October 2011 - Posts
Sunbelt security has issued a warning for the ChatSend application. It installs toolbars for all popular browsers and changes the user's home page. It then generates spammed messages extensively within Facebook. It is difficult to remove once installed and should be avoided if offered by any of your Facebook contacts.
Facebook - Avoid ChatSend application
http://sunbeltblog.blogspot.com/2011/10/little-too-chatty.html
QUOTE: There's a program called ChatSend currently doing the rounds on Facebook, and at time of writing just over 114,000 people have hit the "Like" button which no doubt means a high proportion of that tally have downloaded and installed it. The link directs to the Facebook page of ChatSend where one can readily download the app. Upon execution, it shows a GUI containing its Terms of Service and Privacy Policy. The pre-ticked boxes will install the toolbar in all browsers, set web search as default and change the homepage.
This SecuriTeam post debates some of the pros/cons of corporate security awareness. Some firms rely solely on technology controls while others have a robust user awareness program. Somewhere in the middle is a good balance as both technology and the user play an important role in safeguarding the company's information resources. I would personally vote "YES" having seen direct and measurable benefits from past security awareness campaigns
Corporate Security Awareness - It is worth the effort and cost?
http://blogs.securiteam.com/index.php/archives/1555
QUOTE: Is security awareness “worth it”? Is security awareness “cost effective”? Well, we’ve been spending quite a lot on security technologies (sometimes just piecemeal, unmanaged security technologies), and we haven’t got good security. Three arguments in favour of at least trying security awareness spending:
1) When you’ve got two areas of benefit, and you are reaching the limits of “diminishing returns” in one area, the place to put your further money is on the one you haven’t stressed.
2) Security awareness is mostly about risk management. Business management is mostly about risk management. Security awareness can give you advantages in more than just security.
3) Remember that the definition of insanity is trying the same thing over and over again, and expecting a different result.
Securiteam blogs has published an excellent security guide for hardening Microsoft's Hyper-V virtual environment
Windows 2008 R2 Hyper-V security Hardening Guide
http://blogs.securiteam.com/index.php/archives/1561
QUOTE: Virtual Machine Servicing Tool 3.0 helps to update offline virtual machines, templates, and virtual hard disks with the latest operating system and application patches. Authorization Manager provides a flexible framework for integrating role-based access control into applications. It enables administrators who use those applications to provide access through assigned user roles that relate to job functions.
Please be careful with email, weblinks and Facebook as malicious threats are circulating. Several security firms are warning of online dangers:
Halloween 2011 - More online Tricks are circulating than treats
http://blog.trendmicro.com/tricks-and-threats-infographic/
http://blog.eset.com/2011/10/27/scary-halloween-cyber-pranks
http://nakedsecurity.sophos.com/2011/10/31/halloween-kill-some-zombies/
QUOTE: Halloween is fast approaching and it’s that time of the year when scaring people is the most popular form of entertainment. However, not all spooks this season may end up in good-natured merriment. Cybercriminals may take this opportunity to scare users with their tricks, which include spammed messages, poisoned search results, spammed tweets with dubious links and Facebook clickjacking attacks. If not wary of these schemes, users may end up becoming victims of information theft, system infection, and even financial loss.
Below are key security resources for VMware found during recent research:
VMware - Security Blog
http://blogs.vmware.com/security/
VMware - Security Center
http://www.vmware.com/technical-resources/security/index.html
QUOTE: VMware offers secure and robust virtualization solutions for virtual data centers and cloud infrastructures, and has both the technology and the processes to ensure that this high standard is maintained in all current and future products. VMware virtualization gives you:
- Secure architecture and design: Based on its streamlined and purpose-built architecture, vSphere is considered by experts to be the most secure virtualization platform.
- Third-party validation of security standards: VMware has validated the security of our software against standards set by Common Criteria, NIST and other organizations.
- Proven technology: More than 250,000 customers—including all of the Fortune 100 as well as military and government installations—trust VMware to virtualize their mission-critical applications.
