Scary Data – Trends in Malware, Phishing, Site Cleaning and Bad Networks

Almost Half a Million Malware Sites

The number of Malware sites continues to grow, hitting a new peak of 489,801 in October of 2015. That is up over 160% from the same time the previous year. As we have discussed before, a website that is infected with malware can install malicious software on your computer if you visit it. Attackers use the software to steal sensitive information from you such as credit card information and social security numbers.

As an internet user, the growth in malware sites means that the odds of you accidentally visiting one and becoming infected continue to increase. Google and the other search engines do a decent job of flagging them, but they can’t catch all of them in time to provide complete protection.

As a website owner, it means that attackers are having more success than ever compromising websites. It goes without saying that we think you should take website security seriously.

150% Growth in Phishing Sites in 7 Months

According to Google there are now 293,747 phishing sites on the internet, up from 113,132 in July of last year. This represents growth of over 150% in a mere seven months. A phishing site attempts to trick you into thinking it is legitimate, like your online bank or an online retailer. They then lure you into providing login credentials or other sensitive information. In the Introduction to WordPress Security article in our Learning Center we talk about how attackers are even using phishing tactics to steal WordPress credentials.

It’s taking webmasters up to 90 days to respond

Google measures how long it takes for webmasters to take action after they have received notice that their site has been compromised. Over the last year, the fastest average webmaster response time reported was 61 days, and for much of the year it was 90 or worse.

Which neighborhoods to avoid on the internet

Google provides very interesting data about the rate of infection for differentAutonomous Systems on the internet. An Autonomous System is a network level designation that represents a pool of IP addresses that are under the control of one or more networks on behalf of a single entity. You can think of it roughly as the group of IP addresses that have been assigned to an ISP. The data is very interesting, and aligns with what we learned in the analysis of brute force attacks we did a few weeks ago.

The thing that jumps out the most to us is the incredibly high penetration of infection on some Autonomous Systems. With infection rates as high 49%, there are areas of the internet that we would strongly encourage you to avoid. If you want to check out what Autonomous System your IP address belongs to, simply enter it into this handy tool. The good news is that the large majority of Autonomous Systems have infection rates of 1% or lower. We hope that Google’s reporting will serve as a call to action for the networks with the biggest problems.

More information about this: https://www.wordfence.com/blog/2016/02/trends-malware-phishing/?utm_source=list&utm_medium=email&utm_campaign=trendsmal1

Free Ecommerce/Web Dev Security Training

ecommerce secuirty course
ecommerce secuirty course

This training program is conducted in partnership with Isaac Sabas and Jonathan Mantua of Pandora Security Labs. (offers advance IT security training and provider of WebRanger – an online security monitoring and attack blocking service)

Training objectives:

  • Learn about web application security threats and how to mitigate them.
  • Learn and apply secure programming best practices.
  • Learn and perform web application testing.

Target audience:

  1. Entrepreneurs who would like to under how e-commerce security works and become tech-savvy when dealing with web developers and Internet security specialists.
  2. E-Commerce developers who would like to level-up their capabilities by building and maintaining secure websites.

More Details: http://ecommercebootcamp.digitalfilipino.com/course/e-commerce-security-course/

PHNOG Conference 2016

PHNOG

The Department of Science and Technology – Advanced Science and Technology Institute (DOST-ASTI), in partnership with the Philippine Network Operators’ Group (PhNOG), and Trans-Eurasia Information Network (TEIN) Network Cooperation Center (TEIN*CC) will be conducting a one (1)-day Conference with the theme ‘”All over IP’ (AoIP) – touching the different facets of Internet, entwined to our daily lives” on 25 January 2016 at the Marriott Grand Ballroom, Marriott Hotel Manila, Pasay City, Metro Manila.

 

1100 Big Data Analytics Applied in Network Operations Wilson Chua/Bitstop
1130 IXP Next steps (advantages and disadvantages) Daishi Shima/BBIX
1200 Lunch break  
130 Management and Sustainability of the IXP – taking it to the next level – Global Examples / DNSSEC Jane Coffin/ISOC, Kevin Meynell/ISOC
200 Internet enabled businesses (challenges/milestones) Rhett Jones/Rise
230 CDNs and Internet traffic Analystics Kam-Sze Yeung/Akamai
300 Role of a Peering Manager Jake Chin/Google
330 Break time  
400 Network Security Mon Nunez
430 Internet BCPs Amante Alvaran/Brocade
500 Evolution of the Network Engineer Job Role Ceejay Dideles
530 IOT Benjie Tan
600 Closing  

 

Said activity aims to gather participants from the R&D and IT/ICT communities together with the current PhNOG members to discuss the opportunities that can be derived from joining and using the TEIN Network. TEIN is a high speed international research network which provides access to researchers and research institutions within participating countries in Asia and Europe. Through TEIN, international joint research projects pertaining to climate change, remote medical service, remote cultural performances, agriculture, and information technology have been conducted. Local and foreign experts will also share their knowledge and experiences that will enable the continuous development of the Philippine Internet.

