Community news and analysis: January 2015

Posted on February 6, 2015 - 13:44 by ccondon

General security news

Google looks back on how its security rewards programs did in 2014 and details a new vulnerability research grant it will offer in 2015. (Google Online Security Blog Jan 31)

Mozilla on referers [sic]: “This HTTP header has become quite problematic and not very useful...What’s needed is a better way for referring sites to reduce the amount of data transmitted and thus providing a more uniform referrer that’s less privacy invasive.” Firefox 36 Beta supports a “meta referrer” feature that gives sites tighter control over their referrers. (Mozilla Security Jan. 21)

Mozilla is also progressing in its project to phase out certificates with 1024-bit RSA keys. See the post for a list of affected root certificates. (Mozilla Security Jan. 28)

A WordPress security Q&A with VaultPress Vaultkeeper and lead developer Mark George (Automattic Jan. 30)


Qualys, SiteLock, and Sophos on what you need to know about the much-mentioned GHOST vulnerability in the Linux glibc library. Patches were available as of Jan. 27, 2015.

Qualys (Jan. 21 and Feb. 2) and Sophos (Jan. 23 and Jan. 24) have also offered excellent coverage of multiple recent Adobe zero-day vulnerabilities.

Webmaster warnings from Sucuri: Security vulnerabilities in Pagelines and Platform themes for WordPress (Jan. 21), remote code execution vulnerability in vBSEO (Jan. 13), and a fake “mobile-shortcuts” WordPress plugin that injects SEO spam into websites. (Jan. 30)


CTB-Locker: New campaigns spread malware that demands Bitcoin ransoms from victims; Poland, the Czech Republic, and Mexico have the highest infection rates. (ESET Jan. 21)

Apparently, it’s such an ordeal for Belarusians wanting Polish visas to get an appointment at the Consulate of Poland that someone created a botnet with the express purpose of filling out forms to secure an appointment slot. Yes, really. (ESET Jan. 29)

5 ways to protect your website from malware (SiteLock Jan. 20)

Fortinet malware analysis: Cracked version of an old Andromeda botnet malware variant spreads Bitcoin miner (Jan. 7), analysis of recent VBA macros (Jan. 6)

After a multinational takedown operation in December 2013, the ZeroAccess click fraud botnet has reappeared. At the end of January 2015, around 50K computers were compromised by the resurgent botnet, although researchers noted it doesn’t appear to be growing. (Sophos Jan. 31)

A mid-January malvertising campaign abused AdSense to redirect users to fake health websites. (Sucuri Jan. 14)


New StopBadware Partners: Area 1 Security + DomainTools

Posted on February 5, 2015 - 16:49 by ccondon

Readers of our newsletter probably noticed that we snuck two new partner logos onto the sidebar of yesterday's update. StopBadware recently welcomed two new partners: Area 1 Security, a SF Bay area startup, and DomainTools, a Seattle-based DNS research and monitoring company we've been working with informally for the past few months. 

Representatives from both companies will participate in StopBadware's Partners Forum conversations. As part of our partnership agreement with DomainTools, we'll be working with them to explore ways to augment the data in StopBadware's Data Sharing Program

We already see a host of opportunities to pursue joint research interests with both companies, and we welcome the new perspectives they bring to our already-impressive partner group. We're excited to work with them on improving security outcomes for industry, businesses, and consumers. Stay tuned!