Grey is the New Black

With the dangers found on the Internet today, people are attracted to the concept of blacklisting. They want to unconditionally reject malicious software but on the other hand, don’t want their resources limited as a result.  Herein lies the importance of the greylist.  It’s the future of the network security industry.

BIG News...We're Moving...

We have some big news to announce! As the business continues to grow and evolve it has become apparent that now was the time to move our main office to downtown San Jose. We plan to keep everything nice and efficient, but even more convenient for people flying in to San Francisco International or San Jose International airports.

Effective immediately our new offices are at  75 E. Santa Clara St. #1150, San Jose, CA 95113. Good news, our phone numbers are unchanged: +1 408 786 1050.

If you are in town give us a call and swing by to check out the new digs.We are moving

Whack-A-Cyber Criminal

There has been recent news covering the prosecution of certain cyber criminals responsible for malware such as Mariposa. Mariposa is botnet malware that originated in Spain and has infected 13 million computers. It’s always good to put the bad guy in jail but is law enforcement of cybercrime just an electronic version of the arcade favorite Whack-A-Mole? Will there always be another mole about to pop up? The answer is yes until the punishment fits the crime.

While these criminals need to be prosecuted it is not the most efficient way to prevent further problems. Time could be better spent on efforts that prevent other criminals from taking their place such as stricter sentencing for these crimes.

The Next Winning Number is...

The RSA Conference $100 Amazon Gift Card winning number is ID #153. If you have the ID# 153 Umbra Data bookmark you must claim your prize within 5 business days or we will randomly select another winner.

Don’t worry if you did not win this time, keep checking back because another winning bookmark number will be selected after the MIT Spam Conference later this month. For the record, you do not need a fresh bookmark because every number is still eligible except previous winners!

And the Winner is #132!

If you are in possession of the Umbra Data bookmark with ID #132 you have just won a $100 Amazon Gift Card. Note, the winner must claim his/her prize within 5 business days or we will randomly select another winner.

Sorry if you did not win, but hold on to your bookmark because we will randomly select another winning bookmark number after the RSA Conference in San Francisco next week, and by the way, you do not need a fresh bookmark because every number is still eligible except previous winners!

If a picture is worth a thousand words...

…how much is an interactive picture worth?

Umbra Data™ is pleased to offer more of our Dark Side Intelligence™ to you with an interactive world map containing active C&C’s being tracked by us. The map provides a snapshot of botnet activity worldwide along with the respective number of vetted C&C’s per country.  Simply click on one of the country flags to open a window that includes a high-level review of the top ASN’s with C&C’s, and how long the C&C’s have been active. You can also drill down by the continents listed at the top of the page to get a clearer view of individual countries.

This Just In: Dog Bites Man!

There’s a saying in journalism, “When a dog bites a man, that is not news, because it happens so often. But if a man bites a dog, that is news.”

Consider the Kneber botnet.  If you follow tech news, it was nearly impossible to miss the stories on Feburary 18, 2010 mentioning how this newly discovered botnet had infected almost 75,000 computers and including those of over 2500 organizations.  Sounds pretty serious, doesn’t it?  Let’s look a little deeper.  Kneber is a variant of the ZeuS botnet.

The Myth of the Model e-Citizen

I regret to admit it, but when I see a “Keep off the Grass” sign I feel compelled to take a walk on the green side…and I am not alone since I can see the well trod path across the lawn. I’ve observed that if the natural route from point A to point B goes over the grass then that is where the path will go. The same principle applies to our online activities. The community writ large can plea for secure and exemplary online behavior, but until one can realistically comply without it being a royal pain, the likelihood of compliance is extremely low. Let’s consider together the typical model e-citizen.

What Does Relative Zombie Strength Mean?

If you’ve looked at our daily report of the Top 40 Botted ISP’s, you’ll see a column labeled RZS which is short for Relative Zombie Strength.  What does that mean and how is it measured?  Good questions!

Once we began accumulating data from our botnet sensor network, we wanted to share this data about zombie activity in some meaningful way.  We started to investigate how others converted their botnet data into “real” numbers.  Very few places report hard numbers in terms of a count of infected computers, count of botnet C&C’s, etc…  Those that do report hard numbers rely on some “fudge factor” to arrive at their numbers.

Can TV Land get the Botnet Thing Right?

Just a prediction for those of you who watch Jack Bauer (Kiefer Sutherland) do his thing on the hit TV show 24. Last season, Jack had to recover a stolen CIP device and save the country from critical infrastructure meltdown and multiple nefarious extortion attempts. Now you and I know that CIP is not a device, but protocol requirements for securing the various key infrastructure components in the United States.