http://www.secureworks.com/research/ Blog posts and Threat Analyses from the SecureWorks Research Team. http://www.secureworks.com/research/blog/index.php/2009/01/04/chinese-hackers-talk-hacking Zhong guo hei ke tan hei ke, or 'Chinese Hackers Talk Hacker,' was an information security conference held earlier this year in Beijing, China. Sponsored by Yesky, a popular Chinese electronics e-retailer, the event drew around 80 attendees, most of which were hackers that had previously communicated entirely over the internet. http://www.secureworks.com/research/blog/index.php/2009/01/04/chinese-hackers-talk-hacking http://www.secureworks.com/research/threats/rogue-antivirus-part-1 http://www.secureworks.com/research/threats/rogue-antivirus-part-1 http://www.secureworks.com/research/blog/index.php/2008/12/22/ie-users-beware On December 9, 2008, a "weaponized" zero-day exploit for a previously undisclosed vulnerability in Microsoft Internet Explorer 7 was discovered in the wild being used by Chinese hackers to install malware on victims' computers. The exploit was based on a proof-of-concept that was posted on a Chinese forum early in November of 2008, and coincidentally, launched on the same day as Microsoft's last batch of security patches for the year. http://www.secureworks.com/research/blog/index.php/2008/12/22/ie-users-beware http://www.secureworks.com/research/threats/rogue-antivirus-part-2 http://www.secureworks.com/research/threats/rogue-antivirus-part-2 http://www.secureworks.com/research/blog/index.php/2008/12/12/ftc-takes-on-antivirus-xp Early last week the FTC took aim at Antivirus XP and the people behind it. Antivirus XP is a well known scam, that SecureWorks has investigated previously. The FTC sought and was granted a temporary restraining order (TRO) that requires the entities and people behind Antivirus XP to stop claiming they are preforming AV scanning, concealing their identities (including to cease use of any domains registered using false information), and to not spend, hide or transfer any of their ill-gotten gains. http://www.secureworks.com/research/blog/index.php/2008/12/12/ftc-takes-on-antivirus-xp http://www.secureworks.com/research/threats/warezov http://www.secureworks.com/research/threats/warezov http://www.secureworks.com/research/blog/index.php/2008/11/18/first-atrivo-now-mccolo Security researchers have had a number of victories to celebrate recently. First Atrivo and now McColo have been disconnected from the Internet. This was done not by law enforcement or other governmental action, but rather by the concerted efforts of the Internet community. http://www.secureworks.com/research/blog/index.php/2008/11/18/first-atrivo-now-mccolo http://www.secureworks.com/research/threats/coreflood-report http://www.secureworks.com/research/threats/coreflood-report http://www.secureworks.com/research/blog/index.php/2008/11/03/tracking-gimmiv On October 23, 2008, Microsoft released an out-of-cycle emergency patch for a flaw in the Windows RPC code. The reason for this unusual occurance was the discovery of a "zero-day" exploit being used in the wild by a worm (or trojan, depending on how you look at it). The announcement of a new remote exploit for unpatched Windows systems always raises tension levels among network administrators. The fact that this one was already being used by a worm evoked flashbacks of Blaster and Sasser and other previous threats that severely impacted the networked world. http://www.secureworks.com/research/blog/index.php/2008/11/03/tracking-gimmiv http://www.secureworks.com/research/threats/coreflood-removal http://www.secureworks.com/research/threats/coreflood-removal http://www.secureworks.com/research/blog/index.php/2008/11/03/beginning-of-the-end-for-estdomains http://www.secureworks.com/research/blog/index.php/2008/11/03/beginning-of-the-end-for-estdomains http://www.secureworks.com/research/threats/securityadvisory http://www.secureworks.com/research/threats/securityadvisory http://www.secureworks.com/research/blog/index.php/2008/10/21/darkmarket-fbi-sting-closes-e-doors DarkMarket.ws (known in carding, identity theft, and other black-hat rings) went "Dark" earlier this month. DarkMarket was widely known and respected among criminals as a forum for exchanging stolen banking data, credit card information, and other underground activities. What users of the site didn't know was that the site wasn't really hosted by Eastern-European hackers. http://www.secureworks.com/research/blog/index.php/2008/10/21/darkmarket-fbi-sting-closes-e-doors http://www.secureworks.com/research/threats/coreflood http://www.secureworks.com/research/threats/coreflood