On the other hand, Philippines Network Operators Group (PHNOG) is a nonprofit organization established to promote coordination among Network Operators in Philippines. Focus is given to knowledge development of all members as well as the Philippines IT community as a whole through discussions on technical issues/concerns regarding the Internet and network management.

In line with this, we would like to invite you as one of the participants in this one (1)-day activity. Registration for this activity is free. Please take note that the activity only offers limited slots, which will be granted on a first come, first served basis. Deadline for registration is on 15 January 2016. To reserve your seat, kindly register at this link: https://www.apan41manila.com/events/register/xphilippine-network-operators-group-conferenc

Should you have any clarifications, please feel free to contact Mitz Ann N. Montañez at mitz@asti.dost.gov.ph or Marie Antoinette F. Bangabang at meiann@asti.dost.gov.ph. You may also call +63 2 4269760 loc. 1603 / loc.1408.

BNSHosting Needs YOU

If you are looking for a challenging and rewarding career in data center operations in Dagupan City, Philippines, look no further! We are in need of *nix system administrators and LAMP interns (Linux, Apache, Mysql, PHP) that are willing to learn and be trained.

We have a great track record of training and developing our team members into extremely proficient data center engineers. Most of our ex staffers are now in teaching professions or in Data centers here and abroad.

Here is your chance to join a great team! Apply now. Email us at team[at]bnshosting.net

Get International funding for your Web Projects

Lets say you have a great business idea and would like to see it through. You have assembled your team and would like to go out to the world – blazing with your game changing projects. You only have one little problem- funding. You need money.  Where do you get it?

After attending the garag3.com sponsored event in Singapore, here are some ideas I was able to learn and share with you here:

Getting Donations:

http://www.kickstarter.com/

Kickstarter lists projects from the creative arts—Art, Dance, Film, Music, Photography, Publishing, and Theater—as well as projects from the diverse and creative fields of Food, Design, Fashion, Technology, Games, comics and jouranlism. People then choose which projects they would like to fund. It could be yours.

One sample success story is from the Moonchild project. Sara Chong and Chen Yanyun, was in dire need of donations in order to finally finish their animated film – “Moonchild”  They aimed for only 2000 USD in 60 days, but already got more than 4000 USD in 6 days!

Getting Equity Investors:

http://www.profounder.com/
ProFounder was created to ensure all entrepreneurs have access to the resources they need through the engagement of robust, supportive communities. Traditional funding sources can be expensive, difficult to access, or not a great fit for many small enterprises. Instead, we believe that communities can be the best source for the energy, encouragement, tools and capital small business entrepreneurs need to succeed.

Getting Loans:
http://www.kiva.org/

Kiva’s mission is to connect people, through lending, for the sake of alleviating poverty. Kiva empowers individuals to lend to an entrepreneur across the globe. By combining microfinance with the internet, Kiva is creating a global community of people connected through lending

I am sure that the Philippine government has counterpart funding scheme of some sort similar to Singapore’s Spring, MDA and IDA programs, but I am not aware of any at this point. If you have information about this, kindly share it with us here.

Farmout is in Need of C++ Web Developers!

Calling the attention of all web developers out there!

Farmout urgently needs 10 C++ Web Developers. If you are interested, you may email team@bnshosting.net for your resume. Or call (075)523-3538 for more information.

For the minimum requirements:

1. Male or female, age 18-40
2. IT background (programmer, developer in C++)
3. Willing to undergo drug check and background check
4. Willing to work any shifts in Dagupan

You may also visit Farmout Training Center located at 2F Eastgate Plaza, A.B Fernandez East, Dagupan City.

WEBSITE DESIGN PROJECT: Invitation to apply for eligibility and to BID

Re-design of the Client Website

The main goal of the project is to transform the client’s existing website to a professional, interactive and dynamic website which is rich in content, creates high visual impact, and is user-centric.

Objectives

  • To establish a visually appealing and easy to navigate website.
  • To serve as an efficient means of disseminating information to the general public.

The  winning  bidder  shall  be  required  to create and present at least three (3) design concepts and at most 6 for the website. Each design concept should   include   an   “Introductory   Page   and   Home   Page”   along   with corresponding “Secondary Page” designs. The Management Team shall decide on and sign-off the winning design.

For more information, you can email team[at]bnshosting.net.

DNS Cache Problems

BNSHosting has recently coordinated with several larger ISPs and Telcos in the Philippines to correct some possible DNS spoofing issues. The symptoms are that the targetted website is not being resolved properly by other ISP’s DNS.

This article from US CERT on DNS vulnerability (http://www.kb.cert.org/vuls/id/800113) may shed some light. Some excerpts are reproduced below:

Caching DNS resolvers are primarily at risk–both those that are open (a DNS resolver is open if it provides recursive name resolution for clients outside of its administrative domain), and those that are not. These caching resolvers are the most common target for attackers; however, stub resolvers are also at risk.

An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver’s clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker’s control