Entries with tag user security.

Pushdo Botnet Is Evolving, Evading Detection

New research finds that a Pushdo Trojan variant has continued evolving and thriving and now can counteract attempts to disrupt the botnet it has created. Security experts first spotted the Trojan, which hackers use to distribute spam and other malware, in 2007 . Cutwail, the network’s spam-generating engine, is reportedly responsible for much of the world’s spam traffic. Security experts have tried to take down the Pushdo/Cutwail botnet four times during the last five years, according to PC World, but the disruption was only temporary. Security experts from vendors Damballa and Dell SecureWorks, as well as the Georgia Institute of Technology, say the latest variant of Pushdo uses domain-generation algorithms, which periodically generate multiple domain names that botnet controllers can use to contact zombie computers. The many new contact points make shutting down botnets difficult for security experts. It also causes problems with user security products designed to block malicious traffic. The Trojan also has zombies regularly query legitimate websites to camouflage their traffic to command-and-control servers. Damballa published its Pushdo findings online at < https://www.damballa.com/downloads/r_pubs/Damballa_mv20_case_study.pdf >.  (PC World)(Infosecurity Magazine)(Damballa)

Twitter Launches Two-Factor Authentication for SMS

Twitter announced the launch of two-factor authentication via short-message service, designed to improve users’ account security. Two-factor authentication works by providing users with a second, one-time login by text message they use with their password. This makes it more difficult to access an account with only a password. Twitter users may now voluntarily implement the security feature, which several major technology providers such as Facebook and Google already offer. In recent months, hackers have targeted Twitter by using stolen passwords to access high-profile organizations’ accounts and posting false messages. For example, attackers compromised the Associated Press’ Twitter account and posted that the White House was under attack. This caused the Dow Jones to plummet briefly, until it was announced that the posting was false. Security experts say the additional Twitter security is helpful but won’t prevent all possible hacks, including man-in-the-middle or phishing-based attacks. (Tech Crunch)(The New York Times)(InformationWeek)(Twitter)

Showing 2 results.