October 2009 - Posts
Trend labs shares key concerns to avoid while online:
This Halloween, Enjoy the Treats but Be Wary of Online Tricks
http://blog.trendmicro.com/this-halloween-enjoy-the-treats-but-be-wary-of-online-tricks/
QUOTE: We often associate Halloween with pumpkins and costumes but for cybercriminals it’s merely another avenue to exploit, steal, and trick users into giving away their personal identities. Treats are fun but we all need to be on the lookout for the sneaky and tricky ways cybercriminals slither into our computers.
Below are the TrendLabs, top 7 scariest threats that might be knocking on your door:
1. Tailor-made ZBOT spam makes its way to employees’ mailboxes
2. Vulnerabilities hit critical mass: Patch me if you can
3. FAKEAV: Surrender hard-earned money for fake security
4. Expand your circle of friends but beware of KOOBFACE malware
5. More sophisticated attacks = More victims
6. No system is immune from security attacks
7. Baited Search Engine attacks climb the charts
Numerous malicious websites, rogue AV products, botnets, and phishing attacks continue to circulate. Users should stay up-to-date on technical protection and use safe practices.
Dangerous Malware - 2009 Analysis by Trend Mirco
http://blog.trendmicro.com/trick-or-threat/
QUOTE: 2009 saw the emergence or resurfacing of three of the most notorious botnets in relation to information, financial, and identity theft—Koobface, ZeuS, and Ilomo. Trend Micro estimates that more than 100,000 users receive messages saying they have been infected by malware while visiting malicious sites and that there are more than 48,000 FAKEAV offerings per month.
WHY IT'S IMPORTANT TO STAY PATCHED UP -- Unpatched vulnerabilities can allow cybercriminals to exploit users’ systems. For instance, unpatched vulnerabilities in a system’s browser can allow cybercriminals to run arbitrary code if the user happens to browse through a malicious website, leaving him/her at the mercy of online predators.
MSRT - October 2009 Malware Cleaning Statistics http://blogs.technet.com/mmpc/archive/2009/10/27/msrt-october-release-case-study.aspx QUOTE : Some key takeaways: •In the US (as well as other English speaking countries) rogues are predominant . Six...
When holidays or major news events occur, always be careful when presented with these topics in email
Halloween Malicious Spam Circulating
http://www.avertlabs.com/research/blog/index.php/2009/10/29/trick-or-treat-with-spam-and-malicious-screensavers/
QUOTE: some of the most common techniques scammers and cybercriminals use are news events and holidays. Balloon Boy and the Windows 7 Launch are good examples. My colleague Sam Masiello’s blog on President Barack Obama’s Nobel Prize is another excellent example. With Halloween approaching rapidly, the tricks are already knocking on your inbox and at your browser’s window.
This warning was shared with me recently and shares some excellent tips on avoiding any related scams that may materialize. It is important to know your rights and what to expect in this process. During March 2010, questionaires will be mailed to every household in the USA. If these are completed and returned promptly, census takers will not need to visit your residence to collect this information.
2010 Census - Better Business Bureau Safety Tips
http://vawest.bbb.org/article/bbb-offers-advice-on-how-to-identify-legitimate-census-workers-12923
US Census Home Page
http://www.census.gov/
US Census - How it works and what to expect
http://2010.census.gov/2010census/how/index.php
QUOTE: Over the next 18 months, 1.4 million U.S. Census workers will be surveying the population of the country to gather demographic information about everyone living here. As the 2010 census process begins, the Better Business Bureau (BBB) advises citizens to cooperate carefully in order to avoid becoming a victim of census-related scams. Citizens are required by law to respond to the U.S. Census Bureau’s requests for information. Census data will be used in allocation of more than $300 billion in federal funds as well as in determining the number of Congressional representatives that each state is allowed.
The BBB offers the following advice to help distinguish between bona fide Census workers and con artists:
•U.S. Census workers will have identification, a handheld device and a confidentiality notice. Caution: never invite strangers into your home.
•U.S. Census workers will not ask for your Social Security number or any information about bank or credit card accounts.
•U.S. Census workers will not ask you for money or say that you owe money.
•U.S. Census workers will not harass or intimidate you.
•U.S. Census workers will not contact you by email – only by phone, by mail or in person.
While over 99% of users ignored these scams, perhaps 1 in a thousand would believe the email letter and start participating. Often the victim would be robbed online of hundreds if not thousands of dollars. Major arrests have been made to shut down most of these operations, which should result in fewer emails.
