sat, 30 Aug 2008 08:57:00 +0000

Many folks have been sending me email, inquiring if I will be attending the Gartner Event Processing Summit, September 15-16 or the 4th Event Processing Symposium, September 17-19, 2008 (the EPTS meeting). I regret not attending either event this year and will miss getting together with everyone. In addition, I would like to thank Opher and the EPTS team for inviting me.

As we get closer to the conference dates, I wish that I had made plans to fly back to the US to meet everyone. However, I have been cutting back on public speaking, taking a break since May. In addition, Gartner did not ask me to speak at their Event Processing Summit this year, I assume because they did not want to pay airfare for my flight from Thailand to the US. Also, Gartner always likes to fill their conference speaking slots with as many Gartner speakers as they can, unless you are a paid sponsor; and I noticed a number of Gartner employees speaking in multiple slots.

(Editorial Note) Then again, maybe I complained to much about the lack of organization and conference problems when I was invited at be a Gartner keynote speaker last time - reservations not made propertly, problems with the guest speaker registration list at sign-in, rooms shifted without notifying the speakers and panelists. Admittedly, I was not happy with the conference organizers at the last get together. This was my fault, as I am accustomed to better conference execution and am probally too “picky” about details these days - my bad. Anyway, the Gartner organizers apologized numerous times, saying they had too many conferences going on at the same time and not enough people to cover them all.

One of the problems with spending so much time in Asia, especially in Thailand, is that guest speakers are really treated as VIPs. There are usually special comfy couches set up for the speakers and the conference staff really treat you very nice, taking care of you every step of the way. In fact, there is an entire very nice culture around how guest speakers are treated in Thailand. Often, they pin flowers on the VIP speakers and take your photos like you are a star. Very nice culture.

I absolutely look forward to speaking on event processing or CEP at a future venue and meeting everyone face-to-face instead of over the net. My sincere and deepest apologies for not attending either the Gartner or the EPTS event this year.

PS: If you take up a collection and send me a RT business class air ticket, I might change my mind

Web Based Botnet Command and Control Kit 2.0

Fri, 22 Aug 2008 10:02:15 +0000

The average web based command and control kit for a botnet consisting of single user, single campaign functions only, has just lost its charm, with a recent discovery of a proprietary botnet kit whose features clearly indicate that the kit's coder know exactly which niches to fill - presumably based on his personal experience or market research into competing products.

What are some its key differentiation factors? Multitasking at its best, for instance, the kits provides the botnet master with the opportunity to manage numerous different task such as several malware campaigns and DDoS attacks simultaneously, where each of these gets a separate metrics page.

Automation of malicious tasks, by setting up tasks, and issuing notices on the status of the task, when it was run and when it was ended. Just consider the possibilities for a scheduling malware and DDoS attacks for different quarters.

Segmentation in every aspect of the tasks, for instance, a DDoS attacks against a particular site can be scheduled to launched on a specific date from infected hosts based in chosen countries only.

Customized DDoS in the sense of empowering the botnet master with point'n'click ability to dedicate a precise number of the bots to participate, which countries they should be based in, and for how long the attack should remain active. Quality and assurance in DDoS attacks based on the measurement of the bot's bandwidth against a particular country, in this case the object of the attack, so theoretically bots from neighboring countries would DDoS the country in question far more efficiently.

Historical malware campaign performance, is perhaps the most quality assurance feature in the entire kit, presumably created in order to allow the person behind it to measure which were the most effective malware and DDoS campaigns that he executed in the past. From an OSINT perspective, sacrificing his operational security by maintaing detailed logs from previous attacks is a gold mine directly establishing his relationships with previous malware campaigns.

Bot Description:

1. Completely invisible Bot work in the system.
2. Not loads system.
3. Invisible in the process.
4. Workaround all firewall.
5. Bot implemented as a driver.

Functions Bot (constantly updated):

1. Downloading a file (many options).
2. HTTP DDoS (many options, including http authentication).

The web interface

-- Convenient manager tasks.
-- Every task can be stopped, put on pause, etc. ...
-- Interest and visual scale of the task.

-- A task manager for DDoS and Loader

-- For DDoS tasks

Bots involved in DDoS 'f.
Condition of the victim (works, fell).

