Best after-Christmas sales: 7 deals worthy of your gift cards

With Christmas upon us—and New Year’s Day a week away—the holiday sale madness is drawing to a close. But don’t despair, because we scoured the web to find deals that are still worth your time (and any gift cards you might have received).

Our initial search turned up everything from antivirus suites to all-in-one PC, but there could still be more to come. We’ll update the listing if we spot any outstanding deals in the next few days. Be sure to check out our upcoming coverage on Amazon Digital Day on the 29th, too.

McAfee: McAfee Total Protection

Price: $30
MSRP: $100

mcafeelogo McAfee

McAfee has the latest version of its premium consumer security suite, McAfee Total Protection, on sale for $30. That’s the same price we saw during Cyber Monday.

To read this article in full, please click here

14 predictions for the future of media

henry blodget ignition 2017

The media landscape is almost shifting more quickly than consumers can keep up.

But certain trends have emerged that will carry the media industry into the future.

For the past eight years, IGNITION, Business Insider’s flagship conference, has collected the best minds in media and technology to share what they see as the future. Through unscripted interviews, cutting-edge demos, and insights from industry pioneers, attendees learn what key trends to be aware of and what they need to do to stay ahead.

Henry Blodget opened the latest sold-out IGNITION conference with a presentation entitled 14 Things You’ll Want to Know About The Future of Media. And he should know…Blodget is co-founder, CEO, and editor-in-chief of Business Insider, one of the most-read business and tech news sites in the world with more than 80 million visitors a month worldwide.

The presentation was put together with the help of the team at BI Intelligence, Business Insider’s premium research service.

Here are some of the key takeaways:

  • We’re nearing “peak media” in the U.S.
  • This phenomenon will spread to the rest of the world as four billion more people come online
  • Digital ad spending is still growing
  • Video is not the be-all, end-all of media
  • And much more

To get your copy of this FREE slide deck, simply click here.

Join the conversation about this story »

The seven most colossal data breaches of 2017

By Logan Strain

If it seems like the words “leak,” “compromised data,” and “breach” are constantly in the news, it’s not just you. The frequency of major data breaches is increasing. According to the Identity Theft Resource Center, the number of breaches is expected to top 1,500 in 2017. That’s a 37 percent annual increase over 2016, which itself was a record year for exposed personal data.

But while most data breaches are small and contained, this year saw a handful of spectacularly bad security fails. Here are the most massive sets of compromised data and data breaches of 2017.

1. Equifax

Let’s start with the Mother of All Breaches.

Equifax, one of the four major credit reporting agencies, revealed in September that cybercriminals had penetrated their network. The breach exposed the data of 143 million Americans—basically, every single adult in the country. Exposed information included names, social security numbers, birthdates, addresses and, in some instances, driver’s license numbers.

It gets worse. Credit card numbers for about 209,000 consumers and documents related to credit reporting disputes for 182,000 people were also exposed.

In response, Equifax offered a suite of identity theft protection services to all Americans, regardless of whether they were impacted or not. The services, which include up to $1 million in ID theft insurance and social security number monitoring, are free for anyone who signs up by January 31, 2018. (Though we doubt the efficacy of these identity theft protection services and don’t recommend people purchase them.)

2. Uber

This data breach actually occurred in 2016. But due to general shadiness on Uber’s part, we didn’t learn about it until November of this year. Compromised data included the names, email addresses, and phone numbers of 50 million Uber customers. The personal data of about 7 million drivers were also exposed, including around 600,000 driver’s license numbers.

Hackers pulled off the data heist by first getting access to a private GitHub site used by Uber engineers. From there, they learned Uber’s Amazon Web Services login credentials and accessed the personal data. The hackers then used the data to blackmail Uber. In an attempt to keep the incident under wraps, Uber executives paid the hackers $100,000 to delete the data and keep quiet.

The incident only came to light after new Uber CEO Dara Khosrowshahi discovered it and reported the incident to regulatory authorities.

In a blog post, Khosrowshahi said that “None of this should have happened, and I will not make excuses for it.”

3. Edmodo

Adults aren’t the only ones getting their info compromised. In May, Motherboard reported that social learning platform Edmodo was hacked. The service, which is used by educators and students, has around 78 million users—and a hacker named “nclay” claimed that he acquired the account data of 77 million of them.

