WordPress is an open-source blogging platform and content management system (CMS). Since its inception in 2003, WordPress has become widely used and is very active. It is made up of more than 200,000 lines of code (written mostly in the PHP scripting language) and is used by more than 64 million websites on the Internet. Although WordPress is considered a mature platform, regular updates address serious security vulnerabilities that may be used by an attacker targeting a WordPress site.

The Northeast Collegiate Cyber Defense Competition (NECCDC) is a three-day event designed to give college students the opportunity to handle the challenges of administering and defending a mock corporate network infrastructure. This year, Dell SecureWorks was a sponsor of the event. Winning teams from the NECCDC and other regional qualifying rounds are invited to take part in a national championship.

At the 2013 RSA security conference in San Francisco, Dell SecureWorks Counter Threat Unit™ (CTU) researchers will present some new techniques we have found around sinkholing. We believe these techniques will assist security researchers in their work.

Think back for a moment to 2003. You may recall the tragic Space Shuttle Columbia disaster, the creation of the Department of Homeland Security, or the growing hostilities in Iraq leading to Operation Iraqi Freedom. But there was also a significant event in the history of Internet security that helped to shape the current threat landscape and will continue to have an effect for years to come. I'm referring to the SQL Slammer worm, which first appeared ten years ago today.

Dell SecureWorks' Counter Threat Unit (CTU) has discovered that the hackers behind the Gameover ZeuS banking Trojan (the largest botnet targeting financial institutions) is in the midst of launching several malicious spam campaigns using the Cutwail botnet (the largest spam botnet currently on the underground market) to lure new computer victims in order to steal their banking credentials and credit card numbers.

The Dell SecureWorks Counter Threat Unit™ (CTU) research team has become aware of an ongoing spam campaign abusing various .gov web properties to lure recipients to a home business scam. As part of the campaign, victims receive nonsensical emails with a link to one of several URL shorteners. The attackers use 1.usa.gov short links in many of the emails, though other shortening services and websites have been used in the same way.

The rapid evolution of threats targeting the Android mobile platform continued in 2Q2012. Malicious actors are beginning to use variations of existing attacks, which have historically been successful on traditional computers. Hybrid attacks are emerging that combine traditional computer and mobile threats. While the majority of Android malware is still found in unofficial third-party markets, attackers are increasingly leveraging drive-by downloads, luring victims to malicious sites using in-app advertising links, social networking profile pages, and email-borne campaigns. Similarly, recent malware uses Twitter for command and control (C2) communication. Perhaps most concerning is the high frequency of mobile malware families that use rooting (also known as jailbreaking) privilege escalation exploits. These exploits effectively grant more administrative access to malware than a typical user or device management software has.

Dell SecureWorks Counter Threat Unit (CTU) detects and disrupts Waledac/Kelihos botnet which shares patterns with previous DDoS attacks.

Carrier IQ, Inc. has received more public attention in the past 60 days than it has in the previous five years that the company has existed. The software, Carrier IQ (CIQ), is analytics software designed to improve the end user experience by providing information such as dropped calls, service coverage and software crashes to wireless providers. Recent legal action by Carrier IQ, Inc. met with reactive action by the Electronic Frontier Foundation (EFF) and has caused a recent media frenzy around privacy and disclosure issues surrounding the software.

The Dell SecureWorks Counter Threat Unit team has written a great question and answer threat analysis on the Duqu Trojan. This Trojan has received a great deal of attention because it is similar to the infamous Stuxnet worm of 2010.