Slashdot Mirror

← Back to Domains

Domain: shadowserver.org

Stories and comments across the archive that link to shadowserver.org.

Stories · 4

  1. Researchers Tracking Emerging 'Darkness' Botnet

    It · Botnet · · posted by Soulskill · from the new-kid-on-the-block dept. · 85 comments
    Trailrunner7 writes "Researchers are tracking a new botnet that has become one of the more active DDoS networks on the Internet since its emergence early last month. The botnet, dubbed 'Darkness,' is being controlled by several domains hosted in Russia and its operators are boasting that it can take down large sites with as few as 1,000 bots. The Darkness botnet is seen as something of a successor to the older Black Energy and Illusion botnets and researchers at the Shadowserver Foundation took a look at the network's operation and found that it is capable of generating large volumes of attack traffic. 'Upon testing, it was observed that the throughput of the attack traffic directed simultaneously at multiple sites was quite impressive,' Shadowserver's analysts wrote in a report on the Darkness botnet. 'It now appears that "Darkness" is overtaking Black Energy as the DDoS bot of choice. There are many ads and offers for DDoS services using "Darkness." It is regularly updated and improved and of this writing is up to version 7. There also appear to be no shortage of buyers looking to add "Darkness" to their botnet arsenal.'"

  2. Microsoft To Ship Emergency IE Patch

    Tech · Msie · · posted by kdawson · from the advanced-persistent-threat dept. · 187 comments
    Grotendo writes "Microsoft plans to release an emergency patch for Internet Explorer very soon to counter targeted attacks and the publication of exploit code for a 'browse and you're owned' vulnerability in its flagship Web browser. The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend." Microsoft has downplayed the seriousness of the IE zero-day, and insisted that it affects only IE6 even as security researchers close in on exploits for IE7 and IE8. Microsoft has had no comment about the firestorm that Google unleashed by directly accusing the Chinese of cyber espionage. ShadowServer has up a sobering post on the massive extent of the problem of "groups that can be referred to as the Advanced Persistent Threat."

  3. Adobe Warns of Reader, Acrobat Attack

    News · Security · · posted by timothy · from the gnome's-reader's-pretty-good-y'know dept. · 195 comments
    itwbennett writes "Monday afternoon, Adobe 'received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,' the company said in a post to the company's Product Security Incident Response Team blog. According to malware tracking group Shadowserver, the vulnerability is due to a bug in the way Reader processes JavaScript code. Several 'tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable,' Shadowserver said in a post on its Web site. The group recommends that concerned users disable JavaScript within Adobe's software as a work-around for this problem. (This can be done by un-checking the 'Enable Acrobat JavaScript' in the Edit -> Preferences -> JavaScript window). 'This is legit and is very bad,' Shadowserver added."

  4. IE Used To Launch Yahoo IM Clickfraud

    · posted by ryuzaki0 · from the botless-botnets dept. · 76 comments
    An anonymous reader writes, "There's a new Instant Messaging worm in the wild that is taking the idea of Botnet clickfraud up a level. It trades in automated drones (prone to malfunction and detection) for real live people who (of course) have the option of not actually clicking anything, thus theoretically making their clicks harder to identify as 'fraudulent.' This IM attack doesn't even need a victim to physically run anything to become infected — simply visiting a certain site in Internet Explorer will cause the files to download and start sending infection messages. At this point, their homepage is changed to a site using Mesothelioma (a rare form of cancer) to ring up high-paying results on the perpetrators' Google ads. As the researcher who discovered the infection notes, 'It's way, way harder to trace some random boob who has a ton of (partially) unconnected people shunting IM links all over the place. Try staying anonymous as a Botnet owner who just had the entire details of his server splattered across the net by Shadowserver. What will be interesting to see is if some of the smaller Botnet guys ditch their technical woes and jump on the much-easier-to-maintain IM bandwagon to get their clickfraud kicks.'"