The data was put up for sale on the Dark Web, but apparently, accounts for a site that is primarily used to assign homework and create lesson plans aren’t particularly valuable. The hacker priced the entire database of data at just over $1,000.

4. Verizon

Did you call Verizon customer service in the first six months of 2017? Then it’s possible your data was inadvertently exposed.

ZDnet reported that Nice Systems, an Israel-based company, failed to secure an Amazon S3 storage server that contained records for 14 million Verizon customers. The compromised records include customer names, cell phone numbers, and account PINs.

Fortunately, Verizon was able to protect the data before anyone else could access it. In a statement to CNBC, a Verizon spokesperson said, “We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information.”

5. Deep Root Analytics

The data analytics firm Deep Root Analytics, which was contracted by the Republican National Committee, revealed that they the exposed data of 198 million citizens. That means almost two out every three Americans were impacted. Exposed information includes names, birthdates, phone numbers, and, most troubling, voter registration details.

The breach was discovered by security researcher Chris Vickery on June 12. His analysis revealed that the firm’s database was stored on an Amazon cloud server without password protection for about two weeks. Anyone had the ability to download the 1.1 terabytes worth of data.

6. Sonic Drive-In

Millions of customers who only wanted to order a cheeseburger and a shake may have inadvertently gave their credit card info to identity thieves.

The fast-food chain Sonic Drive-In acknowledged that an unknown number of restaurant payment systems were compromised and customer credit card information was breached. Security researcher Brian Krebs revealed that stolen credit card numbers made their way to underground markets where cybercriminals buy and sell sensitive financial data.

7. All WiFi devices

In 2017 we also discovered that essentially all data transmitted over WiFi networks is vulnerable. Computer scientist Mathy Vanhoef announced that a vulnerability in WPA2 encryption protocol made WiFi networks accessible without login credentials. Hackers are able to access WiFi data through a key reinstallation attack, or KRACK. It’s unknown if any data was actually stolen using this method, but the vulnerability has existed since the beginning of WiFi.

Fortunately, tech companies started releasing patches shortly after the problem was discovered. Earlier this month Apple fixed the security hole for all iPhones. And several routers manufacturers have released updated firmware that protects against KRACK attacks.

The growing number (and size) of data breaches indicates that threats are outpacing security measures taken by organizations. Until companies can improve their security posture, the responsibility for keeping data breaches from doing serious damage will fall on individuals.

Guest post by Logan Strain, author for Crimewire
Father, writer, and reformed Usenet troll. Lives in San Diego. Doesn’t surf, but should learn.
Follow Logan on Twitter @LM_Strain

The post The seven most colossal data breaches of 2017 appeared first on Malwarebytes Labs.

HP Spectre x360 13t (late 2017) review: An 8th-gen CPU leads a raft of upgrades

HP’s Spectre x360 proves that HP doesn’t like to sit still. While some companies show up to the dance in the same outfit over and over again (looking at you, MacBook Air 13 and Dell XPS 13), HP has revamped its premium 2-in-1 over and over again—no fewer than three times in the last two years, in fact.

In this latest and third version of the Spectre x360 13t, HP didn’t just jam in an 8th-gen quad-core Core i7 and call it an upgrade. It’s also given the entire laptop a significant refresh—one that addresses almost every quibble we’ve had with prior versions. This should give the MacBook Air 13 and the Dell XPS 13 yet another reason to worry.

To read this article in full, please click here

Facebook phishers want you to “Connect with Facebook”

As we edge toward Christmas, scammers are throwing their own party—in the form of Facebook phishing pages linked to and from bogus landing pages hosted on sites(dot)google(dot)com URLs.

These landing pages, adorned with very large and very fake “Login with Facebook” buttons, may be extra convincing to the unwary, due to a combination of the trusted Google name and the fact that the sites are HTTPS rather than standard HTTP.

HTTPS is becoming increasingly popular with scammers as it adds an extra air of authenticity to the whole operation. As a result, you can’t just assume a “secure” site is also a safe one. There could well be a phisher lurking in the distance.

The landing pages are all themed around loss of Facebook access, with potential victims most likely directed there by phishing emails. (We haven’t seen any associated with this particular campaign, but given the messaging on the sites and the typical methods used to steer someone to them, it seems a reasonable bet to make.)

