We begin today’s FUD-buster with – applause please – cyberterorism via an “article”: Cyberterrorism: A look into the future. The article talks about Estonia (which is the poster-child for “cyber” incidents these days) and says the following thing (amongst others equally high-quality content) – emphasis added:
“The three-week cyberattack on Estonia threatened to black out the country’s digital infrastructure, infiltrating the websites of the nation’s banks and political institutions”
The article cites as source (hey, at least they cite sources) an equally “well researched” piece from the Telegraph.co.uk which says almost the same thing. Now I seem to remember that the Estonia incident was just a large scale DDoS attack, so I’ve looked around for more reliable sources, like this article on Dark Reading Authoritatively, Who Was Behind The Estonian Attacks? by Gadi Evron (or see this other article). This confirms what I was remembering: it was a large scale DDoS attack with some minor defacements, but in no way were they “infiltrating the websites”.
The second (unrelated, other than the fact that it is an overstatement) quote comes from the Kaspersky blog, where we can read that:
“a vast amount of pirate software nowadays contains trojans, both for the PC and Mac”
This depends very much on your interpretation of “vast amount” (as me how I know :-P). Of the actual pirated software shared in limited networks like college campuses, very little is infected. What are extremely likely to be malicious are the crack / keygen websites. Either they contain exploits directly or they bundle malware with the downloads. An other sneaky way, seen on P2P networks like Gnutella or eDonkey, is to run bots which respond to any search with an executable that contains the keywords in the name and is – of course – malicious. So, depending on your interpretation of “vast amount”, this doesn’t hold up.
The conclusion, as always: do your own research!
Picture taken from cooljinny’s photostream with permission.