Internet Anthropologist Think Tank: Infected PC's rampant

There are more infected computers on the WWW now than at any other time in its short history.
I've seen quotes from professionals that your Chances are 6 of 10 are infected with something.
Your chances of being infected are better than 50% , yes Yes YOU.

NONSENSE, I HAVE A FIREWALL, ANTI-VIRUS, MALWARE SWEEPER...

I rember the first time I heard of a virus, and searched until I found one to play with.
Back then I could lock down everything and just watch it try and do things.

Back then all vectors were known.
Then came along the anti-virus companys, and again I felt secure, even used more than one just to be safe, and then firewalls, something very exotic felt most secure and safe.

AT ONE TIME YOU COULD SURF THE INTERNET WITHOUT A FIREWALL OR ANTI-VIRUS. IF YOU DO NOW YOUR AN IDIOT.

Then came spy ware, rootkits and SLQ injection.

There are rootkits that can't be detected. ( Whoever gets to root first. )

Most of the computer security companies have become frauds, with names like " total security"
and other misnomers.

Now you need Firewalls, anti-virus, anti-spyware sweepers and SLQ protection black lists.
And they can still walk thru all of that.

But I don't want you to believe me, but I do want you to think.

SLQ injection gets into the top sites, and infects them, so your security views them as
trusted sites and allows them to do things that circumvent security because you don't expect
Google or yahoo to infect you, your PC automatically uses lower security settings for trusted sites.

Security Epidemic: SLQ INJECTION

SQL Injecting Malicious Doorways to Serve Malware
Yet Another Massive SQL Injection Spotted in the Wild
Malware Domains Used in the SQL Injection Attacks
SQL Injection Through Search Engines Reconnaissance
Google Hacking for Vulnerabilities
Fast-Fluxing SQL injection attacks executed from the Asprox botnet
Sony PlayStation's site SQL injected, redirecting to rogue security software
Redmond Magazine Successfully SQL Injected by Chinese Hacktivists

THERE IS NO SAFETY WHEN SURFING THE INTERNET.
The security vendors can't keep up with the threat, vectors or methods.
And you Mac users, don't smile your risk may be equal to the PCs.

xxxxxxxxxxxxxxxxxxxxxxxxxxxx

How much malware is your antivirus solution detecting? A million, ten million, even "worse", less than a million? Does it really matter? No, it doesn't. What's marketable can also be irrelevant if you are to consider that today's malware is no longer coded, but generated efficiently and obfuscated on the fly. Sophos's recent statistics :

"It is estimated that the total number of unique malware samples in existence now exceeds 11 million, with Sophos currently receiving approximately 20,000 new samples of suspicious software every single day - one every four seconds."................

Given the speed in which malware authors are lauching a DDoS attack against AV vendors by crunching out dozens of malware variants parts of a single family, their actions could start directly driving the data storage market, and if they continue maintaining the same rhythm, soon you'll be partitioning a separate GB for the signatures files.

http://ddanchev.blogspot.com/

http://snipurl.com/383ki

xxxxxxxxxxxxxxxxxxxxxxx

Credit cards numbers are considered a commodity on the criminal net, because they are so easy
to get, I was offered 400 American express cards, and contacted their security offices in Chicago and NY and they were not interested.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

"Prices charged by cybercriminals selling hacked bank and credit card details have fallen sharply as the volume of data on offer has soared, forcing them to look elsewhere to boost profit margins, a new report says. Researchers for Finjan, a Web security firm, said the high volumes traded had led to bank and credit card information becoming "commoditized" - account details with PIN codes that once fetched $100 or more each might now go for $10 or $20. In its latest quarterly survey of Web trends, the California-based company said cybercrime had evolved into "a major shadow economy ruled by business rules and logic that closely mimics the legitimate business world."

http://ddanchev.blogspot.com/2008/07/are-stolen-credit-card-details-getting.html

http://snipurl.com/383r1

xxxxxxxxxxxxxxxxxxxxxxxxxxx

MS is years behind the automated hackers.

Legit Websites Heavily Compromised
July 30, 2008
By Richard Adhikari

Instead of putting up their own Websites, malicious hackers are now focusing their efforts on corrupting legitimate sites. A survey released today, and conducted between January and June by Websense, found that hackers compromised 50 percent more legitimate Websites during this period than between July and December 2007.

According to the study by messaging and data protection vendor Websense, more than 75 percent of Websites containing malicious code are legitimate sites that have been infected. The survey found that 60 of the 100 most popular Websites either hosted, or were involved in, malicious activity between January and June 2008.

http://www.esecurityplanet.com/trends/article.php/3762141

http://snipurl.com/383bk

xxxxxxxxxxxxxxxxxxxxxxx

30 seconds, infected.
, shockwave-flash@http://www.youtube.com/v/iD0wdzQb8XY&hl=en&fs=1" href="http://www.youtube.com/v/iD0wdzQb8XY&hl=en&fs=1" id="">

xxxxxxxxxxxxxxxxxxxxxx

Drive by, just visit = infection

, shockwave-flash@http://www.youtube.com/v/aVkyUqU6xtE&hl=en&fs=1" href="http://www.youtube.com/v/aVkyUqU6xtE&hl=en&fs=1" id="">

SORRY IF VID DOES NOT WORK GOOGLES YOUTUBE HANDING OUT BAD CODE,
POSTED CODE TWICE, WORKED FOR A DAY THEN IT QUIT WORKING.

xxxxxxxxxxxxxxxxx

My scanners pick up 20 or 30 major sites a day handing out malware.G

xxxxxxxxxxxxxxxxxxxx

How much does it cost to send 1 million spam emails these days? According to a random spamming service, $100 excluding the discounts based on the speed of sending desired, namely 10-20 per second or 20-30 per second. Let's dissect the service, and emphasize on its key differentiation factors, as well as the customerization offered in the form of a dedicated server if the customer would like to send billions of emails :

http://ddanchev.blogspot.com/

http://snipurl.com/383ki

xxxxxxxxxxxxxxxxxxxxxxx

The point behind this is there could be an Agamemnon hidding behind this.

In the past we have seen Internet cable cut in the Seas, bot taking out a country on the net,
October 22 2002 Nine of the internet's 13 "root DNS" servers are disabled in a massive attack by a bot herder advertising his services, and done by mistake.

The emergency planning done by even the Government has NO contingency for a total outage of the WWW for long periods of time. NONE.

A massive DOS attack on the Internet nodes could be a step up from WMD.

As a CEO what do you do if the WWW goes down for a couple of months?

Messy from all the updates but worth the read:
Our CYBERWARS's "Pearl Harbour" Report.

Gerald
What can you do, don't use a credit card on the Internet, use debit cards, they can only steal what you have in the account, no credit.
If the Internet went down for a month say, how would that effect you, do some planning.
Cell phones would be out, CB's would be in an in great demand. Cable TV out, shortwave radios
IN. Give it some thought, Don't believe me Just THINK, Plan.

XXXXXXXXXXXXX