DP's Security Bits

Statistics for June 2007

Spam Statistics
Rate of Spam: 67.41%
Main Sources of Spam:
1. United States - 37.38%
2. China - 17.05%
3. United Kingdom - 10.93%
4. Mexico - 09.86%
5. Russian Federation - 07.64%

Virus Statistics
Rate of Virus infection: 4.12%
Top 5 most prevalent Viruses:
1. W32/Zafi.B - 39.73%
2. W32/Netsky.BR - 09.29%
3. W32/Mytob.DJ - 07.45%
4. W32/Mytob.CQ - 05.60%
5. W32/Sality.AD - 05.10%

Source: IE Internet

A group of security professionals launched this week what they hope will become the eBay of security research.

The Swiss-registered company, WSLabi, boasts that its online portal will allow researchers to sell vulnerabilities they have discovered to software companies and other interested parties through an open market. WSLabi plans to verify the identities and claims of both the buyer and seller. Already, four software flaws -- including a Linux memory leak and a flaw in Yahoo! Messenger 8.1 -- are listed on the site and more than 200 people have registered, according to the firm.

http://www.securityfocus.com/brief/542 

Published: July 5, 2007

On July 10, 2007, Microsoft plans to release:

3 Critical updates
2 Important and
1 Moderate.

http://www.microsoft.com/technet/security/bulletin/ms07-jul.mspx

Grisoft, the producers of AVG security software won the 'Best Security Software 2007' Award at the TechWorld awards event for their flagship product; AVG Internet Security.

Full Press Release 

A senior database administrator at payment firm Certegy Check Services secretly copied 2.3 million records containing bank-account and credit-card information and sold it to marketing firms, Fidelity National Information Services (FNIS), Certegy's parent company, said this week.

http://www.securityfocus.com/brief/541 

Some AIM users are angry about a recent alert message that AOL LLC displays on their screens urging them to upgrade to the newest version of the instant messaging software.

The alert, delivered in a rectangular box that appears on the screen's lower right-hand corner, can't be turned off.

If a user closes the box, the alert will pop back up minutes later. If left alone, the alert will periodically position itself as the primary active window, interrupting the user's current activity.

AOL acknowledges that unless users go through the upgrade process, there is no way to get rid of the alert.

"Normally, upgrades are optional. However, in this case we are highly encouraging users to upgrade from 6.0 to 6.1 because of some security updates that are included in the new release," an AOL spokeswoman said via e-mail.

Story continues at computerworld.com 

ESET, a global provider of antivirus software, today announced a release of its new online scanning service. Powered by award-winning ESET NOD32 Antivirus software, ESET Online Scanner is a free Web-based service that enables computer users to perform a comprehensive system scan to check for and clean viruses, spyware, and other malware—without uninstalling their existing antivirus solution.

"It’s a pleasure for us to offer the public the power of NOD32 in our new Online Scanner service,” said Miroslav Trnka, co-founder and CTO of ESET. “ESET believes in empowering users to make the best AV buying decision, and we’ve offered free 30-day trial licenses for many years that include full product functionality. While it doesn’t replace the trial version, the new Web scanner takes this try-before-you-buy philosophy a step further by allowing users to test our product in real-time without removing their existing protection."

The Business Software Alliance announced on Monday the launch of its "Blow the Whistle" campaign and said it will offer up to $1 million as a bonus for employees that turn in their employers.

The campaign, which lasts until October 2007, rewards end users that tip off the the software industry's lobbying arm and offer evidence about companies that have installed unlicensed copies of software. Until the end of the campaign, the BSA will pay a bounty to informants based on the settlement with a maximum fee of $1 million, up from the normal top tip for tattlers of $200,000. Under the guidelines of the program, end users cannot have been the ones to install the software unless they were ordered to do so by a supervisor.

http://www.securityfocus.com/brief/540 

 China is proving to be a mighty force not only economically, but also as the launching point for malicious software and spam.

In June, some 40 percent of malicious software worldwide originated from Beijing, nearly doubling from 21 percent in May, said Simon Heron, managing director for security vendor Network Box Corp.

Spam from Beijing, however, dropped from 11 percent to 5 percent over the same time period, he said.

Beijing kept the number one spot for malware, followed by Wattleup, Australia, at 3.7 percent, and Madrid, Spain, at 2.5 percent, according to Network Box.

The percentage is calculated from event logs transmitted by about 700 customers using Network Box's security appliance, which has a firewall along with antispam, antivirus, antiphishing and content filtering technologies. The company catches about 4 million samples of malicious software a day.

Computerworld 

Hackers appear to have stepped up their efforts over the past year to trick corporate executives into downloading malicious software that can steal company data, according to new data released today.

MessageLabs Ltd., a security vendor that offers e-mail filtering services to catch spam and malicious attachments, caught an average of 10 e-mails per day in May targeted at people in senior management positions, up from just one a day during the previous year, said Mark Sunner, chief security analyst.

Those 10 e-mails are a tiny percentage of the 200 million e-mails that MessageLabs scans every day, but the composition of those messages is alarming, Sunner said.

Story continues at computerworld.com 

The number of malicious Web sites has skyrocketed over the past few months, going from 5,000 new ones a day in April to nearly 30,000 a day now.

"This certainly is a huge increase," said Carole Theriault, a senior security consultant with Sophos, Inc., in an e-mail to InformationWeek. "In June, we saw it climb to 9,500 a day and then this huge jump up 29,000."

Theriault said there is a two-pronged reason to the remarkable increase.

One reason is that hackers are increasingly turning away from e-mail as their preferred method of spreading malware and putting their focus on the malicious Web site. In some cases, they are creating their own malicious Web sites, but in most cases they're hacking into legitimate sites and embedded malware into them.

According to Sophos, researchers are finding 29,700 new infected Web pages every day, and 80% of them are legitimate sites that have been compromised.

InformationWeek 

Antivirus software is frequently tested for performance, so picking a top product should be straightforward: Select the No. 1 vendor whose software kills off all of the evil things circulating on the Internet. You're good to go then, right? Not necessarily.

The increasing complexity of security software is causing vendors to gripe that current evaluations do not adequately test other technologies in the products designed to protect machines.

Relations between vendors and testing organizations are generally cordial but occasionally tense when a product fails a test. Representatives in both camps agree that the testing regimes need to be overhauled to give consumers a more accurate view of how different products compare.

"I don't think anyone believes the tests as they are run now ... are an accurate reflection of how one product relates to the other," said Mark Kennedy, an antivirus engineer with Symantec.

Representatives of Symantec, F-Secure, and Panda Software agreed last month at the International Antivirus Testing Workshop in Reykjavik, Iceland, to design a new testing plan that would better reflect the capabilities of competing products. They hope all security vendors will agree on a new test that can be applied industrywide, Kennedy said.

Story continues at infoworld.com