The bulk of the fakeouts look like either of the two examples below, with zero additional content on the page except for a big blue box asking you to “Login to Facebook” to “comfirmation your account!!!” [sic]

facebook phish landing page

Click to Enlarge


another phish landing page

Click to Enlarge

…”Connect with Facebook.”

There’s a few other designs out there, but they’re nowhere near as common as the two above. Here’s one of the alt-designs:

Fake Facebook warning page

Click to Enlarge

The word salad on the fake Facebook security page reads as follows:

Dear Facebook users

Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Please confirm your account with accurate data to avoid blocking. Note: if you do not verify your account permanently disabled automatically. Thanks, the Facebook team

Regardless of which landing page you kickstart the process from, the end result is the same—you’ll be directed to a number of secondary websites hosting the pages where user data will be phished. First, scammers will ask for login details:

fake lock landing pageClick to Enlarge

After that, they go straight for security questions:

fake lock

Click to Enlarge


The text on the page reads as follows:

We will temporarily lock your account. Please answer a few security questions to ensure that the actual owner of your account. We will provide 1X24 hours, to verify the identity of your account. If you do not confirm, the system will automatically shut down your Facebook account permanently.

This information will help us to restore your Facebook account

Upon hitting the “Protect your account” button, victims will be sent to the legit Facebook login page, another common trick to make the victim think all is well—right up to the point the login mysteriously alters and they lose access. We’ve seen Facebook scams a lot less complicated than this also ask for payment information, so we’re a little surprised that none of the sites across both sets of websites— the landing pages, and the sites playing host to data collection—do this.

We’re certainly not complaining, mind.

At time of writing, many of the secondary sites appear to have been taken down, though there’s still a fair few landing pages still up and running. As such, it would be easy for the scammers to set up new phish pages and point the landing URLs to them instead.

URLs you should avoid:

(leads to) help-unblocking-fb(dot)site/contact/2017/index(dot)php

We’re working on having the last of these sites taken offline, but please be careful around any websites claiming they’ll confirm, review, or connect your Facebook account, especially in relation to supposed security alerts or “bad behaviour” on your part. If in doubt, visit the official Facebook site directly and take things from there. There’s a good chance it’s just someone trying to ruin your festive fun, and that definitely doesn’t fall under the season for giving.

The post Facebook phishers want you to “Connect with Facebook” appeared first on Malwarebytes Labs.

How to make thousands in travel credit — and even get an upgrade — from getting bumped off a flight

Gilbert Ott

  • If you’re not in a major rush, getting bumped off a flight can work to your advantage.
  • There are a few ‘best practices’ to keep in mind which make you the ideal volunteer for catching the next flight, according to God Save the Points blogger Gilbert Ott.
  • Getting bumped off a flight can earn you thousands in travel credit.

Sometimes, like over the Christmas holidays, your flight taking off and landing on time can be the determining factor in whether you make it to important events.

However, when you’re about to embark on a holiday or are on your return journey with little to look forward to, you might have a more easygoing attitude towards arriving a bit late — and accepting money, travel credit, and a flight upgrade can seem like a pretty good deal in return for taking a later flight.

According to Gilbert Ott of God Save the Points, blogger and expert at finding cheap flights and scoring first class trips using air miles, taking advantage of an overbooked flight can be “far more lucrative than any loyalty program on earth” and can earn you thousands a year in travel credit “just for being ‘cool’ about flexibility.”

In a blog post on God Save the Points, Ott said there are a few “best practices” to keep in mind which should “put you first in line to catch the next flight, in the likely event that yours is oversold.”

Be smart with your flight date and time

“Step one is focusing on routes and flights where important business travel is a major factor,” Ott writes. “Weekends are for leisure travelers, it’s the weekdays where you’ll find the least flexible travelers, when airlines need to accommodate them the most.

He added: “Holidays are good too. Pick early morning flights, or second to last, last flight of the day situations where people have the greatest need.”

Make use of apps

The same trick that can get you an entire row to yourself on a flight can also be useful when predicting an overbooked flight.

The ExpertFlyer app allows you to check the inventory (seats left) for “virtually any flight” for $9.99 a month, according to Ott.

