TORONTO -- Security researchers demonstrated malware samples used in
recent targeted attacks during a session Tuesday at the SecTor 2010
conference. These malware samples, through the use of simple,
automated processes within the code, were able to evade antivirus
detection and dupe computer forensics investigations.
The researchers, members of Trustwave's Spiderlabs forensics and
pen-testing teams, investigated more than 200 security incidents
worldwide during the last year, collecting hundreds of malware
samples; on Tuesday, they demonstrated a Windows credential stealer,
a network rootkit and a client-side PDF attack.
Thursday, October 28, 2010
GOOGLE ANTIMALWARE EFFORTS RELY ON MALWARE DETECTION
TORONTO -- Google Inc. this week revealed how it detects websites
infected with malicious code, part of its effort to protect users
from drive-by downloads and other malicious content.
Fabrice Jaubert of the Google antimalware team presented details
about Google's antimalware efforts at the SecTor 2010 conference. The
team uses proprietary algorithms to identify malware distribution
sites and sites that have been infected with malicious code. While
Google's technical efforts succeed in identifying and blocking
millions of websites suspected of hosting malicious code, Jaubert
described the process as a typical cat-and-mouse game, in which savvy
cybercriminals find ways to avoid detection.
infected with malicious code, part of its effort to protect users
from drive-by downloads and other malicious content.
Fabrice Jaubert of the Google antimalware team presented details
about Google's antimalware efforts at the SecTor 2010 conference. The
team uses proprietary algorithms to identify malware distribution
sites and sites that have been infected with malicious code. While
Google's technical efforts succeed in identifying and blocking
millions of websites suspected of hosting malicious code, Jaubert
described the process as a typical cat-and-mouse game, in which savvy
cybercriminals find ways to avoid detection.
Wednesday, October 27, 2010
BREDOLAB BOTNET CRIPPLED BY DUTCH CYBERSECURITY TEAMS
Dutch law enforcement and computer teams took out the Bredolab
botnet, seizing and disconnecting more than 100 command-and-control
servers used to send orders to hoards of zombie machines.
Bredolab, known for spreading spam and rogue antivirus, is thought by
some experts to have infected at least 30 million computers.
botnet, seizing and disconnecting more than 100 command-and-control
servers used to send orders to hoards of zombie machines.
Bredolab, known for spreading spam and rogue antivirus, is thought by
some experts to have infected at least 30 million computers.
BOTNET INFECTIONS
Microsoft issued its latest Security Intelligence Report last week,
indicating that botnets pose the biggest problem for security teams
attempting to defend websites, networks and end-user devices from
malware infections.
Volume 9 of the Microsoft Security Intelligence Report lays out
evidence that while there has been some success in breaking up major
botnets, more action is needed if security teams ever expect to see a
major decline in botnet malware infections. Microsoft said it cleaned
more than 6.5 million computers of botnet infections in the first
half of 2010, double the amount for the same period a year before.
indicating that botnets pose the biggest problem for security teams
attempting to defend websites, networks and end-user devices from
malware infections.
Volume 9 of the Microsoft Security Intelligence Report lays out
evidence that while there has been some success in breaking up major
botnets, more action is needed if security teams ever expect to see a
major decline in botnet malware infections. Microsoft said it cleaned
more than 6.5 million computers of botnet infections in the first
half of 2010, double the amount for the same period a year before.
Monday, October 25, 2010
There are 148 unregistered users and 0 registered users on-line. You can log-in or register for a user account on TWITTER .
The news that Adobe Shockwave Player has a zero-day vulnerability which could potentially allow an attacker control of your computer is neither shocking nor unexpected. Adobe security flaws are like buses: if you missed the last one just wait for a while and another one is sure to turn up. However, it’s the unexpected bit of this particular zero-day that is the real news here.
After all, zero-day suggests an unknown vulnerability so how could we have expected this one this week? The answer, my friend, was blowing on the Twitter wind.
Amazingly, and very depressingly, a ’security researcher’ called Shahin Ramezany posted to Twitter that to celebrate getting 1000 Twitter followers he would “release an adobe 0day” and that’s exactly what he did.
After all, zero-day suggests an unknown vulnerability so how could we have expected this one this week? The answer, my friend, was blowing on the Twitter wind.
Amazingly, and very depressingly, a ’security researcher’ called Shahin Ramezany posted to Twitter that to celebrate getting 1000 Twitter followers he would “release an adobe 0day” and that’s exactly what he did.
Saturday, October 23, 2010
MICROSOFT IIS 7 SECURITY
Microsoft's Internet Information Services (IIS) Web server has
presented enterprises with more than its share of security problems
over the years, including the infamous Code Red worm nearly a decade
ago. A key security concern with IIS has always been the number of
features that are automatically installed and enabled by default,
such as scripting and virtual directories, many of which proved
vulnerable to exploit and led to major security incidents.
With the release of IIS 6 a few years ago, a "lockdown by default"
approach was introduced with several features either not being
installed or installed but disabled by default. IIS 7, the newest
iteration, goes even further.
presented enterprises with more than its share of security problems
over the years, including the infamous Code Red worm nearly a decade
ago. A key security concern with IIS has always been the number of
features that are automatically installed and enabled by default,
such as scripting and virtual directories, many of which proved
vulnerable to exploit and led to major security incidents.
