Google Analytics is the best free web stsattics software out there. They recently opened registration to anyone, and even the bad guys seem to have noticed:

Everyday we see different things that the miscreants develop to make their job easier. Today I was checking the 288th variant of Opanki. The really interesting thing about this one is that the botnet owner seems concerned over not having an organized way to check the bots, like geographic distribution, for example. But how can he or she accomplish this in an easy way? Yes, Google Analytics!

Google Analytics and Bots [McAfee Avert Labs Blog]

The day of the primary is a bad day to have your website attacked. It had happened before but this time it looks like a DDOS attack:

But the earlier two attacks involved defacements — the hacker altered content on Lieberman’s home page. This time, attackers toppled the Lieberman site with requests, probably by directing an army of hacked computers at the site.

Lieberman lost the primary and now goes on to run as an independent. Might it be time to find a new host?

Lieberman campaign site, e-mail hacked [MSNBC]

July brings fixes for 18 vulnerabilities bundled in 7 patches. July also makes the official end of security support for all Windows 9x products. Let us pause and take a moment of silence for our fallen friends of old…

Now back to our regularly scheduled patch announcement:

• MS06-033 .NET 2.0 Application Folder Information Disclosure Vulnerability - “could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folders explicitly by name.” Yawn.
• MS06-034 Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Lead To Remote Code Execution - - The only people who can exploit this are ones that already can upload ASP files to and IIS server. This basically makes it a privilege escalation attack, even though it uses a buffer overflow to accomplish it. Not to serious, and if you have untrusted people uploading ASP files to your web server, you have bigger problems.
• MS06-035 Vulnerability in Server Service Could Allow Remote Code Execution - This is the grand daddy of the patches, and Microsoft should create a ubber critical category for patches like this. It’s wormable, and makes a good cases for personal firewalls. Get this one out fast.
• MS06-036 Vulnerability in DHCP Client Service Could Allow Remote Code Execution - This one’s pretty critical, too. But the attacker has to be on the subnet as the victim (same switch?).
• MS06-037 Vulnerability in Microsoft Excel Could Allow Remote Code Execution - Open a malicious Excel doc and you are owned. In Office 2000, just visiting a website could do it. Already exploits in the wild.
• MS06-038 Vulnerability in Microsoft Office Could Allow Remote Code Execution - Same as 06-037, except it applies to any office doc and there’s no known exploits yet.
• MS06-039 Vulnerability in Microsoft Office Could Allow Remote Code Execution - Same as 06-038.

Get ‘um done.

Security Bulletin Summary [Microsoft]

Microsoft Patches 18 Security Flaws in Windows, Office [Security Fix]

Six Apart, creaters of the blooging tool Movable Type and the hosting service TypePad, was the victim of a massive DDoS Attack. It seems a Russian spammer trying to take down the Anti-Spam company Blue Security, hit TypePad when they redirected their website there.

Ouch. Thousands of sites went down, details are still emerging. Reminds me of a similar attack written up in CSO last year.

News.com Article

Blue Security Press Release [BusinessWire]

Detailed Profile of a DDoS [CSO]

UPDATE:Â Spammer Speaks [Wired]

The nerds guys over a RSA examine all the players in the Phishing game. Some of them are obvious, the email addresses are bought from email harvesters, and the sites are usually hosted on bots. But interestingly, based on their monitoring of internet chat rooms, they’ve found that harvester and the exploiter of the account info are usually different people:

BigCriminal42: hi everyone, Jolly good evening to you. I'm buying credentials of top UK banks. Anything goes, especially [... here comes a list of banks]

BankBuster007: hello bigcriminal I have good credentials of [... a few of UK's finest financial establishments]. How much you want

It’s interesting to me that the tradecraft has become so developed that people specialize in different aspects of the fraud. Plus, you have to love their usernames.

Phishing Supply Chain: Part 1, Part 2 [RSA Security Blog]

USA Today has a surprisingly in-depth article about the increasing prevence and impact of BotNets. For those people who aren’t convinced they are a real threat to society, they offer this ancedote:

They ran into a problem in January 2005 when a copy of the bot they were using inadvertently found its way onto a vulnerable PC at Seattle’s Northwest Hospital. Once inside the hospital’s network, it swiftly infected 150 of the hospital’s 1,100 PCs and would have compromised many more. But the simultaneous scanning of 150 PCs looking for other machines to infect overwhelmed the local network, according to an account in court records.

Computers in the intensive care unit shut down. Lab tests and administrative tasks were interrupted, forcing the hospital into manual procedures.

Mothers hide you children, the Bot Herders are coming.

USA Today: Malicious-software spreaders get sneakier, more prevalent

Gushing with Terminator 2 imagery, Kelly Martin over at SecurityFocus is advocating attacking botnets.

I think disbanding a botnet is a very good thing to do. They cause so much harm and are used for so many illegal puposes (sic). It’s a little vigilante but very good for the Internet.

A little vigilante? Has he lost it? Does he remember the last time someone tried to “do good” exploiting vulnerabilities?

What would be useful here is a quick response team from law enforcement so that when a botnet is discovered, they could quickly take down. Advocating the exploitation of vulnerabilities to take them down by Internet vigilantes is just irresponsible.

Security Focus: Stop the Bots