After 30 days, many AV vendors cannot detect known attacks

Cyveillance testing finds AV vendors detect on average less than 19% of malware attacks

Even after 30 days, many AV vendors cannot detect known attacks, making it critical for enterprises to take a more proactive approach to online security in order to minimize the potential for infection.

http://www.cyveillance.com/web/news/press_rel/2010/2010-08-04.asp

Chinese Hack 101

Let me introduce three basic terminologies as they are commonly used in various China hacking forums:

肉雞 (Chicken) - It means machine trojaned with malware and backdoor.

網頁掛馬/挂马 (Injected iframe) - it is about injected iframe with malicious code in web page.

免杀 (Prevented to be killed) - It means a software is with anti-debugging technique.

攻击 - Attack

I simply captured a piece of attack service advertisement from a Chinese blog (URL:http://tieba.baidu.com/f?z=650017145&ct=335544320&lm=0&sc=0&rn=30&tn=bai...). You could feel free to translate it via Google translator:

免杀制作,网马挂马 入侵挂马 QQ空间挂马 视频传播木马

-> Anti-debugging, inject malicious iframe, trojans for QQ messenger, spreading trojan via video media.

NetTeller Attacks Increase

We at digitalImpostors have noticed a dramitic increase in the targeting of small to medium business and their mid-sozed banks trough the security defects in a popular banking applicaiton, NetTeller. Some of us who have worked forensics cases see the same security holes being attacked for over 10 month period.
We will soon be putting out a white paper on the specific details as soon as we feel law enforcement has made some headway into these attakcs.
One thing we can say, this is from your typical Wetern European countries. There is some evidence which points to the same criminal organizations which were involved in some large compromises, for which a certain Floridian snitch is currently being held.

More to come.