We're always hearing about the current trends in the threat landscape, and they're always the same. So, for a change, let's hear about some of the anomalies.
Take, for example, the sudden demise of the SQL Slammer worm. Once the scourge of the internet, about a year ago SQL Slammer suddenly all but vanished. Some speculate that a good-guy hacker or hackers cleaned it up.
"There are folks out there that break into systems specifically for the reason of fixing them up," said Michael Montecillo, a threat research and intelligence principal with IBM Security Services.
In this week's Patch Monday podcast, you'll hear an interview with Monticello, recorded at the recent IBM Security Symposium in Sydney, covering good-guy hackers, click fraud, and his views on the profile of hacktivism, following the arrest of key Anonymous and LulzSec members.
There has certainly been a drop in the number of hacktivist incidents, and, in May, Barrett Brown lamented the loss of political sophistication in Anonymous' actions. But technical sophistication is harder to measure.
"This is one of the things in security; we've never come out with a comprehensive measuring strategy for what we say is sophisticated and unsophisticated. It's kind of finger-in-the-wind measurement of the temperature, right?" Montecillo said.
"Certainly, there are [sophisticated] attacks ... but even in HBGary, some of the methodology that they used has existed for quite some time."
To leave an audio comment on the program, Skype to stilgherrian or phone Sydney +61 2 8011 3733.
The Black Hat presentation on click-fraud reference by Montecillo was: Get Rich or Die Trying — Making Money on the web the black hat way.
Running time 19 minutes, 07 seconds