“This means you can see precisely how many seats are left on your flight, the next flight and every other flight,” he said. “They also show upgrade options too. For someone really looking to cash in, this $9.99 can net $1000s in bump vouchers, helping to find the most prone flights. This is especially true if you study flights for a couple weeks, seeing which ones typically always sell out each week.”

Travel with just a carry-on…

suitcase bag travel woman traveler airport luggage

“For optimal probability of being the lucky ‘we need a volunteer’ person, being without bags is a deal breaker,” Ott said. “It’s both time consuming and hard to offload a passenger with luggage, whereas someone with carry on only is an easy breeze. Whenever possible, travel without bags if you want the bump. And get a good carry on to make this feat easier.”

…And travel alone when you can

“Now – this isn’t to say groups don’t get bumped. But often only one or two volunteers are needed,” Ott said, “Being solo on a reservation instantly prioritizes you over most of the pack of would be ‘bumpertunists.’ It’s been said that being last to check in can help the chances, but don’t go overboard here.”

Ask to get on “the list”

“Many airlines run a list of potential volunteers, should someone need to be bumped. Save the negotiations for game time, but be sure to get on the list – and get in early,” Ott said. “Don’t be afraid to ask at check-in if ‘any volunteers may be needed’ and if the reply is ‘yes,’ be sure to volunteer your services.”

Know your value

If you’ve got places to go, getting bumped has to be worth your while, but if you’re not in a rush, you might be willing to accept a little less.

According to Ott, the minimum voucher amount is generally in the $300-$400 range, “but it’s not at all uncommon for vouchers to exceed $1,000, even for shorter flights.”

“You still get a ride on the next available flight, but you’ll score significant credit towards future flights,” he said. “One family successfully scored $11,000 in credit – and still made it to their destination on time.

“Turning a $150 ticket into $11,000 of travel, easily enough for multiple business class tickets, virtually anywhere in the world is hard to argue with.”

And, often you’ll be put on the next flight, so you won’t even have long to wait.

“Sometimes they’ll even throw in an upgrade, just for being an all around agreeable and easy human being,” Ott said. “You don’t know joy until you get a big fat voucher, and still make it to your destination within hours of the original time!”

There are no guarantees — but it does happen

Still, Ott stresses that there are no guarantees when working the overbooked-flight system.

“Even the best practices may fail, so it’s really not worth over paying (at least not any significant amount), just to attempt the bump,” he writes.

However, he added: “This really is a thing. Airlines oversell flights for a variety of reasons, entirely in their control.

“If you have flexibility and a desire to earn free travel — there’s nothing wrong with playing the game. Free vacations are the best vacations, especially when the Champagne arrives – and you’re laying flat in a business or first class bed!”

SEE ALSO: This trick can get you an entire row to yourself on an economy flight — for no extra cost

Join the conversation about this story »

NOW WATCH: This one room in Atlanta acts as a mission control for all of Delta’s planes

There’s a hole in my bucket: Bitcoin scams aim to exploit volatile market

Bitcoin! Black gold! Texas tea!

Only one of these is currently worth ridiculous amounts of money (and technically numbers two and three are the same thing). Whether you’re in possession of lots of Bitcoins, or in full bandwagon panic “must buy 20 graphics cards before the bubble bursts” mode, you should be aware that lots of awful people want in on your precious haul. Indeed, the past week or so has seen an explosion of Bitcoin-centric scams, fakeouts, and all-around bad behaviour as scammers look to cash in at your expense.

The huge value of Bitcoin, plus the launch of Bitcoin futures, has attracted so many scammers that it’s difficult to keep up, whether it’s fake endorsements from well-known traders or plain-old RATs targeting would-be investors. Fake news, malware, bogus wallets, and even Bitcoin laundering via self-made music loaded onto the iTunes store—everyone seems to have gone a little Bitcoin crazy.

Bitcoin is here to stay—but what is it?

Bitcoin is a digital currency created by someone claiming to be Satoshi Nakamoto (which may well be an alias), and it’s all about digital wallets, mining, and hoping someone doesn’t steal millions overnight. It’s even being used as a volatile talking point related to ads, scripts, and blocking—from random websites to free wi-fi services, everyone is getting in on the action.

