Monthly Archives: July 2010

Hacked Companies Hit by the Obvious in 2009

July 28, 2010

As a rule, I tend to avoid writing about reports and studies unless they offer truly valuable and actionable insights: Too often, reports have preconceived findings and that merely serve to increase hype and drum up business for the companies that commission them. But I always make an exception for the annual data breach report issued by the Verizon Business RISK team, which is so chock full of hype-slaying useful data and conclusions that it is often hard to know what not to write about from the report.

Rogue Antivirus Victims Seldom Fight Back

July 27, 2010

Recently I came into possession of a series of documents showing the financial books of an organization that orchestrates the distribution of rogue anti-virus attacks or “scareware,” programs that hijack victim PCs with misleading security alerts in an effort to frighten the user into purchasing worthless security software. I found many interesting details in this data cache, but one pattern in the data I think explains why scareware continues to be a major scourge: Relatively few people victimized by it dispute the transaction with their bank.

Services Let Malware Purveyors Check Their Web Reputation

July 26, 2010

Virus writers and botmasters increasingly are turning to new subscription services that test when and whether malicious links have been flagged by Web reputation programs like Google Safe Browsing and McAfee SiteAdvisor.

Experts Warn of New Windows Shortcut Flaw

July 15, 2010

Researchers have discovered what appears to be a sophisticated new strain of malicious software that piggybacks on USB storage devices and leverages a previously unknown security vulnerability in the way Microsoft Windows processes shortcut files.

USB-borne malware is extremely common, and most malware that piggybacks on USB and other removable drives traditionally has taken advantage of the Windows Autorun or Autoplay feature. But according to VirusBlokAda, this strain of malware leverages a vulnerability in the method Windows uses for handling shortcut files.

The Case for Cybersecurity Insurance, Part II

July 14, 2010

When cyber crooks stole nearly $35,000 this year from Brookeland Fresh Water Supply District in East Texas, the theft nearly drained the utility’s financial reserves. Fortunately for the 1,300 homes and businesses it serves, Brookeland had purchased cyber security insurance, and now appears on track to recoup all of the unrecovered funds in exchange for a mere $500 deductible.

As this attack and a related case study I wrote about last month shows, cyber theft insurance can be a reasonable and effective investment in an era when ultra-sophisticated cyber thieves increasingly are defeating the security that surrounds many commercial online banking accounts.