Always something new… As these kinds of codes are mainly used on mobile phones (or only used on mobile phones) the malware actually addresses smartphones “only” – in this case Android: Hackers using QR codes to push Android malware . If you use a code such as this (source: ZDnet Article referenced):...

Our Digital Crimes Unit just took down another one: After Rustock and Waladec, now comes Kelihos. This is another great success in fighting criminals. If you want to read more: Microsoft Neutralizes Kelihos Botnet, Names Defendant in Case Roger

A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether...

It is a repeating pattern but not the less disgusting. Whenever bad things happens on the globe, the criminals are not far. This happened during hurricane Katrina, the tsunami in Indonesia, the earthquake in Haiti and now, not surprisingly in Libya as you can read in this blog post by Sophos: Violence...

Reading this article Six New Hacks That Will Make Your CSO Cringe made me think as it has a few fairly interesting approaches: Fake Phone Networks : I am wondering how much work it takes to do it. If the effort is not too high, I am not (yet) too worried about it. But still, for targeted espionage, it...

A fairly interesting thriller on the Internet. It just shows that we need better ways to collaborate between private and public sector and to hunt criminals: How one man tracked down Anonymous—and paid a heavy price Scary… Roger

That’s obvious as people probably tend to want to trust more, the worse their situation is. Nevertheless it is even more disgusting going after the desperate! Cybercrime: A Recession-Proof Growth Industry Roger

I was reading an article today called Does Your ISP Care About Protecting Your Privacy? . An interesting question. The ISPs in the article are even thinking of VPNing all the traffic to avoid the necessity for keeping the logs (or probably better, NATing the whole network). So it seems that the ISPs...

I just read this blog post by ESET laboratories: Inside a phishing attack: 35 credit cards in 5 hours . They analyzed a very poorly designed phishing attack and found that: The first access to the site was on January 20 at 10:01 pm (as seen in picture). The latest registered access was on the same date...

I told you that I will attend the UNODC: Open Ended Expert Group on Cybercrime , which is now slowly coming to an end. Let me draw a few conclusions on the meeting. It was not the first UN meeting I attended and – depending on the audience – the discussion can easily result an long political debates...

That the attacks move up the stack is really nothing new. However, it increases the challenge to secure your environment as you have to take Patch Management all the way. I blogged on that several times already e.g.: Patch Management, a key step towards compliance! Patch Management – Cover the whole...

Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night. BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears I think that this is a real issue and very hard to fight! Roger

With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A discussion I do not want to comment here, as I am not...

This is one of the risks, not a lot of people look into: It is fairly easy for me to setup a Facebook account in another person’s name. This is what happened to Ronald K. Noble, head of Interpol: Interpol Chief Ronald K. Noble Has Facebook Identity Stolen . Roger

I was contacted by somebody who recently mailed with me on LinkedIn (the value of social networks ) and who just started a website called Future Crimes , where they try to anticipate crime. There is quite some interesting content in there, which is definitely worth reading. However, to me it is not...

It hits the press from time to time that somebody was successful taking down a botnet. We had some success as well with the Waledac Botnet Takedown . There is actually a good article on What it takes to shut down a botnet . When I was doing some bing-search on the botnet takedowns, I found good work...

Steve Ballmer was once asked by a journalist whether and why he allows blogging by Microsoft employees, without any approval process. His answer was that he lets Microsoft employees talk to customers without approval process as well (at least that’s the story which was told ). You know that I am a big...

It is an interesting and difficult question. What can we do to really be able to stay on top? Or shall we give up? Well, clearly, I do not think so. I read this article today, which really made me think: Black Hats are Winning, Symantec Says – wow! A fairly clear statement. We lost (at least...

I blogged about the vulnerability which was publically disclosed by a researcher working for Google earlier this month . In the meantime the attacks started to increase. I think that it would be important for you to look at what is going on. There is a good blog post by our malware protection center...