TRAC

August 8, 2013

SECURITY

DNS Compromise Distributing Malware

DNS records are an attractive target for distributors of malware. By compromising the DNS servers for legitimate domains, attackers are able to redirect visitors to trusted domains to malicious servers under attacker control. DNS requests are served from dedicated servers that may service many thous…

August 2, 2013

SECURITY

Error Correction Using Response Policy Zones: Eliminating the Problem of Bitsquatting

A memory error is a condition that occurs any time one or more bits being read from memory have changed state from what was previously written.  By even the most conservative of estimates Internet devices experience more than 600,000 memory errors per day.  Cosmic radiation, operating a device outsi…

July 29, 2013

SECURITY

Security Implications of Cheaper Storage

An advert from Byte magazine dating from July 1980 proudly offers a 10MB hard disk drive for only US$3495. Accounting for the effects of inflation, that equates to approximately US$10,000 in today’s prices. If data storage prices had remained constant, this would mean that the 1GB flash drive…

July 22, 2013

SECURITY

July, a Busy Month for Breaches

This month has been particularly prevalent for the loss of personal information. At the beginning of the month it was reported that Club Nintendo had been breached with the personal data of up to 4 million stolen by attackers [1]. Subsequently, the forums of Ubuntu were hacked with the loss of 1.82…

July 19, 2013

SECURITY

Zeus Botnet Impersonating Trusteer Rapport Update

Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer pr…

July 17, 2013

SECURITY

Network Solutions Customer Site Compromises and DDoS

Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were r…

June 27, 2013

SECURITY

Expiring Albert: Recycling User IDs and the Impact on Privacy

Within many organisations offering online services to the public, there must be a great temptation to expire redundant user accounts that occupy desirable user IDs but which are never used by their users. Presumably the user IDs have been registered by someone, used on a couple of occasions, and the…

June 20, 2013

SECURITY

‘Hijacking’ of DNS Records from Network Solutions

UPDATE: This blog post is related to the redirection of domain name servers that occurred back in June 2013.  This post is NOT related to the ongoing activity occuring July 16, 2013.  Cisco TRAC is currently analyzing the ongoing issues with Network Solutions’ hosted domain names and has more…

June 13, 2013

SECURITY

Scope of ‘KeyBoy’ Targeted Malware Attacks

On June 6, 2013, malwaretracker.com released an analysis of Microsoft Office-based malware that was exploiting a previously unknown vulnerability that was patched by MS12-060. The samples provided were alleged to be targeting Tibetan and Chinese Pro-Democracy Activists. On June 7, 2013, Rapid7 relea…