There is definitely proof that during war times, armies add a virtual component to the “real life” war.

Additionally we have seen the attacks to Estonia, where nobody really knew where they originated from (I do not mean the country but whether a government was behind them of just a group of hackers).

Now, we see attacks on Kyrgyzstan – a country completely knocked off the Internet and this is scary! Think about the country you are living in: What would happen if you would be taken offline for a day – what would be the economical impact?

I quote from the article below:

Beyond the immediate effect on Kyrgyzstan, what's worrisome to Jackson is the speed with which this attack was mounted. "To put some perspective on this, it's been an escalating pattern from Estonia to Georgia to here," he said, referring to the 2007 and 2008 attacks against other former Soviet republics. "The attacks are more closely coinciding with events that are core to the Russian interest, with increasingly fast response and quick mobilization.

"When it once took days or weeks, now we're seeing it within hours," Jackson said.

Russian 'cybermilitia' knocks Kyrgyzstan offline

Cyberterrorism is definitely something we have to have a look at in the near future!

Roger

In early December I blogged about the Privacy Video Competition of the Data Protection Day.

Today is the day: The winners just were announced. If you want to look at the videos (they are actually pretty cool):

• Watch all entries: http://eskills.eun.org/web/dprotection/gallery
• Watch all shortlisted entries: http://www.dataprotectionday.eu/jury/
• Watch the winning entries:
  • Little Betsy – Bulgaria
  • ID – Romania
  • Great robbery – Portugal
  • Unprotected data – Greece/Lithuania

Congratulations to all the winners and a big “thank you” to all the participants. They all would deserve to win!

Roger

Well, it is not really a follow up of my last post but goes into the same direction:

A few years ago (I was still working in Switzerland) we ran an event where consumer could bring us their PC and we checked it for viruses and cleaned it where necessary. When we found a heavily infected machine, we often heard statements like “my kid is using peer-to-peer networks, is it possible that it comes from there"?” It was really interesting as it was always “my kid” never “I” . But additionally we learned that peer-to-peer network were already a very important infection vector for consumer PCs. A challenge is that there is often illegal software and movies on there and this content is downloaded from completely untrusted sources.

If you look at the End to End Trust framework we published, this will be addressed by the trusted stack.

However, this is not the real reason for the post. I got a summary of a Chinese bulletin about infected sites with the statement in there:

A [Company] security expert said that presently, ticket sales and movie download sites are the primary targets of hackers to install malicious software and that they contained over 80% of all trojans.

So, be careful what you do if you use peer to peer networks…

Roger

Since I enabled Live chatting on my blog I got several questions about Conficker already, which I am happy to answer. However, Ziv from our Malware Protection Center now published an excellent blog post summarizing all the information about Conficker – how you can get infected, what you can do to protect and finally what you can do to clean:

Centralized Information About The Conficker Worm

Roger

You might have seen the advisory of the US-CERT titled Microsoft Windows Does Not Disable AutoRun Properly – if not, you will definitely have seen one of the articles covering this issue and telling you that our advice on how to prevent Conficker is flawed.

This statement is not quite true the way it came out initially and US-CERT in the meantime already adjusted their advisory:

Our advice in http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/91525.mspx?mfr=true works if you apply http://support.microsoft.com/kb/953252

US-CERT already updated their advisory:

Update:

Microsoft has provided support document KB953252, which describes how to correct the problem of NoDriveTypeAutoRun registry value enforcement. After the update is installed, Windows will obey the NoDriveTypeAutorun registry value. Note that this fix has been released via Microsoft Update to Windows Vista and Server 2008 systems as part of the MS08-038 Security Bulletin. Windows 2000, XP, and Server 2003 users must install the update manually. Our testing has shown that installing this update and setting the NoDriveTypeAutoRun registry value to 0xFF will disable AutoRun as well as the workaround described above.