Nigeria - Major arrests made for 419 scams
http://news.bbc.co.uk/2/hi/africa/8322316.stm
http://en.wikipedia.org/wiki/Nigerian_419_scammer
Nigeria's anti-corruption agency says it has shut down some 800 fraudster e-mailers and arrested those behind 18 high-profile "cyber crime syndicates". The Economic and Financial Crimes Commission said it has been working with the computer giant Microsoft to crack down on the scammers. The con tricks - known as "419 scams" after the penal code that outlaws them in Nigeria - are often run by well-organised gangs.
This TechNet article offers a great overview of the key security improvements found in Windows 7
TECH NET - An Introduction to Security in Windows 7
http://technet.microsoft.com/en-us/magazine/2009.05.win7.aspx
Table of Contents
* Windows Biometric Framework
* Extending Authentication Protocols
* BitLocker Core Enhancements
* BitLocker To Go
* UAC Improvements
* AppLocker
* Global SACLs and Granular Auditing
* Wrapping Up
Like Vista, Windows 7 continues to improve on security controls. In a corporate setting, Windows 7 offers much improved security over Windows XP especially for mobile users with laptops (who may be outside the umbrella of corporate protective controls as they travel).
Windows 7 - offers improved security for corporate users
http://www.eweek.com/c/a/Security/Windows-7-Security-Story-May-Appeal-to-Enterprises-549002/
QUOTE: Microsoft Windows 7 has a number of new security features designed to appeal to enterprises. But will they do the trick? The Windows 7 security story has three main chapters that have received a fair amount of attention: DirectAccess, BitLocker To Go and AppLocker. With these, as well as features such as BranchCache and enhancements to UAC (user account control), officials at Microsoft have said they feel they are pushing out their most secure operating system yet.
Windows 7 is built upon the security foundations in Windows Vista and retains all of the core technologies, such as Firewall, Windows Defender and User Account Control," Paul Cooke, director of Windows Client Enterprise Security, told eWEEK. "In addition to enhancing those security features, we listened to customer feedback and [wove] it closely into the development process of Windows 7 to deliver innovative new security features.
Enterprises looking to upgrade or switch to Windows 7 can also count AppLocker as a key security feature. AppLocker allows administrators to use Group Policy to specify what applications, installation programs and scripts users can execute. With the Audit Only Enforcement Mode setting, administrators can determine what applications are used in an organization and test rules before deploying them, Cooke said.
Rounding all this out is BitLocker To Go, which encrypts removable storage devices such as USB drives. With BitLocker To Go, users can restrict access to the data with a pass code, as well as set a policy that requires users to apply BitLocker protection to removable drives before being able to write to them. The feature also provides configurable read-only support for removable devices on older versions of Windows so BitLocker-protected files can be shared.
Microsoft's Malware Protection Center (MMPC) has provided an informative update related to the 1st week for MSE going live. As an original beta tester and current user on our family PC, MSE continues to offer good basic performance and has had a couple of good reviews on it's capability to detect malware using a signature based approach.
Microsoft Security Essentials – Week One
http://blogs.technet.com/mmpc/archive/2009/10/15/microsoft-security-essentials-week-one.aspx
QUOTE: Now that Microsoft Security Essentials is generally available to consumers in 19 countries, we've had a chance to go over the data, and there are some very interesting results. Just in the first week we saw well over 1.5 million downloads of Microsoft Security Essentials, but the price (free to Windows users) is hard to beat!
Computers reporting detections up to October 6: almost four million detections on 535,752 distinct machines. The detections are eight times the machine count because many computers are infected with multiple threats.
Microsoft Security Essentials is available in 8 languages and 19 markets at RTM, which covers a lot of the PC using world. The geographic distribution of detections so far still closely follows the Microsoft Security Essentials Beta countries, and is ramping up in other countries that use the 8 languages.
Numerous links can be found here:
http://msmvps.com/blogs/harrywaldron/archive/2009/09/30/microsoft-security-essentials-new-free-av-product-for-home-users.aspx
http://msmvps.com/blogs/harrywaldron/archive/2009/10/01/mse-rated-as-very-good-in-finding-malware-by-av-test-org.aspx
Please be careful with Windows 7 email messages you may receive. AVERT Labs has noted extensive spamming to deceive folks. Usually with email, if it appears too good to be true, it's too good to be true ...