A new mobile malware threat has surfaced and disguises itself as a legitimate software offering from Opera. It is important to carefully check the authenticity of any software apps installed F-Secure Trojan:SymbOS/OpFake.A http://www.f-secure.com/weblog...
Please always be careful of email message links or attachments that may be used to infect your system
Trend Labs - Video of Gadhafi’s Death Being Used for Spam
http://blog.trendmicro.com/video-of-gadhafis-death-being-used-for-spam/
QUOTE: We’ve been seeing a particular social engineering lure in spam runs in the past, where spammers leverage the death of a known celebrity or political figure. Recent examples of this include the death of Steve Jobs, and Amy Winehouse. In this spam run using Gadhafi’s death, however, a more compelling lure is being used to trick users into downloading malicious files. We found several spammed messages that claim to lead to videos of Gadhafi’s death. It is important to note that videos of Gadhafi’s death do exist, and legitimate news sites like Reuters and The Washington Post tell of the graphic content in the video and even host the said videos on their websites. This existence of real videos of Gadhafi’s death relatively makes it a more compelling lure.
Major news events are often crafted into spam or malicious attacks as noted below:
Spam attack promotes false Charity Fund for Steve Jobs
http://blog.trendmicro.com/spammers-promote-steve-jobs-bogus-charity-fund/
QUOTE: Even after a few weeks following Steve Jobs’ death, spammers are still taking advantage of his demise. We have previously reported about this in the following blog entries:
This time, we received sample spammed messages promoting a supposed charity fund for young and gifted programmers and Web coders in honor of the late Apple co-founder.
This recent discovery by researchers could benefit future operating systems and security protection products in future
PC Magazine - New Technique Detects Hidden Exploits
http://securitywatch.pcmag.com/malware/289607-new-technique-detects-hidden-exploits
QUOTE: Modern operating systems don't make life easy for malware coders. Features like Data Execution Prevention and non-executable memory pages ruin schemes that involve injecting malicious code disguised as data. Modern malefactors have turned to a technique called Return-Oriented Programming (ROP) to get around these restrictions. However, researchers Michalis Polychronakis and Angelos D. Keromytis from Columbia University have invented a way to detect this sneaky technique.
Instead of trying to inject malicious code into the system, the malware writers find the CPU instructions they want in existing processes, typically always-loaded Windows processes. They slip in a list that contains the in-memory addresses of these code chunks, called "gadgets". By forcing execution of the gadgets in a specific order, they build an exploit without ever placing executable code on the system.
This article documents some of the key new features designed into Android version 4.0:
Android 4.0 - Five Features for new mobile O/S
http://www.zdnet.com/blog/open-source/android-40s-five-best-new-features-for-users/9781
QUOTE: Android 4.0, Ice Cream Sandwich (ICS), is perhaps the most important Android release to date. With this release, Google has brought its tablet Android fork, 3.x, back into sync with its smartphone trunk, 2.x. In addition, all of ICS will soon, as I understand it, be made open source. What that means for you is that independent software vendors (ISV)s can stop wasting time in developing two different versions of programs and focus their energies on making the best possible Android applications. Since, at the end of the day, the success of any operating system is all about its applications, this bodes well for Android. Key categories of improvement include:
1) Better, more universal, interface
2) Better applications.
3) Speech transcription.
4) Better and faster Web browsing
5) Data use monitoring
Put it all together and what do you get? I think you get not just the best Android ever, I think you get the best mobile operating system of them all to date.
Ed Bott's review provides an excellent detailed assessment of the preview version of Windows 8,
A deeper dive into Windows 8: can Microsoft's big bet pay off?
http://www.zdnet.com/blog/bott/a-deeper-dive-into-windows-8-can-microsofts-big-bet-pay-off/4118
QUOTE: There’s no question that this is a thoughtfully designed, thoroughly engineered release. If you had any doubts, just read through the Building Windows 8 blog, where Windows boss Steven Sinofsky and a parade of program managers have published one epic post after another explaining the history, evolution, and design philosophy that went into every new feature in Windows 8. This deeper dive is divided into four parts:
Page 2: The misunderstood Start screen
No, it’s not the “Metro shell.” It’s a full-screen replacement for the familiar Start menu. Brilliant idea or a bridge too far?