In this chaotic mess of bubbles, adverts, scams, and mistaken identities, the price of Bitcoin has gone through the roof. The reasons for which are multifaceted and also involve people endlessly talking about it. It may well be something off in the distance for many people, or some weird Internet thing you keep hearing people mention in horribly confusing terms, but make no mistake, it’s becoming mainstream. In fact, Bitcoin is rising so suddenly that people are taking out mortgages so they can get in on the Bitcoin action .(Tip: You probably don’t want to do this).

An avalanche of chicanery

This past week, we’ve seen quite a few things you may want to steer clear of—from mobile to survey scams. It’s frankly overwhelming and for many of us, there’s simply no way to tell the good from the bad from the mildly shoulder shrugging.

For example, someone has taken ye olde survey scam and remixed it for the coin collective:

Coins and Youtube, oh my

Advertised on Youtube (until the video was pulled down, anyway), this site claims to generate Bitcoins with a 100 percent success rate. Sure does beat all that cumbersome mining and electricity use, and this is a definite boon for someone trying to jam a GTX1080 graphics card into a netbook. The site itself, located at bitcoingenerator(dot)space, is exactly what you’d expect a survey scam to look like, except it’s asking for Bitcoin addresses instead of how many Xbox Live points you want.

Coin survey

Users need to be verified by filling in a selection of geotargeted surveys. You don’t need me to tell you that survey scams are junk. They’ve been around forever, and are the absolute bottom rung of unimaginative, cookie-cutter fakeouts that never give you what you want. They’re the first thing to fall out of the “In case of scam emergency, break glass” box.

Seeing one suddenly throwing itself on the Bitcoin bandwagon is a bit of an eye-opener though, and something we should take notice of. People will seemingly do pretty much anything to nab some free coins, including clicking this shortened link roughly 34k times to play a game of snake-as-Bitcoin-faucet.

Snake coin

Sadly, the landing page is dead at time of writing, so we have no way of knowing if this one ever got off the ground. It could well be legit, but keep in mind that sites and videos will claim to offer up all manner of faucets. Not all of them will play nice, so on your own snakey visage be it, and be especially cautious around any downloadable executables.

Repackaging the tech support scam

Elsewhere, we have our old friend the tech support scam marching in the direction of coin-related antics. Or at least, scammers using some of the hallmarks of the tech support scam in an effort to part Bitcoin traders using Kraken from their digital currency. A good while ago, I covered fake EA support accounts who wait for the real thing to go “out of office,” then slide into conversations before directing victims to phishing links. This has a bit of a similar feel, with scammers waiting for trading sites to go offline due to maintenance/bad luck/DDoS/whatever, then jump into hashtags on social media with links to fake support sites, including phony “support” over the phone. It all ends in phishing and vanished coins.

Old tricks, new victims, unfortunately.

Ignore that part of your brain that says, “Well, it’s just one coin or whatever,” because the problem is these things are so highly-valued right now that takes just one being swiped to cause major problems. And that, in turn, makes coins the absolute number one hot target on the block right now. Or, to put it another way:


That is an astonishing amount of cash to be cheated out of, and it’ll only get worse as scammers come up with the path of least resistance for obtaining illicit Bitcoins. It also seems like this has been going on for a while, so sites dealing in and around coins should consider bulking out their security hints and tips for new (and even experienced) Bitcoiners.

If you’re feeling a little swamped with the perils of Bitcoin, that’s understandable. Potential bubble + massive bandwagon + huge array of services + large corporations taking an interest + hordes of newcomers who have no idea what’s legit and what isn’t charging into the fray = please pass me the headache tablets.

Something we’ve been seeing recently is sites offering “crypto debit cards” if visitors invest certain amounts into their linked wallets. Is that real? Fake? A good deal? What’s the benefit for doing this? What on earth does this mean in the terms and conditions?


Why do you have to be in a SEPA country? What is a SEPA country? All of these questions and more can be yours, for the low, low price of total and utter confusion. Make no mistake: if you want to make serious cash, you’re going to have to do some serious research.

