Interesting papers and DISOG JoeJob

Over the last few days I've had the pleasure of reading two very well prepared papers on Botnets. One has been published, by the guys who created BotHunter: http://www.cyber-ta.org/pubs/StormWorm/. Many thanks to the authors for the nod to our blogs page.

The other has not been published publicly, but I hope it will be soon. Keep an eye on Arbors Atlas page over the next couple days. I will update the link when the paper goes public.

In other news, DISOG has been the victim (so to speak) of a JoeJob. Several people have reported emails containing possible malicious links coming from random names @ disog.org. Please forward these emails to us at security at disog dot org if you receive them. Do not follow any links contained in email.

DISOG does not offer any software solutions for mitigation of botnets, viruses or spam. We will not offer to increase your penis size and we have no stock to sell you.

You can validate the authenticity of any DISOG email by:

• Verifying the digital signature - All DISOG emails are digitally signed with keys which can be validated through any one of the public key servers. For example, all email from me will bare my digital signature key: 0xDEA20B88 with the finger print of: 7B1D BF8B 0C0F DC6E B76F 536A CA6B D5A3 DEA2 0B88.
  

• Verifying message mime type - DISOG Staff always send plain text emails and never send non-text attachments without making prior arrangements.
  

If the email does not meet both of these conditions, it is not authentic.

We have an idea who is behind the current JoeJob campaign, however I wouldn't expect it to stop anytime soon.