Week in review: Sizing up botnets, Conficker still alive and kicking, and a new exploit kit spotted in the wild

Here’s an overview of some of last week’s most interesting news, podcasts and articles:

What’s in your daily slice of spam?
Bitdefender decided to look at just what spam – the e-mail version – contains. And they found out spam covers a lot more than pitches for Canadian Pharmacy wonder medicine and luxury goods replicas.

Gamex Trojan threatens Android users
A new Android Trojan that first paves the way for the download of other apps and them effects it has been spotted lurking on third-party websites, camouflaged as legitimate file managing, ad blocking, and performance boosting apps.

Conficker paves the way for other malware
The recently released 12th volume of the Microsoft Security Intelligence Report has shown us that the Conficker worm is still alive and kicking, as it can be found on more than 1.7 million machines around the world.

Global dashboard for monitoring the quality of SSL support
While it is possible today to deploy SSL and to deploy it well, the process is difficult: the default settings are wrong, the documentation is lacking, and the diagnostic tools are inadequate. For these reasons, we cannot say that the Web is yet secure, but we hope that someday it will be.

Flashback botnet is a cash cow
We have all heard about the Flashback malware targeting machines running OS X and enslaving them into a botnet, but not a lot of attention has been given to the ultimate goal of the criminals behind it. As expected, it is money.

Skype bug allows capturing of users’ IP address
Skype users that might – for whatever reason – wish to remain anonymous are currently in danger of getting their remote and local IP addresses discovered via a very simple trick.

Bank robbery 2.0: Online banking in the sights
In the world of bank robbery 2.0, perpetrators do not attack the banks. They infect online banking customers’ computers with intelligent computer malware called banking Trojans.

Joint attack by banking Trojan and ransomware
The Citadel malware – a banking Trojan that is based on Zeus Trojan’s source code and whose creators have adopted a Software-as-a-Service approach when it comes to the modifications of the crimeware kit that produces its variants – is currently being delivered along with the Reveton ransomware.

Oracle addresses 0-day “TNS Poison”
Oracle released a configuration workaround for the CVE-2012-1675 vulnerability in the Oracle Database Server V10 and V11, addressing a 0-day vulnerability that was recently published on the full-disclosure mailing list under the name “TNS Poison” by Joxean Koret.

Biggest enterprise data recovery myths
Kroll Ontrack announced the top five data recovery myths. From concerns over cost, system complexity and data protection to resource constraints and simple misunderstandings, preconceived notions are hindering organizations from obtaining a successful data recovery and protecting their data from future loss.

A basic shift in network defense
In this podcast recorded at RSA Conference 2012, Mike Potts, President and CEO of Lancope, talks about the evolutions in the security industry and how the companies are reacting to the realization that it is not a question of “if” their network will be compromised, but “when”.

Poison Ivy RAT served by compromised Israeli website
The official website of the Israeli Institute for National Security Studies has been compromised and has been found serving a variant of the Poison Ivy remote administration tool (RAT), warns Websense.

ISO 27001 benefits: How to obtain management support
If you want your management to understand what you are saying to them, you have to use their language and you have to understand their way of thinking – usually it comes down to “return on investment”. You have to reach them before your project begins, because later on you are going to run into problems.

The difficulties in sizing up botnets
In a recent blog post, Jose Nazario, senior manager of security research at Arbor Networks, gave insight into a number of measurement methodologies researchers use to effect that task.

Top 10 business logic attack vectors
Application business logic flaws are unique to each custom application, potentially very damaging, and difficult to test. Attackers exploit business logic by using deductive reasoning to trick and ultimately exploit the application.

New hacking group hits government websites, leaks stolen data
A hacker group that named itself “The Unknowns” has recently boasted on Pastebin of having compromised a number of government, business and educational websites.

Microsoft names source of RDP code leak
Microsoft closed the loop by confirming that Hangzhou DPTech Technologies Co., Ltd – a member of the MAPP program – leaked the information. This confirmed that the leak was from a Chinese source and was indeed Microsoft’s code. Microsoft has responded by removing the partner from the MAPP program.

1,000+ WordPress sites compromised through automatic update feature
The discovery was made by Denis Sinegubko, the founder of the helpful Unmask Parasites website, who points out the irony of webmasters trying to keep their sites safe by using automatic updating, and then having them compromised through the same means.

Android drive-by download malware served by hacked websites
The downloading of the malware, which poses as a system update, is triggered automatically thanks to the hidden malicious code (iFrame or JavaScript) located at the bottom of each page.

RedKit exploit kit spotted in the wild
This new kit has no official name, so the researchers dubbed it RedKit due to the red coloring scheme of its administration panel.