It is with great pleasure I announce the first-ever Honeynet Project Public Conference, held alongside with the traditional Honeynet Project Annual Workshop. The event will be held on March 21, 2011 in Paris. For those who just want to register now, go here.

Date: 21 March 2011 (Monday)

8:30AM ~ 18:00PM (GMT+1)

Location:

ESIEA Paris, 9 rue Vesale 75005 Paris

(Nearest subway station: Les Gobelins(line #7))

About the event:

The 2011 Project Honeynet Security Workshop brings together experts in the field of information security from around the world to share the latest advances and threats in information security research. Organized by the not-for-profit Honeynet Project and co-sponsored by the ESIEA Engineering School, this full day workshop creates opportunities for networking, collaboration and lessons-learned featuring a rare, outstanding line-up of international security professionals who will present on the latest research tools and findings in the field.

This year’s workshop will be held in Paris, France on 21 March 2011 and is the first time that the workshop has opened a day to the public. Starting at 9:00 GMT+1, the workshop program features a format that includes presentations in five sessions and two bonus hands-on activities. The bonus activities include a technically challenging capture-the-flag (CTF) session and a tough forensics challenge (FC) that will allow attendees to apply their expertise and compete for prizes. If you’re looking to attend a high quality and challenging security workshop, then we encourage you to take advantage of this rare opportunity.

More info here.

Enjoy!

Security experts are tracking a massive drop in the global number of control servers for various ZeuS botnets that are online, suggesting that a coordinated takedown effort may have been executed by law enforcement and/or volunteers from the security research community acting in tandem.

[....]

Update, 4:36 p.m. ET: Sadly, it appears that Troyak — the Internet provider that played host to all these ZeuS-infested networks that got knocked offline yesterday — has since found another upstream provider to once again connect it to the rest of the Internet.

Update, Mar. 11, 5:48 p.m. ET: Zeustracker recently posted this update to its site: Bad news: Since Troyak started their peering with RTCOM-AS, the number of active ZeuS C&C servers has increasted from 149 up to 191. For now, more than 40 ZeuS C&C servers are back online! This means that the cybercriminals are now able to move the stolen data to a safe place or a backup server. Additionally, the cybercriminals are able to update their config files served to the infected clients to set up a fallback server (if Troyak will disappear from the internet again).

via Dozens of ZeuS Botnets Knocked Offline — Krebs on Security.

An updated graph from zeustracker :

The graph shows a sharp recover of   the Zeus activity during the last day. Online Zeus Configs had increased steeply for 149 to 223.

This information tell us  that the criminals are reacting to the Troyak-as take-off by updating their zombies to contact a new C&C. Therefore, the Zeus activity will probably rally again in the next day.

In addition, Koobface worm doubles C&C servers in 48 hours

SAN FRANCISCO (AP) — Authorities have smashed one of the world’s biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs.

The “botnet” of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators.

Spanish investigators, working with private computer-security firms, have arrested the three alleged ringleaders of the so-called Mariposa botnet, which appeared in December 2008 and grew into one of the biggest weapons of cybercrime. More arrests are expected soon in other countries.

Spanish authorities have planned a news conference for Wednesday in Madrid.

[....]

Also, the suspects go against the stereotype of genius programmers often associated with cyber crime. The suspects weren't brilliant hackers but had underworld contacts who helped them build and operate the botnet, Cesar Lorenza, a captain with Spain's Guardia Civil, which is investigating the case, told The Associated Press.

Investigators were examining bank records and seized computers to determine how much money the criminals made.

[....]

via News from The Associated Press.

An Analysis report by DefenceIntelligence  here

The takedown of the Waledac botnet that Microsoft executed this week – known internally as “Operation b49” – was the result of months of investigation and the innovative application of a tried and true legal strategy.

[..]

In a recent analysis, Microsoft found that between December 3-21, 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks and more.

[..]

This action has quickly and effectively cut off traffic to Waledac at the “.com” or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world.

via The Official Microsoft Blog – Cracking Down on Botnets.

Well done.

Port Austin, Mich. based United Shortline Insurance Service Inc., an insurance provider serving the railroad industry, discovered on Feb. 5 that the computer used by their firm’s controller was behaving oddly and would not respond. The company’s computer technician scoured the system with multiple security tools, and found it had been invaded by “ZeuS,” a highly sophisticated banking Trojan that steals passwords and allows criminals to control infected hosts remotely

[...]

“The bank said whoever logged in to make these transfers successfully answered those questions,” he said. “They had some very detailed information. [The thieves] knew our patterns, they knew our passwords, my mother’s middle name, favorite sports team. And this is all information I don’t even have written down anywhere.”

via Hackers Steal $150,000 from Mich. Insurance Firm — Krebs on Security.

via Top 10 botnets and their impact.

Hope to see you there!