DDoS and Security Reports

A few things in my reading hopper today … I digest a lot of info every day, but here’s a few highlights from my reading.

SANS has published their Top 20 risks for 2007, the annual update to the big list SANS puts together every year. This year’s is pretty good, actually. Rohit Dhamankar, from TippingPoint, was in charge of it and gathered a great team of people for perspectives. (I contributed a few things and then promptly dropped the ball as I got swamped with travel and work.) What I like about this year is that instead of, say, 20 CVE entries, it’s 20 broad classes of risks with lots of detail. The big classes you would expect – browsers, office suites, email clients, Im, P2P, Windows services – are all there, along with things that should be but you may not have noticed: media players (QuickTime, Real, etc), AV software, and backup apps. A well written top 20, worth reviewing.

Another piece of reading that caught my eye this morning was Malicious code evolution: July – September 2007 from Kaspersky Labs. Instead of the usual quarterly review of malware, notable samples etc, this one looks at an investigation into Zunker, Zupacha, Bzub and the Gpcode cryptoware. It turns out there’s a very large relationship between these, visible in a massive amount of shared code. Well worth reading if you like malware mysteries.

Over the weekend RTSP exploits started appearing in the wild. Looks like it was partially disabled, if not fully, and wasn’t a major threat. I haven’t seen any other ones in the wild yet.

As for seeing the future, start expecting to see predictions for 2008. Symantec has released A Look Ahead to Security Trends in 2008. Their expectations: election campaigns to merge with threats, virtual worlds being more of a target, and mobile platforms become targeted. McAfee AVERT Labs has also released some threat predictions for 2008. They expect to see adware declining, more Storm-like malware, more virtual world malware, parasitic malware, and virtualization-related threats.

On that last topic, what do I expect to see? I think the Storm worm botnet will get hijacked by various groups, it will be eclipsed by a larger botnet, Vista will remain largely irrelevant to malcode authors, and China will be a big threat, mainly as a target by Chinese hackers against Chinese laguage software and users.

Popularity: 1% [?]

This entry was posted on Monday, December 3rd, 2007 at 4:14 pm and is filed under Arbor Networks - DDoS Experts, Exploit Code, Malware, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.