Week in review: Russian hackers’ identikit, DDoS spam and Android spying app

Here’s an overview of some of last week’s most interesting news, videos and articles:

Who is the typical Russian hacker?
Two security researchers have spent 6 months on various Russian web forums in order to discover just what kind of threat Russian hackers present to the world at large.

Five imperatives for extreme data protection in virtualized environments
Data protection – which includes not only backup, but also secondary storage and disaster recovery considerations – is an area that can easily complicate virtualized data centers if implemented hastily.

SSL Labs: Researching the technology that protects the Internet
In this video Ivan Ristic talks about SSL Labs – a non-commercial research effort and collection of documents and tools related to SSL.

5 million domains serving malware via compromised Network Solutions widget
A recent rise in the number of Armorize’s customers’ sites getting flagged by their own drive-by downloads and zero-day malware threats detection service HackAlert has led the the company researchers to the discovery of a compromised widget provided by Network Solutions.

Deconstructing ColdFusion
In this video from OWASP AppSec Research 2010, Chris Eng from Veracode provides a practical guide for those doing penetration testing or code reviews on an application written in ColdFusion.

7-character passwords soon to be hopelessly inadequate
The graphics cards of today have the processing power that a decade ago only multi-million dollar supercomputers had.

Android game hides spying application
If you have a game called Tap Snake on your Android handset and you weren’t the one who installed it, you are probably getting spied on by someone who had physical access to your device.

Millions of ColdFusion users still at serious risk
Millions of users of Adobe’s ColdFusion programming language are still at risk of losing control of their applications and websites.

DDoS threat spam targets domain owners
An interesting and not that often seen approach to make users part with their hard-earned cash has been spotted recently by Symantec.

Employees admit they would steal data when leaving a job
Employees openly admit they would take company data, including customer data and product plans, when leaving a job.

Twitter app demonstrates spammers have nothing to worry about
A fun, seemingly innocuous Twitter application created by a scottish teenager became a good example of how easy is to trick even technologically savvy users into participating in a spam operation.

40 Windows apps affected by critical code execution flaw
Some 40 Windows applications are affected by a critical vulnerability that can allow attackers to execute malicious code remotely and infect the computers with malware, says HD Moore, CSO at Rapid7 and creator of Metasploit.

Top 10 most dangerous celebrity searches
Cameron Diaz has replaced Jessica Biel as the most dangerous celebrity to search for on the Web, according to security company McAfee.

Messing with Internet scammers
Online scammers are resourceful people who take advantage of people’s gullibility and lack of knowledge about Internet dynamics, but once in a while they happen to stumble upon users who will know who they are dealing with and are willing to play along and lead them on a merry chase.

Malware-infected airline system to blame for tragic plane crash?
The company’s internal investigation discovered that at the time, the airline’s central computer system was infected with Trojans, and that this may have prevented it from reporting the danger.

Rogue AV uses legitimate uninstallers to cripple computers
CoreGuard Antivirus – a “popular” fake AV solution – has been spotted utilizing legitimate software uninstallers to trick users into uninstalling their legitimate security software.