Malware distributors, apparently tired of facing the constant threats of disconnection, are taking advantage of lax background checks in the system for distributing IP address blocks and buying them directly. Address blocks, which cover a contiguous range of IP addresses, are typically reserved for legitimate institutions and businesses that can demonstrate a need for that sort of allocation. But, at the top level, there are only five regional registries, most of which cover large and culturally diverse geographic regions. That makes it difficult to confirm whether a given request comes from a legitimate organization, a problem that malware makers are using to their advantage.

These allegations against spammers and other online criminals were made in a recent article on Kaspersky Lab's Threat Post. According to its author, online crime is big enough business that it now makes financial sense for its perpetrators to colocalize hardware at server farms, set up a legitimate looking business address, and apply for blocks of IP addresses via a cooperative or indifferent local registry. When the application is received by the regional organization, it often lacks the ability to carefully vet them, or even understand the local business laws where the request originated.

It's still possible for ISPs to block access to a given allocation, but there are several ways to make that step more difficult, including mixing in some legitimate hosting within an address block and rotating among different allocations, among others. It also relies on the legitimate ISPs expending the time and effort to identify and block traffic. In any case, the practice chews through the increasingly scarce pool of unallocated IPv4 addresses.

The article is a bit confused in spots; it suggests that the malware authors are acting as their own ISPs (they're not) and suggests it's useful for botnet herders (they count on other peoples' computers to do the heavy lifting). But it does provide yet another example of how, since various forms of malware have become big sources of income, the line between that and legitimate business has become increasingly blurry.

What is a "Brief" post?"

Anyone operating a server on any scale should want a digital certificate to encrypt data between clients and services, whether for personal, office, or public use. That's a broad statement, but it holds true no matter how you slice it.

With so many people accessing networks over WiFi or other untrusted networks for an increasing number of different kinds of services—calendars, contacts, Webmail, email, and so on—encryption is a must, whether via a VPN or by securing services one by one. While I recommend VPNs, they aren't always the practical, affordable, or correct solution. For remote email access, SSL/TLS is simpler and more straightforward, and you don't have to compromise on protection in the process.

Symantec has released its December 2009 State of Spam report. Spam volumes averaged at 87.4 percent of all e-mail messages in 2009 and have increased on average by 15 percent since 2007, according to the security company.

Read More: Symantec

Symantec has confirmed a possibly in-the-wild zero-day vulnerability in Adobe Acrobat and Reader. The malicious PDF file is distributed in the form of an e-mail attachment which drops and executes when opened on a fully patched system with either of the Adobe applications installed.

If you use social network application site RockYou, you may want to change your passwords. The site's user database was compromised by a hacker. What's worse is that all of the passwords were stored in a plain-text database. Not good.

Read More: TechCrunch

Kaspersky Lab's Threatpost has a cool Q&A with Gene Spafford from Purdue's CERIAS center. In it, Spaf discusses federal funding for security-related projects, Obama's stance on cyber security, and more. We think it's worth a read, as Spafford is such a well-respected name in the field.

Read More: Q&A: Eugene Spafford, CERIAS

The Center for Disease Control (CDC) issued a statement this week to warn citizens about a recent wave of phishing e-mails that deceptively claim to be from the government organization. The e-mails refer to a state vaccination program and tell recipients that they have to create a personal H1N1 vaccination profile.

No such vaccination program exists. A link in the e-mail directs users to a fraudulent website that attempts to infect their computer with malware. Specifically, the fake H1N1 messages are being used to propagate ZBot (also known as Zeus), a trojan horse that powers one of the most active botnets. The program serves as a spam relay and also surreptitiously collects private data about the user to funnel back to the botnet operator.

The US Department of Justice announced [PDF] today that a California man has pled guilty to trafficking counterfeit computer chips to the US military. Neil Fehaly agreed to cooperate with the government as part of his plea deal, and he faces up to five years in prison for passing off bogus versions of chips from Intel, VIA, STMicro, Analog Devices, and other chipmakers to the Navy. These counterfeits, some of which were outright fakes from China, and others of which were "remarked" versions of cheap chips that had been made to look like more expensive parts, have gone into countless critical military systems since the scam started, possibly endangering the lives of military personnel and civilians.