Cornering the market on best practices

If you’re totally new to Bitcoin, your most likely first port of call may well be one of the numerous exchanges out there. You’d do well to heed the following advice from digital crime writer Joseph Cox:

  • use unique password
  • create a new email account (don’t share it)
  • put 2FA on both the email and the exchange account (if SMS, don’t share number, but preferably Google Auth)
  • don’t trade over PayPal (scam)

— Joseph Cox (@josephfcox) December 8, 2017

  • Don’t log into exchanges over Tor, unless you really have to for some reason, and can use a hidden service (malicious exit nodes to steal logins, etc)Verification on exchanges helps you and the seller, do it
  • Keep trades through the exchange’s system, to ensure you get $$

— Joseph Cox (@josephfcox) December 8, 2017

Whatever your way in, please take some time to read up on the pros and cons of digital currency. Unless you understand the basics, even the simplest of easy-to-spot Bitcoin scams may well elude your radar until it’s too late. Considering the huge sums at play, and the breakneck pace being set by all things digital currency, it’s never been more important to be fully aware of the risks as well as the benefits of cashing in your crypto-chips.

The post There’s a hole in my bucket: Bitcoin scams aim to exploit volatile market appeared first on Malwarebytes Labs.

The most popular musicians of 2017

post malone

The most-searched musicians and bands on Google this year are a diverse bunch. They span different genres and generations. Some are more famous for their personal lives and struggles than their actual music, and some haven’t even released a full album this year.

Google narrowed down the top-trending band and musician searches in the US over the past 12 months.

Keep scrolling to see who people searched for the most in 2017.

Linkin Park was in the news for a tragic reason this year.

Linkin Park released their seventh album “One More Light” in May 2017, two months before lead singer Chester Bennington tragically committed suicide in July.

Cardi B took over the world in 2017.

Cardi B, real name Belcalis Almanzar, had a good year. Not only did she dethrone Taylor Swift on the charts, she became the first solo female rapper since 1998 to have a No. 1 hit (“Bodak Yellow”), and got engaged to Offset, a member of rap trio Migos.

The rapper first became famous for her time on “Love & Hip-Hop,” and before that she was an exotic dancer.

Lil Pump is a 17-year-old rapper from South Florida.

Lil Pump, real name Gazzy Garcia, came out of nowhere this year. He’s a 17-year-old Hispanic rapper from South Florida whose claim to fame is a song called “Gucci Gang.” 

See the rest of the story at Business Insider

HP Spectre 13 review: This stylish ultrabook conceals real power

HP’s Spectre 13 was designed for tablet lovers who don’t buy tablets, It’s a lightweight though sturdy ultrabook designed with a powerful Intel 8th-generation Core chip inside and an eye toward the future. HP’s stylish Spectre offers excellent performance for an ultrabook at a good price, making this a recommended choice.

At a light 2.4 pounds, though, the Spectre 13 is forced to make some compromises. It  falls short of the “all-day” battery life that some demand, delivering about six hours in our tests. HP probably dialed down the display resolution to preserve battery life, too, so the Spectre includes a 1080p touchscreen display. The Spectre 13 also commits wholeheartedly to USB-C/Thunderbolt. You’ll need a dongle if you own older peripherals.

To read this article in full, please click here

A state of constant uncertainty or uncertain constancy? Fast flux explained

Last August, WireX made headlines. For one thing, it was dubbed the first-known DDoS botnet that used the Android platform. For another, it used a technique that—for those who have been around in the industry for quite a while now—rung familiar in the ears: fast flux.

In the context of cybersecurity, fast flux could refer to two things: one, a network similar to a P2P that hosts a botnet’s command and control (C&C) servers and proxy nodes; and two, a method of registering on a domain name system (DNS) that prevents the host server IP address from being identified. For this post, we’re focusing on the latter.

Malware creators are the first actors to use this tactic. And Storm, the infamous worm that boggled and exasperated Internet users and security researchers alike in 2007, is one of the first binaries that proved fast flux’s effectiveness in protecting its mothership from detection and exposure. Fast flux made it doubly difficult for the security community and law enforcement agencies to track down criminal activity and shut down operations. Eventually—and albeit gradually—Storm’s reign ended, mainly due to the ISP that hosted the worm’s master servers, Atrivo, going dark.

