Here comes “Conficker”

Posted on by
Reply

I just read the following article…

Computer Virus ‘Time Bomb’ Could Go Off April 1
(http://www.foxnews.com/story/0,2933,510296,00.html)

My thoughts…

The Internet is a dangerous place. It seems highly likely that “Conficker” is going to do something, and it should be of great concern to everyone, but particularly IT people, that we know about this worm, but still have no idea what it is designed to do. Talk about a weakness of the “filtering” mentality. Don’t forget… It is nearly impossible to filter for something that is not yet known.

With history as our guide, it is highly likely this worm will include an e-mail based component. The bad news for people who are protected by current anti-spam filtering technologies is that they will be left virtually naked until the worm actually starts working. Only then will the developers of the filters be able to design rule sets to deal with the worm. This is the definition of being reactive. In addition, once the rule sets are defined, they do no good until they are pushed out (deployed).

It would not surprise me if we saw an exponential increase in threat-laden email when this worm comes to life. However, I do not think the people that design these sorts of worms are targeting the email infrastructure. I believe email is used as a virtual “smoke screen” these days. This virtual “smoke screen” is used to mask the real targets of the worm or virus.

Valentine’s Day Spammers

Posted on by
Reply

I came across this article last night, “Botnet Operators Gearing Up for Valentine’s Day Spammers try to play Cupid, with a dark twist” by Richard Adhikari with Internet News (http://www.internetnews.com/security/article.php/3802331) and can’t help but think there is nothing new here.

The “bad guys” are well funded and have developed sophisticated tool-sets to evade detection by content driven and IP reputation based security systems.

While I’m not extremely familiar with the term “fast flux DNS,” this is a perfect illustration of why DNS blacklisting (a.k.a. IP reputations) is such a waste of time as currently implemented by folks like Websence, etc. The “bad guys” know that as long as they are competing against reactive technologies like content filters and DNS blacklists they will ALWAYS be ahead of the curve.

Points of Pain

Posted on by
Reply

A recent article I wrote for ADVANCE for IT Executives on-line magazine (http://health-care-it.advanceweb.com) dealt with the challenges unique to the health care industry because of their unfortunate position in the cross hairs their routine communications employ similar terminology to the purveyors of smut and spam. Common industry words, in their context benign, such as “breast” or “Viagra,” pose particular problems for filtering mechanisms, which can’t distinguish the difference between purveyors of smut and patient communications or correspondence from health care colleagues. Think about how costly, time-consuming and distracting that misjudgment can be. In a reflection of how tightly intertwined spam and the health care industry are, in October 2008, a U.S. District Court shut down what had been called the largest “spam gang” in the world after amassing more than three million complaints about the operation’s attempt to sell prescription drugs, weight-loss pills and male-enhancement products.

So while the health care community is particularly hampered by the inherent flaws of traditional spam filtering mechanisms which were designed to only guess at the safety of the message by screening for “suspect” words, that industry isn’t alone in feeling acute pain. If we randomly selected IT Administrators from any range of industries and forced them into a group session, every one of them could fill hours on the couch with stories about how their resource allocations were haywire dealing with spam.

To reuse a very recently overused cliché, if the definition of insanity is doing the same thing over and over in anticipation of a different outcome, then we might all need group therapy or more. Leaves me wondering why so many are still using filter technology in ever increasing variations, getting the same failed results, and trying yet another variation.