http://www.secureworks.com/research/ Information security Threats and SecureWorks Research Blog. http://www.luhrq.com/research/blog/index.php/2010/3/8/securely-deleting-data Securely deleting data is a requirement of most regulatory requirements. But many organizations struggle with just how to do this in a way that is both secure and compliant. Some ways to do this include using software to overwrite the data, using a degaussing tool to electronically damage the drives, and physically destroying them. http://www.luhrq.com/research/blog/index.php/2010/3/8/securely-deleting-data http://www.luhrq.com/research/threats/blackenergy2 http://www.luhrq.com/research/threats/blackenergy2 http://www.luhrq.com/research/blog/index.php/2010/2/10/spam-and-the-changing-business-model-of-cyber-criminal In the past couple of months, the Freakonomics blog asked why there has been such a downturn in the familiar Viagra and Nigerian prince Spam. The author attributed this to the cost of spamming not being worth the rates of return anymore. Most commentators pointed to better spam filtering software. http://www.luhrq.com/research/blog/index.php/2010/2/10/spam-and-the-changing-business-model-of-cyber-criminal http://www.luhrq.com/research/threats/opachki http://www.luhrq.com/research/threats/opachki http://www.luhrq.com/research/blog/index.php/2010/2/8/new-banking-trojan-targeting-ach-and-wire-payment-sites-is-discovered Over the past year, the SecureWorks Counter Threat Unit (CTU)(SM) has seen criminals continue to target Automated Clearing House (ACH) and wire transfer transactions for fraud activity, resulting in high-value losses. Small to midsized businesses (SMBs) and not-for-profits have been hit especially hard. Neustar has published an excellent overview (PDF) of this type of threat. http://www.luhrq.com/research/blog/index.php/2010/2/8/new-banking-trojan-targeting-ach-and-wire-payment-sites-is-discovered http://www.luhrq.com/research/threats/windows-0day http://www.luhrq.com/research/threats/windows-0day http://www.luhrq.com/research/blog/index.php/2010/1/20/operation-aurora-clues-in-the-code With the recently disclosed hacking incident inside Google and other major companies, much of the world has begun to wake up to what the infosec community has known for some time - there is a persistent campaign of "espionage-by-malware" emanating from the People's Republic of China (PRC). Corporate and state secrets both have been shanghaied over a period of five or more years, and the activity becomes bolder over time with little public acknowledgement or response from the U.S. government. http://www.luhrq.com/research/blog/index.php/2010/1/20/operation-aurora-clues-in-the-code http://www.luhrq.com/research/threats/ppi http://www.luhrq.com/research/threats/ppi http://www.luhrq.com/research/blog/index.php/2009/12/29/publicly-disclosed-gsm-attack-surface-expanding During the course of 2009, the amount of publicly available information on the security of GSM cellular networks and devices has steadily increased. GSM stands for the "Global System for Mobile communications" and is the world's most popular standard for mobile handsets. http://www.luhrq.com/research/blog/index.php/2009/12/29/publicly-disclosed-gsm-attack-surface-expanding http://www.luhrq.com/research/threats/clampi-trojan http://www.luhrq.com/research/threats/clampi-trojan http://www.luhrq.com/research/blog/index.php/2009/12/2/secureworks-reports-increase-in-email-scams-and-advises-extra-caution-while-shopping-online-this-holiday-season In the last month, SecureWorks' Counter Threat Unit(SM) (CTU) has seen a general increase in malicious email campaigns trying to infect online users with the Zeus Trojan (one of the most pervasive financial-credential stealing Trojan) on the market. In the last three weeks, the CTU has also monitored a large increase in the number of email lists being sold on the underground hacker forums, coinciding with the start of the holiday shopping season. http://www.luhrq.com/research/blog/index.php/2009/12/2/secureworks-reports-increase-in-email-scams-and-advises-extra-caution-while-shopping-online-this-holiday-season http://www.luhrq.com/research/threats/ffsearcher http://www.luhrq.com/research/threats/ffsearcher http://www.luhrq.com/research/blog/index.php/2009/11/25/sans-incident-detection-summit SecureWorks CTO Jon Ramsey will be participating on a panel at the SANS Incident Detection Summit December 9-10, 2009. http://www.luhrq.com/research/blog/index.php/2009/11/25/sans-incident-detection-summit http://www.luhrq.com/research/threats/virut-encryption-analysis http://www.luhrq.com/research/threats/virut-encryption-analysis http://www.luhrq.com/research/blog/index.php/2009/10/30/toorcon-11-a-success There are two things one can count on every year at ToorCon: the amazing San Diego weather and excellent presentations about new and emerging security research. This year's ToorCon 11 did not disappoint, and delivered a lot of great content and new security research throughout the weekend. http://www.luhrq.com/research/blog/index.php/2009/10/30/toorcon-11-a-success http://www.luhrq.com/research/threats/dns-amplification http://www.luhrq.com/research/threats/dns-amplification http://www.luhrq.com/research/blog/index.php/2009/9/29/monkifdlkhora-botnet-hiding-its-commands-as-jpeg-images The SecureWorks Counter Threat Unit (CTU) has been carefully monitoring the activity of the Monkif/DlKhora botnet. This bot is an example of a Downloader trojan, in that its primary purpose is to receive instructions to download and execute other malware. The trojan also attempts to disable anti-virus and personal firewall software to maintain its foothold on the system. http://www.luhrq.com/research/blog/index.php/2009/9/29/monkifdlkhora-botnet-hiding-its-commands-as-jpeg-images http://www.luhrq.com/research/threats/downadup-removal http://www.luhrq.com/research/threats/downadup-removal http://www.luhrq.com/research/blog/index.php/2009/9/25/skype-eavesdropping-trojan Recently, programmer Ruben Unteregger released the source code for a Trojan that allows an attacker to listen in on a victim's Skype conversations. For approximately seven years, Unteregger has worked as a software engineer for ERA IT Solutions AG where he developed the trojan. Skype traffic is encrypted using a 256-bit AES block cipher, the kind approved by the US Government to protect "TOP SECRET" information. http://www.luhrq.com/research/blog/index.php/2009/9/25/skype-eavesdropping-trojan http://www.luhrq.com/research/threats/botnets2009 http://www.luhrq.com/research/threats/botnets2009