Page 3: What’s next for the Windows desktop?
There are virtually no “immersive,” Metro style apps for the Windows Developer Preview, which means anyone testing this pre-release is going to spend time in an environment that looks an awful lot like Windows 7. So what’s new? And what can we expect to change?
Page 4: To touch or not to touch?
This is the one complaint I’ve heard above all others. Do people really want touchscreens? Will they use them? I share my personal experience with three touch-enabled form factors.
Page 5: Security and reliability - Yeah, I know. Microsoft claims every version of Windows is more secure than the previous one. Windows 8 is no exception, but it pushes some boundaries with new features that have already inspired controversy.
The recent Government Computer News group shared a good write up on the changes associated with the new Metro UI and several more detailed informational links are included from the "Building Windows 8 blog"
Windows 8 - New Metro UI and start screen
http://gcn.com/articles/2011/10/14/ecg-microsoft-explains-windows-8-metro.aspx
http://blogs.msdn.com/b/b8/archive/2011/10/04/designing-the-start-screen.aspx
http://blogs.msdn.com/b/b8/archive/2011/10/03/evolving-the-start-menu.aspx
http://blogs.msdn.com/b/b8/archive/2011/10/11/reflecting-on-your-comments-on-the-start-screen.aspx
QUOTE: Microsoft went a step further than that with the Windows 8 design and laid all of the programs out in a single view on the Start Screen, dropping the taskbar altogether from the Metro UI. That layout, in Microsoft's view, represents "the evolution of the Start menu." In this case, "evolution" means a collection of square and rectangular colored tiles, representing programs, all sitting right on the desktop screen.
Next, Alice Steinglass, group program manager for the core experience evolved team, took up the cause of explaining the Start Screen's design in Windows 8. Her main point is that the Windows 8 Start Screen functions as a sort of "dashboard that helps you stay up to date and connected in a high quality experience substantially improved over the notification tray." The notification tray on the taskbar was simply dropped in the Metro UI because it just added clutter to the desktop. Similarly, Microsoft dropped the folder approach in the start menu because "folders are a way of burying things, not organizing them."
This is an informative and excellent resource to track developments for Windows 8
MSDN - Building Windows 8 BLOG
http://blogs.msdn.com/b/b8/
Duqu is a sophisticated new threat which appears to have been written by the same group who authored Stuxnet (one of the most advanced malware attacks developed to date)
W32.Duqu - Advanced malware threat modeled after Stuxnet
http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%e2%80%93-further-tales-of-the-stuxnet-files
QUOTE: Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.
Duqu uses HTTP and HTTPS to communicate with a command-and-control (C&C) server that at the time of writing is still operational. The attackers were able to download additional executables through the C&C server, including an infostealer that can perform actions such as enumerating the network, recording keystrokes, and gathering system information. The information is logged to a lightly encrypted and compressed local file, which then must be exfiltrated out.
Privacy invokes the protection of sensitive information as it flows throughout an organization. F-Secure has an interesting article related to the psychology of this process. Users may think that information has no real cost, while corporations may setup elaborate controls on the fiscal side:
F-Secure: Privacy is a way of managing information flow
http://www.f-secure.com/weblog/archives/00002254.html
QUOTE: Why are people so willing to give away their personal information to complete strangers? It's because humans want to share information. And in fact, they share information a lot more freely than other "things" such as goods and services. Which of these are you most likely to provide without thinking much about it?
• To give a stranger directions to the bus stop (information).
• To take a stranger to the bus stop (service).
• To give a stranger bus fare (goods).
If you're like most people, you'll freely give directions, but you'll resist giving away your money. "Managing our privacy" isn't a natural act. What maintained our privacy in the past was that it was generally inconvenient to spy on people. Platforms such as Facebook present a new unique problem and new solutions (filters) are needed, rather than to re-tool old existing filters.
