Botnets, Infographics

Nice representation of botnets on mozy infographics based on Messagelabs and M86 reports.

Encrypt Your Mobile VoIP Calls

Whisper Systems, announced the availability of it public beta Mobile Security Suite, with two applications for Encrypting SMS and VoIP calls on Android devices.

The VoIP application uses a new method of establishing a call using SMS as a signaling protocol instead of the initial SIP signaling, to overcome the SIP constant connection requirements.

The encryption is done using the well-known ZRTP protocol to setup SRTP stream between the 2 devices.

Here is how it works:

- The caller uses the RedPhone software normally to call any RedPhone number, the software will contact the RedPhone infrastructure, which will send an encrypted SMS to the destination RedPhone device.

- The received SMS will activate the RedPhone VoIP client on the destination, and the call will then start the normal sequence.

The 2nd application is TextSecure, which uses OTR encryption protocol with ECC.

Pretty neat idea, but it is only available in US for now, and only on Android devices.

Malware Impact in Enterprise

A recent paper from RSA highlighting the impact of malware infection in enterprise, by analyzing one month of Zeus malware data collected, looking for US Fortune 500 related data.

- 88% of Fortune 500 were shown to have been accessed by computer infected with Zeus trojan

- 60% of Fortune 500 have at least one email address compromised

- Security managers have little visibility into employees online activities

- The line between enterprise and consumer disappear

The paper highlight the need for organizations to understand the level of risk and exposure they face from malware infections and to assess whether they have the appropriate technology, controls and procedures in place to mitigate future threats.

Just to highlight some numbers:

- Zeus infection is 3.6 million PCs in USA only

- Maripoza infection is 12.7 million, 50% of Fortune 1000, 40% of banks

- Conficker estimated to be 9 million infection

updated

Monitor your online login activities

Facebook recently added a new feature that will alert you if you or someone else logged in with your account from unusual computer or Mobile.

Gmail also provided similar feature a while ago, but with no alerts, just an easy way of checking your login activities with time stamp and IP address.

Materials, SOURCE Boston 2010

SOURCE Boston 2010 slides are now available online. They are still adding more slides, so check it every while.

Web exploitation toolkits

M86 just released a report looking in general at exploit toolkits in terms of prices, usage, simplicity, and features.

Materials, LEET's 10, SAN JOSE

LEET'10 workshop just ended few days ago, there are some interesting presentations and papers out there. Program details are here.

Some of the interesting topics:

A View of Botnet Management from Infiltration

WebCop: Locating Neighborhoods of Malware on the Web

On the Potential of Proactive Domain Blacklisting

Detection of Spam Hosts and Spam Bots Using Network Flow Traffic Modeling

Honeybot, Your Man in the Middle for Automated Social Engineering