Windows 7 Spam and Malicious links circulating
http://www.avertlabs.com/research/blog/index.php/2009/10/21/windows-7-beaten-to-the-punch-by-spam/
QUOTE: The release of Microsoft’s next major operating system, Windows 7, is at hand. It’s timely to remind everyone that we have seen Windows 7 spam for a few months. Anything on this scale from Microsoft is too big a lure for spammers and cybercriminals to ignore. (I would be stunned if they didn’t take advantage.) We’ve seen subjects that include:
Microsoft Windows 7 special offers
Windows 7 SP 2
Windows 7 FAQ on release
Today’s Special Gateway Laptop + NEW Windows 7 & More Electronics Deals
Windows7 ultimate 86% off
Windows7 ultimate 57% off
We at McAfee Labs have noticed these throughout both September and October–with spikes as high as 1.88 percent of total spam. That might sound like a small number, but when you consider that daily spam volumes can reach 160 billion messages, it is not insignificant.
I like the security and reliabilty found in Vista and I'm now looking forward to the release of Windows 7 on Thursday. It will offer further improvements and efficiencies, plus an XP compatibility mode where needed.
TechFlash Survey - 50% of businesses implement Windows 7 in one year
http://sunbeltblog.blogspot.com/2009/10/half-of-businesses-surveyed-will-go.html
http://www.techflash.com/seattle/2009/10/survey_50_of_businesses_to_deploy_windows_7_in_first_year.html
QUOTE: Nearly half of 1,200 companies surveyed by a veteran technology analyst plan to deploy Windows 7 in its first year of availability, and another 11 percent say they will make the shift as soon as Microsoft releases the first service pack update for the new operating system.
This link is handy for manually updating PCs with MSE installed, esp. if there is no Internet connectivity. After updating MSE signatures, it's beneficial to perform a QUICK or FULL SCAN with these latest definitions to ensure your system is malware free. It's a very easy process in downloading the applicable file, clicking on it, and it installs in about one minute.
http://support.microsoft.com/default.aspx/kb/971606
College students should avoid this new phishing attack which is currently circulating in spam attacks
Internet Storm Center - University email quota scam
http://isc.sans.org/diary.html?storyid=7402
QUOTE: New week, new scams. One seems directed at universities, and is informing students that their email quota is exhausted and asks them to connect to a malicious web site to re-enable their account. The site includes an iframe and doesn't even TRY to look like the web site of an university. It still asks for your userid and password, though ...
This Network World article provides excellent advice for IT professionals during the difficult economic times we are experiencing. However, this is applicable to any job, as it's important to pursue continuing education, exhibit a positive attitude, and provide greater-than-expected contributions for your employer. Throughout my career, I've strived for these principles and they are even more valuable in today's difficult job market.
IT Professionals - How to make yourself layoff-proof
http://www.networkworld.com/news/2009/090409-layoff-proof.html
QUOTE: Despite talk of an economic recovery on the horizon, countless lost jobs won't be replaced and IT organizations are still weighing layoffs as a way to cut operations budgets.
1. Dig in - IT workers in precarious employment positions need to take on extra work, log more hours and essentially show their employers they want to be there, experts say.
2. Follow the money - IT workers should know what systems and projects ultimately will drive revenue for the business. And they should work to get assigned those projects.
3. Feed your brain - Resources may be scarce, but experts recommend IT pros find low-cost training or other self-study options to expand their technical knowledge in ways that would benefit the company – and ultimately themselves.
4. Become a business technology expert - It's not just something people say; IT staffers need to become business-savvy to advance their careers and essentially keep their jobs.
5. Think cheap - Headcount reductions are often an effort to cut costs, but IT pros who prove to managers they can find inexpensive technology and reduce costs in-house could save their jobs.
6. Stay away from the drama - Most companies have a bit of in-office drama, but it's best to stay far away from the water cooler gossip during tough economic times.
7. Sell yourself - While many in IT aren't accustomed to the spotlight, experts recommend high-tech workers learn how to sell their skills to the company.
8. Mentor others - Share your knowledge, career experts say. "IT people need to get out of the knowledge-hoarding mentality. They need to let people know what they know and share the knowledge and information willingly,"
9. Make yourself available - During the downturn, some groups in IT may not be as busy as others. IT pros in the groups that seem slow should be offering themselves up for projects in other departments.
10. Smile, be happy - Never underestimate the power of a positive attitude. Presenting a positive attitude, despite the challenges, will help managers – who are also taxed beyond their resources -- understand which employees are happy to be on the job.
While manual Microsoft Updates (MU) worked with on issues on my work PCs, issues were encountered with our more marginal XP family PC at home in trying to apply 14 items. After experiencing "x08" type abends, I then let MU run unattended in dial up mode and have almost completed the process. While automatic MU updates are a little slower they work well and the BITS transfer saves the prior position when you shutdown your system. On any abend, it's good to write down the exact message and search the Internet for solutions.