With the release of IIS 6 a few years ago, a "lockdown by default"
approach was introduced with several features either not being
installed or installed but disabled by default. IIS 7, the newest
iteration, goes even further.
Friday, October 8, 2010
Snort
Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. Snort has become the de facto standard for Intrusion Prevention Systems (IPS).
Martin Roesch remains the guiding force behind nearly all of the
improvements made to Snort. Despite business pressures that
could potentially sidetrack any vendor's technology improvements,
Roesch guides Snort with a steady hand. He created Snort as an open
source project in 1998 and in 2001 he founded Columbia, Md.-based
Sourcefire to sell appliances and software that uses the Snort
engine.
Martin Roesch remains the guiding force behind nearly all of the
improvements made to Snort. Despite business pressures that
could potentially sidetrack any vendor's technology improvements,
Roesch guides Snort with a steady hand. He created Snort as an open
source project in 1998 and in 2001 he founded Columbia, Md.-based
Sourcefire to sell appliances and software that uses the Snort
engine.
Where do we fall short?
Non-reporting of cyber crimes is an act that directly hampers the
growth of India as an IT superpower. Although cyber crimes are on the
rise in India, their reporting is fractional. Despite being the
biggest victim of cyber crimes, Indian organizations always undergo
the debate of whether they should report these attacks. In addition,
there are specific hindrances that prevent organizations from
reporting cyber crimes. Our expert takes a look at the specific
causes behind non-reporting of cybercrimes in India. He also
recommends measures that can be taken to ensure more reporting of
cybercrimes.
growth of India as an IT superpower. Although cyber crimes are on the
rise in India, their reporting is fractional. Despite being the
biggest victim of cyber crimes, Indian organizations always undergo
the debate of whether they should report these attacks. In addition,
there are specific hindrances that prevent organizations from
reporting cyber crimes. Our expert takes a look at the specific
causes behind non-reporting of cybercrimes in India. He also
recommends measures that can be taken to ensure more reporting of
cybercrimes.
SECURITY METRICS LESSONS FROM INFOSYS
It is said that what you can't measure, you can't improve. So, if an
enterprise looks forward to improve its security posture, it needs to
gauge the effectiveness of its security controls. In this week's
edition, leading Indian IT-BPO organization Infosys reveals how it
has successfully developed an information security metrics model.
Although it's not a conventional risk measurement tool, security
metrics goes a long way in security risk assessment, identification,
mitigation and governance. We bring you an up-close look at Infosys's
journey to develop security metrics.
enterprise looks forward to improve its security posture, it needs to
gauge the effectiveness of its security controls. In this week's
edition, leading Indian IT-BPO organization Infosys reveals how it
has successfully developed an information security metrics model.
Although it's not a conventional risk measurement tool, security
metrics goes a long way in security risk assessment, identification,
mitigation and governance. We bring you an up-close look at Infosys's
journey to develop security metrics.
CROSS-SITE SCRIPTING TWITTER ATTACK CAUSES CHAOS
The popular social network, Twitter, said it has fixed a
vulnerability that enabled a cross-site scripting (XSS) attack, which
wreaked havoc for a short time Tuesday. A user exploited the error,
causing people to unwillingly spread a message and annoy victims with
pop-up windows.
Victims of the attack only had to scroll over the Twitter message,
which then activated the malicious code. Once activated, the message
was reposted and viewable by the victim's followers, allowing it to
quickly spread across the website, like a worm. Pop-up windows led
vulnerability that enabled a cross-site scripting (XSS) attack, which
wreaked havoc for a short time Tuesday. A user exploited the error,
causing people to unwillingly spread a message and annoy victims with
pop-up windows.
Victims of the attack only had to scroll over the Twitter message,
which then activated the malicious code. Once activated, the message
was reposted and viewable by the victim's followers, allowing it to
quickly spread across the website, like a worm. Pop-up windows led
victims to third-party websites peddling porn.
STUXNET TROJAN
The security chief at the North American Electric Reliability Corp.
(NERC) is calling for better designed and more hardened systems in
the wake of the Stuxnet malware threat.
multiple previously unknown vulnerabilities. Stuxnet initially relied
on four zero-day vulnerabilities to gain access to devices that could
potentially connect to critical control systems, allowing Stuxnet to
spread to other machines. It was also the first piece of malware that
could inject itself into programmable logic controllers, the system
that controls temperature, pressure and other processes vital to
keeping industrial facilities running smoothly.
(NERC) is calling for better designed and more hardened systems in
the wake of the Stuxnet malware threat.
The Stuxnet Trojan quickly gained the attention of the security
industry because it was one of the first pieces of malware to usemultiple previously unknown vulnerabilities. Stuxnet initially relied
on four zero-day vulnerabilities to gain access to devices that could
potentially connect to critical control systems, allowing Stuxnet to
spread to other machines. It was also the first piece of malware that
could inject itself into programmable logic controllers, the system
that controls temperature, pressure and other processes vital to
keeping industrial facilities running smoothly.
Subscribe to:
Posts (Atom)
