When the U.S. and South Korea became victims of cyber attacks last week, logic and not a little evidence pointed to North Korea as the culprit. However, a new report traces the attacks to the U.K., instead.

U.S. And S. Korea Attacks: Source Located In U.K.
Bkis, a Vietnam-based security company, stated on its corporate blog, "In order to locate the source of the attacks, we have fought against C&C servers and have gained control of 2 in 8 of them. After analyzing the logs of these 2 servers, we discovered the IP address of the master server, which is 195.90.118.xxx. This IP is located in UK."

Bkis then sprung another surprise by painting the attacks as being far more powerful than experts first thought.

The blog post continued, "During the past few days, the number of zombies has been estimated to be 50,000 by Symantec and about 20,000 by Government of South Korea. But, by taking control of two C&C servers and analyzing logs on these servers, we count the exact number of zombies that have been querying C&C servers to receive commands. . . . [T]here have been 166,908 zombies from 74 countries around the world that have been used for the attacks."

Though the Conficker worm threat turned out to be more hype than reality in April, spammers and cybercrooks were still very active in exploiting public interests. Latching on to traditions as well as big news stories provided venue for peddling a morass of trash.

Image Spam Surged 300% In April
The big scare (overblown hype) in April was the swine flu, which spammers were quick to capitalize on by adjusting their campaigns accordingly. It's classic bait and switch, as it is in cases where email recipients were duped into opening emails about the earthquake that rocked Italy, or IRS tax season phishing scams.

Fake Easter e-cards containing links to scareware went out, and the Waledac botnet was used to promote everything from online gambling, fake products, and foot fetishes.

Overall, spam is on the rebound since the famous November takedown of McColo Corp., which resulted in a temporary but drastic reduction in spam. Other reports show spam reaching about 70 percent recovery as spammers regroup.

McAfee has released a free, new service to help people determine if they have been the victim of cybercrime and what to do about it.

McAfee Reveals Cybercrime Response Unit
The Cybercrime Response Unit is part of a multipoint initiative launched in October of lat year to promote education about and awareness of cybercrime and help bridge communication between victims, law enforcement, and financial institutions.

The CRU will scan a person's computer to determine the likelihood the machine is infected. Users are warned even if it appears their computing habits appear to put the user at risk. Part of this is achieved via a series of questions about the users' computer habits.

McAfee's site does offer an actual scanner, as well, called the Cybercrime Scanner, which searches for unwanted processes, unauthorized connections, modifications, and visits to know malicious websites. The Scanner only works on Internet Explorer so far.

If the CRU determines there is a computer to be at risk of hacking or malicious software, users can go through the site to alert creditors and law enforcement.

Verizon investigated 90 confirmed data breaches in 2008 and discovered that an astonishing 285 million records were compromised, more than in the previous four years combined. In addition, the vast majority of breaches could have been avoided.

While many breach reports focus on internal breaches-and internal breaches account for the highest median losses-three quarters of breaches are executed by external sources. Nearly a third (32 percent) appeared to originate with business partners, and 39 percent were the result of multiple internal and external partner collusion.

In short, breaches came from everywhere last year, and from people within companies' circles of trust. Since 91 percent of all breached records were linked to organized criminal gangs, it would be interesting to know how much overlap there regarding business partners and insiders colluding with cybermafias.

Nearly all breaches (98 percent) shared at least one of three characteristics: thieves were aided by the target's error in security practices (67 percent); the target's network was hacked (64 percent); and malware was used to collect data (38 percent). The minority of breaches were the result of the misuse of privileges (22 percent) or direct, physical attacks (9 percent).

Luckily for Twitter, a pair of hack-attacks over the weekend were more embarrassing than damaging. Cracked by a bored teenager in the waning days of his prosecutorial immunity (he's 17), Twitter had tweeting back to normal relatively quickly.

Twitter was hit by the first worm on Saturday as tweeted reports of the "StalkDaily Worm" lit up the site. Hijacked accounts were promoting a StalkDaily website, which most are advising people not to visit. Initially the site owner denied involvement but posted a message accepting responsibility later.

Soon after the StalkDaily Worm was shut down, a new worm emerged via cross-site-scripting, this one spreading via About pages on Twitter and reportedly via infected tweets as well. The new worm was created by the same hacker in answer to Twitter's claims the security hole had been fixed.

The resulting tweets spread by up to 100 hijacked accounts were as juvenile as their creator, all bragging about the prowess of Mikeyy. Twitter reports the crew fought off four separate Mikeyy attacks into the early morning Monday hours.