Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Browse by Tags

Tagged Content List
  • Blog Post: An updated look at botnets

    Today I looked up the most prolific botnets for the month of July.  Earlier this year the grum botnet was disrupted.  How have things changed since then?  Here’s a look at the top 15 botnets hitting our networks for the month of July by total mail volume: My observations: Cutwail is the...
  • Blog Post: Researchers knock out the grum botnet

    Over on the New York Times blogs page, writer Nicole Perlroth writes about how security company SpyEye, in conjunction with Spamhaus, worked together to take down the Command-and-Control centers (C&C’s) associated with the grum botnet, purportedly the world’s 3rd largest botnet.  From the Times...
  • Blog Post: Today is my 8-year anniversary of fighting spam

    Today is my 8-year anniversary of fighting spam.  It was July 12, 2004, that I got the job at Frontbridge as a spam analyst and we headed down to Los Angeles for 4 weeks of training.  Here’s a recap of 8 general trends that have happened since then: Image spam - In 2006, there was a huge outbreak...
  • Blog Post: Homeland Security, Cybercrime and terrorism, part 2

    I started rambling in my previous post about the article in Forbes .  I had something else to say and I am adding it here.  The government and industry are changing.  Government used to have a laissez-faire attitude towards botnets and malware but now they realize that they need to partner...
  • Blog Post: According to the Department of Homeland Security, cybercrime is a bigger threat than terrorism

    An article in Forbes the other day reports on US Secretary of Homeland Security Janet Napolitano’s comments that ‘cybercrime represents the “greatest threat and actual activity that we have seen aimed at the west and at the United States” in addition to “or other than Al Qaeda and Al Qaeda-related groups...
  • Blog Post: White House announces anti-botnet initiative

    I was reading yesterday that the White House has announced an anti-botnet initiative in order to further its online safety agenda. From Engadget : The White House has been drumming up momentum for tighter internet privacy laws for a while now, and today it's furthering that online safety agenda with...
  • Blog Post: Has the Zeus disruption affected spam at all?

    I’ve written a number of times in the past about which botnets send us the most spam.  Cutwail is always in the top 3. With the Zeus disruption, has this affected Cutwail at all?  Cutwail is not necessarily related to Zeus; as I said in my previous post, online criminals don’t need to spam...
  • Blog Post: Microsoft disrupts the Zeus infrastructure

    Over the weekend and this morning, Microsoft, working in conjunction with others, issued civil lawsuits to sinkhole numerous domains associated with the Zeus botnet.  When I say “botnet”, I use the term loosely because Zeus is not a botnet in the sense that Rustock or Waledac is (or was). ...
  • Blog Post: Predicting the future of abuse, part 2

    Following on from my previous post, what does the future of Internet abuse look like?  Here’s what I think: The proliferation of smaller devices will shift malware away from PCs to phones and tablets Crime will not go away.  The reason criminals started writing botnets for mobile applications...
  • Blog Post: Predicting the future of abuse

    A couple of months ago, I wrote about IBM’s predictions for 2016 , and one of those was that there would be no more spam.  As I look around at other predictions about the future, I say to myself “Self, what do I think will be the future of abuse?” The problem is that I am not very good at making...
  • Blog Post: How frequently do botnets reuse IP addresses?

    I wonder how much botnets reuse IP addresses.  Do they infect a system and spam, get blocked, discard the IP and move onto the next (new) one?  This means that they have a nearly unlimited supply of IP addresses.  Or do they infect a system and spam, get blocked, and then let it go dormant...
  • Blog Post: Top bots in 2012 so far

    Sometimes I read articles about the size of botnets.  For example, this article on Krebs on Security is called “ Who’s Behind the World’s Largest Spam Botnet? ”  Krebs names grum as the biggest botnet. How is the size of the botnet measured?  There are multiple ways, here are three: Which...
  • Blog Post: Security News Daily’s Top 10 Stories of 2011

