APWG – SWITCH Security-Blog

The Cybercrime Coordination Unit Switzerland (CYCO/KOBIK) published their Annual Report 2012 (PDF). It’s also available in German.
Phishing: How the phishers perpetrated their attacks, and what defensive measures are and are not working: The Anti-Phishing Working Group (APWG) released the Global Phishing Survey for 2H2012.
DDoS Attacks: I’m under attack. What should I do? Whom should I call? Dave Piscitello wrote an interesting blog post about How to Report a DDoS Attack on behalf of the ICANN Security Team.
When it comes to enterprise security, is it better to focus on compliance or risk? A viewpoint from Christian Anschuetz and Dan Abdul at networkworld.com.
A new Android malware is targeting Polish e-banking users. The application is called “E-Security”. (CERT Polska)
Strong Twitter passwords are important! Here you can (let your colleagues) check, if your/their Twitter passwords are still secure. 😉

In the 3rd quarter 2012, SWITCH-CERT has helped to clean 1260 malware distributing websites under the .ch and .li top level domains. This is more than twice than in the quarters before.

Visiting a hacked website is the most common reason to get infected with malware. Most often these are legitimate websites that are compromised by cyber criminals. The attackers inject invisible elements, such as iframes of javascript into the website. These invisible elements try to exploit vulnerabilities when a visitor opens the website with his browser. When the exploits succeed, the computer of the visitor is most likely infected with a trojan and becomes part of a botnet. The attackers now have complete remote control over the infected system and can use it to steal confidential data, attack e-banking, send SPAM or launch a Distributed Denial of Service (DDOS) attacks from the “bot client”.

The dramatic rise of compromised websites in Q3 2012 is most likely due to a vulnerability in the popular Plesk server admin software, that allowed attackers to access the websites and enabled them to inject their invisible code. Exploit kits were commercially available on the internet.