RSS Alerts

Share

More services

Related Links

  • Panda Security
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Curiosity kills the cat as hackers use new infection techniques
    Hackers appear to be using social networking and news trending topics, judging from a recent analysis from Luis Corrons, technical director with Panda Security, who notes that the death of Osama bin Laden and the Royal Wedding have been used as lures in the last few weeks.
  • Panda releases Cloud AntiVirus Beta 1.9
    Two years after it released the first beta of its Cloud AntiVirus software, Panda Security has released a major new update – 1.9 – and it's a beta release once again.
  • Q1 2011 dominated by smartphone malware says Panda Security
    The latest quarterly malware report from Panda Security claims to show that smartphone malware dominated the security landscape, as witnessed by the rash of Google Android infections.
  • Panda Labs: New malware soars by 26% so far this year
    Spam levels may be falling as a result of the outage of the infamous Rustock botnet, but malware volumes are soaring, with PandaLabs, the research arm of Panda Security, reporting a 26% surge in malware since the start of the year.
  • Panda Labs discusses SCADA security with ReverseMode expert
    Luis Corrons, technical director of PandaLabs, Panda Security's research operation, has posted an interesting interview with Ruben Santamarta, the co-founder and head of security assessment with fellow Spanish IT security company WinterCore.
  • Panda Security roundtable discusses cybersecurity trends
    Panda Security held its second annual security blogger summit in Madrid last week, at which more than 200 security professionals attended. Discussion highlights of the event included internet mafias, the risks they pose to both consumers and businesses, and how law enforcement should be involved to stop cybercriminals from acting with impunity.

Top 5 Stories

News

Panda Labs head discusses website takedowns

01 June 2011

Website takedowns have been in the news this year, but Luis Corrons, the director of PandaLabs, the research arm of Panda Security, has stated that he expects a website takedown to be carried out using court warrants and legal mandates.

Corrons' comments come in the wake of an ongoing debate on the role that ISPs plus hosting providers have when it comes to command-and-control servers used to control botnets, Infosecurity notes.

The PandaLabs' director says that, if a police officer wants to walk into his home without his consent, he needs a search warrant.

"In the security industry we don't usually look at copyright violations, but to cybercriminals that want to steal people's money and information, the fight takes place in a number of different fields", he says in his latest security blog.

Despite this, Corrons cautions that IT security professionals should not forget they are not police officers – even though we are fighting against the same bad guys.

According to Corrons, if he discovers a website that is being used to host a phishing attack, his team will add the URL to Panda's blacklist to protect users, as well as sharing the URL with several other IT security vendors so that they can protect their users.

"Should I stop here? I could check who is the owner of the site, report it to the police, talk to the ISP hosting that site, etc", he said, adding that, every day, thousands of site shutdowns happen with no warrants or legal mandates.

And, he explained, law enforcement officials are not involved.

The problem, he says, is that criminals are creating thousands of new malicious sites, with the only purpose of infecting users and stealing their personal information.

Security researchers from private companies try to stop that, as they have customers to protect, he adds.

"We find them, we ask the owner of the hosting site to remove the pages," he said, adding that the hosting provider then removes the site, whereupon the cybercriminals start looking for new paces.

There are, Corrons went on to say, companies whose main focus is to perform these shutdowns, as there are a number of companies willing to pay large sums of money to have the sites removed, owing to brand and reputational damage issues.

Against this backdrop, he says, it is important to note that everything is not black or white, as hosting the phishing sites could be a violation of the ISP's rules, meaning that it can be perfectly legal for the ISP to remove them.

This article is featured in:
Business Continuity and Disaster Recovery  • Compliance and Policy  • Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012