TRAC

DNS records are an attractive target for distributors of malware. By compromising the DNS servers for legitimate domains, attackers are able to redirect visitors to trusted domains to malicious servers under attacker control. DNS requests are served from dedicated servers that may service many thous…

A memory error is a condition that occurs any time one or more bits being read from memory have changed state from what was previously written.  By even the most conservative of estimates Internet devices experience more than 600,000 memory errors per day.  Cosmic radiation, operating a device outsi…

An advert from Byte magazine dating from July 1980 proudly offers a 10MB hard disk drive for only US$3495. Accounting for the effects of inflation, that equates to approximately US$10,000 in today’s prices. If data storage prices had remained constant, this would mean that the 1GB flash drive…

This month has been particularly prevalent for the loss of personal information. At the beginning of the month it was reported that Club Nintendo had been breached with the personal data of up to 4 million stolen by attackers [1]. Subsequently, the forums of Ubuntu were hacked with the loss of 1.82…

Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer pr…

Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were r…

Within many organisations offering online services to the public, there must be a great temptation to expire redundant user accounts that occupy desirable user IDs but which are never used by their users. Presumably the user IDs have been registered by someone, used on a couple of occasions, and the…

UPDATE: This blog post is related to the redirection of domain name servers that occurred back in June 2013.  This post is NOT related to the ongoing activity occuring July 16, 2013.  Cisco TRAC is currently analyzing the ongoing issues with Network Solutions’ hosted domain names and has more…

On June 6, 2013, malwaretracker.com released an analysis of Microsoft Office-based malware that was exploiting a previously unknown vulnerability that was patched by MS12-060. The samples provided were alleged to be targeting Tibetan and Chinese Pro-Democracy Activists. On June 7, 2013, Rapid7 relea…