SWITCH Security-Blog

SWITCH-CERT IT-Security Blog

CSIRTs – Sharing to Win

Einbrüche in Datenbanken, gestohlene persönliche Daten, manipulierte Transaktionen im E-Banking, Eingriffe von staatlichen Akteuren in die Kommunikation im Internet und Angriffe auf die Verfügbarkeit von Diensten: Fast täglich wird mittlerweile über diese Sicherheitsvorfälle in den Medien berichtet.

Computer Security Incident Response Teams (CSIRTs) sind mit die Ersten, die auf solche Vorfälle reagieren und versuchen, Gegenmassnahmen zu treffen. Im Forum of Incident Response and Security Teams (FIRST) sind weltweit rund 240 dieser Teams aus der Industrie, von Regierungen und Akademischen Institutionen zusammengeschlossen, das SWITCH-CERT ist eines davon.

Continue reading


IT-Security-Links #4

Reducing malware infections in Switzerland

SWITCH helps reducing malware infections in Switzerland by a factor of four!

Malware is a big issue in Switzerland too. It comes in many flavours, there is malware which tries to get at your bank account, there is malware, that converts your PC in to a spam machine, the list could be extended.

Last we reported how we remedy websites that distribute this malware. But websites are not the only source of malware. Top on the list are also e-Mail attachments, supposedly originating from Lotteries, Postal offices and so on.

Many internet users get infected, worldwide and in Switzerland. So is that it? After an infection, will you be an eternal net-zombi? Not if you live in Switzerland. Thanks to its international network SWITCH-CERT receives a daily dose of reports about infected IP-addresses in Switzerland. By far the largest number come from Team Cymru‘s CSIRT Assistance Programm. But there are other sources, such as MELANI or our own sensors.

Continue reading

1 Comment

More Malware distributing Websites in Q3 2012

 In the 3rd quarter 2012, SWITCH-CERT has helped to clean 1260 malware distributing websites under the .ch and .li top level domains. This is more than twice than in the quarters before.

Visiting a hacked website is the most common reason to get infected with malware. Most often these are legitimate websites that are compromised by cyber criminals. The attackers inject invisible elements, such as iframes of javascript into the website. These invisible elements try to exploit vulnerabilities when a visitor opens the website with his browser. When the exploits succeed, the computer of the visitor is most likely infected with a trojan and becomes part of a botnet. The attackers now have complete remote control over the infected system and can use it to steal confidential data, attack e-banking, send SPAM or launch a Distributed Denial of Service (DDOS) attacks from the “bot client”.

The dramatic rise of compromised websites in Q3 2012 is most likely due to a vulnerability in the popular Plesk server admin software, that allowed attackers to access the websites and enabled them to inject their invisible code. Exploit kits were commercially available on the internet.

Continue reading