2. Bots manager
-- Displays a list of bots (postranichno).
-- Obratseniya date of the first and last.
-- ID Bot.
-- Country Bot.
-- Type Bot.
-- The status Bot (online / offline).
-- Bot bandwidth to different parts of the world (europe, asia).
-- The possibility of removing bots

-- When you click on ID Bot loadable still a wealth of information about it

3. Statistics botneta
-- Statistics both common and build Bot.
-- Information on the growth and decline botneta dates (and build).
-- Bots online
-- All bots

-- Dead bots.

4. Statistics botneta country

-- All countries to work on

-- New work by country

-- Online work from country to country

-- Dead bots by country

5. Detailed history botneta

6. Convenient user-friendly interface adding teams
8. Admin minimal server loads
-- Use php5/mysql

Upcoming features :
1. Form grabber (price increase substantially), for old customers will be charged as an upgrade
2. Public key cryptography
3. Clustering campaigns and DDoS attacks

Despite it's proprietary nature, it's quality and innovative features will sooner or later leak out for everyone to take advantage of, a rather common lifecycle for the majority of proprietary malware kits in general.

Related posts:

BlackEnergy DDoS Bot Web Based

A New DDoS Malware Kit in the Wild

The Cyber Bot - Web Based Malware

The Black Sun Bot - Web Based Malware

Custom DDoS Capabilities Within a Malware

Botnet on Demand Service

Loads.cc - DDoS for Hire Service

Using Market Forces to Disrupt Botnets

Botnet Communication Platforms

A Botnet Master's To-Do List

DDoS on Demand VS DDoS Extortion
How Does a Botnet with 100k Infected PCs Look Like?

Over 400 Calls Made Using Hacked Federal Emergency Management Agency PBX Network

Thu, 21 Aug 2008 12:25:32 +0000

A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia. The hacker made more than 400 calls on a Federal Emergency Management Agency (FEMA) voicemail system in Emmitsburg, Md., on Saturday and Sunday, according to FEMA spokesman Tom Olshanski. The [...]

Spammers Take A Cheap Shot...

Tue, 19 Aug 2008 10:24:05 +0000

I'm on holiday this week, but thought I'd better give this a mention anyway (plus, when did being on holiday ever stop me from posting stuff on blogs, right?)

I was surprised to see this posted to the comments section of the Sunbelt Blog:

I was about as surprised as The Dean was!

To quote a further post from The Dean:

"Well, that's weird. Isn't spywareguide Paperghost's blog? I know he wouldn't spam here. And, the link on the first comment goes to a 404 page."

So, we have someone spamming with broken English, dropping links to 404 pages on Spywareguide. Curious.

Now, I did have some suspicions on this - for starters, the recent blogs regarding the pirate movie websites that pop Zango installers just hit a few news websites. As this article mentions, a lot of the sites involved in this are from Asian regions - China, Indonesia etc. I couldn't help but notice the name of the poster was "Tam" - a common name in certain parts of Asia.

Coincidence? Or a possible affiliate not too happy about this being highlighted? Well, a quick email later and the results for the spammer are in:

A potentially forged Reverse DNS aside, it's a strange thing indeed that they just happen to resolve to Vietnam given that a good portion of these sites are in Asia, isn't it?

I think I'll see if any are owned by someone called "Tam".

When I return from my holiday, of course....

Don't put your foot in it, Mr. President

Fri, 15 Aug 2008 16:57:00 +0000

Watching the beginning of the Olympics, I was surprised to see the way President Bush was sitting.

The First Lady was on one side of him (thankfully) and a Chinese looking gentleman was on the other side. The President had his right foot resting on his left knee, thereby exposing his shoe sole. That is a huge "no no" in Asia and the Middle East.

As I said, thankfully the First Lady, Laura Bush was the recipient of the President's sole-waving but it made me wonder if he changed legs at a later stage and "flashed" the Chinese official. I figure it was a high ranking official or else he would hardly be sat next to the President of the United States.

What has this to do with security? It is one of the topics we teach to our budding bodyguards during our intensive Executive Protection course in the United States and abroad. You could have a very successful business meeting or trip, either overseas or at home, but ruin it by insulting (albeit unintentionally)a foreign guest. It is very important for those wroking around forein nationals to be aware of their customs and traditions.

This is not that difficult these days with all of the materials available. One of the best books I have found is; "Kiss, Bow or Shake Hands". This book and others like it, will advise the reader on the correct course of action to take when dealing with people from a host of different countries. Not that I expect the President to read the book, afterall, he must have Protocol officers to keep an eye on him. My question is, were they brought to China?

For the rest of us who are not lucky enough to have our own Protocol officers to keep us out of trouble, we'll just have to read the book.