by Michael S. Mimoso
CANCUN, Mexico — Kaspersky Labs senior security research Stefan Tanase knows all about the old adage “You never know until you ask.”
Tanase conducted an experiment recently where he emailed the webmasters of 100 websites infected with malware informing them of the problem asking in return only for some data on the infections in the form of log entries. What Tanase got in return was a big fat zero, as in no replies.
Undeterred, Tanase said Wednesday during the Kaspersky Lab Security Analyst Summit 2012, that he emailed another 200 and actually got a 3% reply rate time on his second attempt.
“The assumption I made is that webmasters don’t know their sites are infected,” he said. “The reality is that webmasters don’t care if their sites are infected.”
Tanase said he knows 52% of his emails reached their destination; 48% bounced back to him.
Of the three percent who did reply, one came from a monestary and a priest who asked for help in cleaning up the websites and under what conditions. Another respondent came from an advertising agency that wasn’t interested because the infected site in question was an old site no longer in use. Another, from an industrial equipment supplier, said they didn’t have a dedicated IT person on staff, but offered to send Tanase an administrative username and password and wondered if he could help–a major security fail.
The experiment, however, wasn’t a total bust; 3% may have replied, but upon a second scan, 5% had removed the malware from their sites.
“They may not have replied,” Tanase said, “but they did clean up their site.”
Symantec Retracts Android Malware Claims to Align With Lookout
It's called ad poisoning," said Alan Goode, a UK consultant in infosec and mobile security. "Where we sympathize is that poisoned ad networks are an increasing vector for distributing Trojans." Here's what worries me more. When Symantec asked Google to ...
Conseal Security, Experts in Mobile Data Protection, to Attend Infosecurity ...
iTWire (press release)
At InfoSec this year, Conseal will be announcing a significant new version of its flagship product, which allows administrators unprecedented levels of control over their company's data, even after it has left their hands. Via Stand K76, Conseal will ...
Posted by InfoSec News on Feb 01http://www.theregister.co.uk/2012/02/01/tinkode_nasa_hack_suspect_cuffed/
Posted by InfoSec News on Feb 01http://www.todayszaman.com/news-270207-espionage-gang-made-illegal-recordings-of-staff-at-tubitak.html
Posted by InfoSec News on Feb 01http://www.thesmokinggun.com/documents/stolen-top-secret-documents-346219
Posted by InfoSec News on Feb 01http://www.pcworld.com/businesscenter/article/249140/blackberry_os_achieves_coveted_government_security_clearance.html
Posted by InfoSec News on Feb 01http://www.informationweek.com/news/government/security/232600046