Below are a list of requirements to download this new guide to assist in planning for these rigorous e-commerce standards:
1. Requires Windows Live ID authentication
2. Microsoft Registration (already recorded from past downloads)
3. The 195KB document is in Word 2007 format (downloaded File Formatter Compatibility pack for Office 2003 - automatically prompted for this when attempting to open document)
Microsoft PCI/DSS Compliance Planning Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=d8320df1-d0d0-469f-a6fc-b53987bd74c2&displaylang=en
This may be the largest Patch Tuesday release ever according to ZDNET article below.
NO ISSUES SO FAR -- On my work PC, I had 16 total patches for Windows and Office (38mb). I have many additional Office products like Project, Visio, Front Page, etc. It took a while to install (maybe 45 min) and everything seems to work normally so far. Please wait patiently for this large release to download and install -- then reboot immediately as prompted so that changes will be properly applied to Windows registry.
Microsoft Security Updates - October 2009
http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx
ISC Patch Tuesday overview
http://isc.sans.org/diary.html?storyid=7345
Huge Patch Tuesday Update - October 2009
http://blogs.zdnet.com/security/?p=4585
QUOTE: Microsoft today released its largest ever batch of Patch Tuesday updates to fix a whopping 34 security holes in a wide range of widely deployed software products.
The latest patch batch covers critical vulnerabilities in software products that are bundled with Microsoft’s dominant Windows operating system (Internet Explorer and Windows Media Player) — and several known security problems (SMB v2 and FTP in IIS) for which functioning exploit code has already been publicly released.
The SMB v2 issue, which has been in the news over the last month, has been addressed with MS09-050, a critical bulletin that actually address three separate documented vulnerabilities.
MS09-050 protects against SMB exploit for Windows Vista
http://blogs.zdnet.com/security/?p=4350
The System Rescue CD site provides an extensive set of tools to aid Linux users or corporate Linux administrators in recovery efforts if the O/S environment becomes damaged. It includes an excellent set of documentation and user forums to submit questions.
Linux Rescue CD
http://www.sysresccd.org/Main_Page
QUOTE: SystemRescueCd is a Linux system rescue disk available as a bootable CD-ROM or USB stick for administrating or repairing your system and data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the partitions of the hard disk. It comes with a lot of linux software such as system tools (parted, partimage, fstools, ...) and basic tools (editors, midnight commander, network tools). It requires no installation since you just have to boot on the CD-ROM.
EXTENSIVE DOCUMENTATION
http://www.sysresccd.org/Online-Manual-EN
USER SUPPORT FORUMS
http://www.sysresccd.org/forums/
AVERT Labs is warning of a sophisticated botnet, discovered 2 weeks ago. Like Conficker, the internal command-and-control design is digitally encrypted to avoid discovery of the primary servers. Please keep all AV and software patches updated for the best levels of protection.
W32/Xpaj Botnet Growing Rapidly
http://www.avertlabs.com/research/blog/index.php/2009/10/06/w32xpaj-botnet-growing-rapidly/
QUOTE: Further analysis has revealed some interesting details about the malicious behavior of W32/Xpaj. The Virus is building a widespread “zombie” network, by taking control thousands of Internet-connected computers. The new botnet is in its infancy, although thousands of machines have been infected during last two weeks.
To prevent botnet hijacking, W32/Xpaj accepts only digitally signed payloads and commands. Malware authors use a cryptographic hash (MD5 algorithm) to validate the authenticity of any payload received from the control server). It employs the same techniques used by Srizbi and Conficker; that is, it uses randomly generated DNS names for backup control servers.
Botnets grow and evolve quickly. We measure them by the number of compromised computers under their control. However, proactive virus detection and following these simple recommendations will help prevent your computer from becoming a part of a botnet:
• Keep your anti-virus software up to date
• Apply all the latest security patches and keep your operating system up to date
• Set up a firewall to block unauthorized access while you are connected to the Internet
ADDITIONAL INFORMATION
http://www.avertlabs.com/research/blog/index.php/2009/09/21/w32xpaj-know-your-polymorphic-enemy/
The Department of Homeland Security is sponsoring their 6th annual promotion of security awareness with a theme that it's “Our Shared Responsibility”.
SECURITY = SEC - U - R - IT - Y ("You are it")
October - Cyber Security Awareness Month
http://www.dhs.gov/files/programs/gc_1158611596104.shtm
QUOTE: October marks the sixth annual National Cybersecurity Awareness Month sponsored by the Department of Homeland Security. The theme for National Cybersecurity Awareness Month 2009 is “Our Shared Responsibility” to reinforce the message that all computer users, not just industry and government, have a responsibility to practice good “cyber hygiene” and to protect themselves and their families at home, at work and at school.
More Posts
Next page »