Topical Research Reports

As part of the Enhanced and Comprehensive levels of VeriSign® iDefense® Security Intelligence Services, customers receive topical research papers containing in-depth analysis on a specific issue related to cyber security. Delivered as a PDF by email or through the VeriSign® iDefense® Intelligence Portal, reports explore specific threats identified by VeriSign and issues that our customers have asked us to explore further.

To request a research report table of contents, select up to two titles below and click the submit button at the bottom of the page. Please note that this is a sample report containing only the table of contents. Complete reports are reserved for customers.

	2008.10.08: The Cyber Threat Landscape of Brazil Unlike its more dynamic counterparts, the cyber threat environment of Brazil is characterized by a highly specialized, ultra-specific focus on fraud conducted via banking Trojans disseminated by sophisticated phishing attacks. Almost all visible cyber criminal activity in Brazil is financially motivated and focuses on banking Trojans targeting Brazilian banks and phishing techniques for distributing these Trojans. As a result, Brazil is now home to some of the world's most skilled Trojan authors and most innovative fraudsters. Indeed, the ease with which cyber criminals are able to steal from Brazilian banking customers is a key reason for the relative paucity of other cyber threat categories in the country. The Brazilian security community has adapted accordingly, with Brazilian banks emerging as a leader in tracking and combating Trojans; however, this hyper-specialization of Brazilian computer security is not without its drawbacks. The private sector in Brazil lacks a strong culture of intellectual property protection, and it does not prioritize corporate espionage as a significant threat. Public cyber crime authorities also find it difficult to manage the sheer volume and sophistication of the country's information security environment. However, this is not for any lack of expertise or professionalism; rather, inadequate legislation and a lack of material resources handicap the efforts of otherwise able Brazilian law enforcement professionals.
	2008.09.10: Detecting and Tracking Trojan Horse Command-and-Control Servers Information-stealing Trojan horse programs quietly infect systems, capture valuable information and transmit it back to a central command-and-control (C&C) server. While some attackers create custom Trojans for specific purposes, less-technical criminals use simple toolkits to create binaries for their own use. These toolkits generate slight variations on a single Trojan that report to different C&C servers but use the same mechanisms to capture and report data. It is possible to detect communications between Trojans and C&C servers using a network-based intrusion detection system (IDS). Deploying signatures that detect this traffic across many monitored networks allows analysts to determine which networks most commonly host C&C servers. Clusters of these servers can indicate the existence of a rogue network that specializes in serving malicious content. Locating these clusters can further increase the security of the network by monitoring any traffic destined to it, any of which is highly suspicious.
	2008.08.06: A Nodal Analysis of Islamic Extremist Websites Since the beginning of the 21st century, the use of Internet technology by Islamic extremist-oriented terrorists to further their ideological and political goals has expanded greatly, in many ways mirroring the drastic expansion of worldwide Internet usage itself. A number of trends in the worldwide Islamic extremist-oriented terrorist movement and its evolving Internet presence are increasingly attracting the attention of iDefense analysts. Foremost among these is the rising interest in computer hacking and cyber warfare among terrorists, as evidenced by ongoing discussions into this subject on chat forums frequented by people with terrorist sympathies and hacking interests. This report contains a detailed survey of the Internet's largest and most prominent Arabic-language terrorist chat forum sites. It samples the content of each site's most active forum section in detail, provides a general survey of each site's other noteworthy forum sections, examines the links and affiliations of each site with various terrorist organizations and movements, and also takes a look at some of the influential and noteworthy members on each forum. Particular attention is also paid to specific hacker-oriented forum sections, the interests of their members and indications of any hacking and cyber terrorism discussions found elsewhere on the forums.