From then on, the actors behind fast flux campaigns have been varied: from phishers and bot herders to criminal gangs behind money mule recruitment sites. There are also those that use fast flux to engage in other unlawful schemes, such as hosting exploit sites, extreme or illegal adult content sites, carding sites, bogus online pharmacies, and web traps. Recently, fast flux has been gaining notoriety and usage among cybersquatters, which makes this another threat for businesses with an online presence.

Fast flux—what is it really?

Fast flux is, in a nutshell, an advanced game of hide and seek. Cybercriminals hide by assigning hundreds or thousands of IP addresses that are swapped with extreme frequency to a fully qualified domain name (FQDN)—let’s say This is done using a combination of (1) distributing the load received by the server across many geographical points acting as proxies or redirectors and (2) banking on a remarkably short time-to-live (TTL) data lifespan. This address swapping happens so fast that the whole architecture seems to be in flux.

Here’s a simple illustration: If criminals assign a set of IP addresses that change every 150 seconds, users who access are actually connecting to different infected machines every single time.

Fast flux is occasionally used as a standalone term; however, we also see it used as a descriptor to the nature of a network, botnet, or a malicious agent. As such, you’ll find the below terms used as well, and for clarity, we have listed their definitions:

  • fast-flux service network (FFSN): The Honeynet Project defines this as “a network of compromised computer systems with public DNS records that are constantly changing, in some cases every few minutes.” There are two known types of this: single-flux and double-flux.
  • fast-flux botnet: Refers to a botnet that uses fast flux techniques. Herders behind such a botnet are known to engage in hosting-as-a-service schemes wherein they rent out their networks to other criminals. Also, some fast-flux botnets have begun supporting SSL communication.
  • fast-flux agent: Depending on the context, this could refer to either (1) the malware responsible for infecting systems to add them to the fast-flux network or (2) the machine that belongs to a fast-flux network.

Fast flux shouldn’t be confused with domain flux, which involves the changing of the domain name, not the IP address. Both fluxing techniques have been used by cybercriminals.

Wait, so assigning different IP addresses to a single domain name is legal?

Although it’s generally the case that one domain name points to one IP address, this association isn’t a strict mapping. And that is a good thing! Otherwise, web admins wouldn’t be able to efficiently distribute incoming network traffic to multiple resources, wherein a single resource corresponds to a unique IP address. This is the basic concept behind load balancing, and popular websites use it all the time. And round-robin DNS—this one-domain-to-many-IP-address association—is just one of several load-balancing algorithms one can implement.

There’s nothing illicit about this. What criminals are doing is merely taking advantage of or abusing what network technology already has to offer.

Aside from Storm, what other malware has been associated with fast flux?

Threat campaigns that use malware associated with fast flux networks usually involve botnets. And in the earlier years, worms were the type that used fast-flux botnets. Storm is a worm binary; so is Stration, its rival. Nowadays, other malware strains have banked on fast flux’s efficacy. We have Kronos and ZeuS/Zbot, two known banking Trojans; Kelihos, a Trojan spammer and Bitcoin miner; Teslacrypt, a ransomware (their payment sites are found hosted on an FFSN in East Europe); and Asprox, a Trojan password stealer turned advance persistent threat (APT).

As a side note, fast flux networks are not only used to hide malicious activities. Akamai, a known cloud delivery platform, has revealed in a white paper [PDF] that a fast flux network was used in several web attacks, specifically SQL injection, web scraping, and credential abuse, against their own customers.

Read: Inside the Kronos malware—Part 1, Part 2

Can fast flux be detected/identified? If so, how?

Definitely. Some organizations and independent groups in the security industry have put a lot of effort into investigating, studying, and educating others on what fast flux is, how it works, and how it can be detected. Below are just a few references that you can visit, browse, and read more thoroughly:

Can users protect themselves from fast flux activity?

When it comes to keeping our computing devices safe from physical and online compromise—with data in them unaltered and secure—extra vigilance and good security hygiene can save folks from a lot of headaches in the future. Installing an anti-malware with URL blocking features on devices not only protects them from malware but also blocks sites that have been deemed malicious, consequently stopping the attack chain. Lastly, regularly update all security software you use.

Stay safe out there!

The post A state of constant uncertainty or uncertain constancy? Fast flux explained appeared first on Malwarebytes Labs.

Twitter Auto Publish Powered By :