    As I was reading stories around the Internet, as per my daily ritual, I stumbled across Security News Daily’s Top 10 Biggest Security stories of 2011 , by Matt Liebowitz.  As I went through it, I thought to myself “What the—? Did these guys copy me ?”  There’s a lot of overlap there. ...
  • Blog Post: The Top 10 Spam, Malware and Cyber Security Stories of 2011

    Well, here we are, the start of 2012.  If you’re like me, you’ve read a bunch of stories online about the top news stories, movies and books of 2011.  But what about the top 10 cyber security stories of 2011?  That’s what I am here for, to give you the rundown! This is a very condensed...
  • Blog Post: Spam is on the decline; what are the implications?

    Previously, I wrote that the total amount of spam that we are seeing has seen a significant decline over the past year and a half.  What does this mean in real terms?  Are we finally winning the fight against spam? There are multiple angles.  On the one hand, processing spam takes significant...
  • Blog Post: Taking down botnets is good / taking down botnets is bad

    Did you ever get the feeling that whenever you read about security topics, you can get opposite viewpoints about the same events? Take shutting down botnets.  To most people, shutting them down is a victory against spam or malware or cyber crime.  When security researchers do it, we all cheer...
  • Blog Post: New botnet is indestructible / no botnet is indestructible

    Computerworld posted a story this week about a new botnet, TDL-4, that is virtually indestructible.  It is so sophisticated that it is almost impossible to defeat: "TDL-4," the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is "the...
  • Blog Post: Solving the spam problem

    Last week, I read Ed Falk’s blog post on The Spam Diaries where he commented on a possible solution to the spam problem.  He himself was commenting on a study done by researchers out of the University of California where they discovered that credit card transactions for stuff bought in spamvertisements...
  • Blog Post: Has anyone stepped in to fill Rustock’s gap?

    It has now been a little over two months since Microsoft and some others shut down the Rustock botnet.  Since that time, Rustock has sent us only a trickling of spam and has not resurrected in its previous form.  The question I now ask is whether or not other botnets have stepped in to fill...
  • Blog Post: The distribution of botnets since Rustock went down

    I pulled together some statistics on my collection of botnet statistics for the period of time between Rustock being shut down and Wednesday, April 6.  I wanted to see the distribution of botnets per country – now that Rustock is down, which country has the most botnet infections (as measured by...
  • Blog Post: Rustock – a take down that worked but still part of a larger problem of botnets

    I came across this video on Youtube today, a collaborative video between WorldBusiness and Microsoft.  They go into the problem of botnets and then have clips and tips from various officials, including Pfizer and Microsoft, on how to stay secure.  It also goes into a brief overlook of how the...
  • Blog Post: Who has taken over as the most prolific botnet since Rustock was taken down?

    Over at the site V3.co.uk, they have an article up today alleging that since the Rustock takedown two weeks ago, the bagle botnet has moved to take over as the botnet that is responsible for sending the most spam.  They have not replaced Rustock’s total spam volume, only that they are now the number...
  • Blog Post: Microsoft took down Rustock - My own company is going to put me out of a job!

    It’s all over the Internet today but as it turns out, the ones who were largely responsible for taking down the Rustock botnet was none other than my employer, Microsoft!  I had my suspicions that it was them but since I was not involved in the investigation or take down efforts, I couldn’t say...
  • Blog Post: Rustock goes down (again); if this keeps occurring I’ll be out of a job

    If you haven’t heard it yet, Rustock, the world’s biggest botnet, stopped sending spam yesterday, Wed, March 16.  I guess they forgot to beware the ides of March: The Register reports the following: Spam volumes shrank on Wednesday after the prolific Rustock botnet fell silent, reportedly as a result...
  • Blog Post: Bredolab botnet infiltrated

    I’m a bit behind on writing about this, but last week the Bredolab botnet was infiltrated and shut down by Dutch police.  From PC World : A massive takedown operation conducted by Dutch police and security experts earlier this week does not appear to have completely dissolved the Bredolab botnet...
Page 1 of 3 (68 items) 123