Several informative links are noted in this summary
Trend Labs - Highlights from Virus Bulletin 2011 Barcelona
http://blog.trendmicro.com/highlights-from-vb-2011-barcelona/
QUOTE: This year, we had the privilege of attending the 21st Virus Bulletin International Conference in Barcelona, Spain. Researchers from Trend Micro presented three topics in the corporate stream and one topic in the technical stream.
Ethan YX Chen covered file-fraction reputation for the technical stream on day 1.
For the corporate steam on day 2, Max Goncharov presented on traffic direction systems as malware distribution tools
David Sancho and Rainer Link talked about the lessons they learned while sinkholing botnets.
Trend Micro global director of education David Perry talked about the missing metrics of malware.
The presentation entitled, “An OpenBTS GSM Replication Jail for Mobile Malware,” by Axelle Apvrille discussed the challenges security researchers faced when analyzing mobile threats.
The presentation about fraud malware analysis showed us that FAKEAV/fake tools have been around for some time now and will probably be there for even longer because of their capability to adapt to changes in the computing landscape.
In his presentation, Tim Ebringer of Microsoft brought out the issue regarding difficulties with finding other malware samples related to one particular file.
GNC - Lists Ten of scariest computer viruses of all time
There are many additional ones that could be added to the list including some of these in my own top ten: Conficker, Sasser, CIH, Blaster, Nimda, SQL-Slammer, Klez, SoBig, Netsky, AntiExe, etc
GCN LAB IMPRESSIONS - The 10 scariest computer viruses of all time
http://gcn.com/articles/2011/10/14/10-scariest-computer-viruses-of-all-time.aspx
QUOTE: The dreary winter months are approaching, and little ghosts and goblins are starting to crawl from their haunts. With the spooky Halloween season about to get into full swing, we thought we might help get into the mood with a look at the 10 most frightening viruses of all time. Hide your hard drives, lock up your files and make sure your AV shields are at maximum power as we enter…the dark realm of computer programs gone bad.
10. Virus infecting U.S. fleet of combat drones
9. Creeper wasn’t actually all that malignant, and it only affected TENEX operating systems in the 1970s.
8. Suddenly, in 2007, Stoned.Angelina came back to infect more than 100,000 PCs running the new operating system.
7. Stuxnet - cripple the Iranian nuclear program.
6. Anna Kournikova virus in 2001
5. Back Orifice is not really a virus per se, but gives remote access privileges to someone at another computer
4. Christmas Tree EXEC program paralyzed a lot of internal networks in 1987
3. Code Red virus was one of the first to successfully target Web servers running IIS in 2001
2. Melissa virus of 1999
1. I Love You virus, which racked up an impressive kill tally of tens of millions of computers in the year 2000.
TOP TEN EMAIL viruses of all time from 2004
http://msmvps.com/blogs/harrywaldron/archive/2004/07/20/10421.aspx
Below is another attack that is circulating which should be avoided by Facebook users. It even offers prizes and as noted in the past, "there are no free lunches on the Internet"
Facebook - Avoid McDonalds Happy 44th Birthday link
http://sunbeltblog.blogspot.com/2011/10/mcdonalds-facebook-scam-happy-birthday.html
QUOTE: I'm sure a McDonald's themed Facebook scam seemed like a good idea to somebody at the time, but wow is this one all over the place. It's your typical "Click here to Like", "Post a spam comment saying how good this is" then "do one of these offers" affair. "Happy 44th birthday to Donald", they say. Except his name is Ronald and he was created in 1963, which means he's actually 48. However, things quickly become confusing at this point. This scam targets Facebook users in India, yet as far as I can tell he's called Ronald there.
The new email scam is circulating and it is intended to deceive users into clicking on a non-Facebook link that could potentially be malicious
Facebook email scam - You have three lost messages
http://sunbeltblog.blogspot.com/2011/10/you-lost-your-facebook-messages.html
QUOTE: Or, to put it another way, you didn't. However, spam mail doing the rounds wants you to think otherwise. "You have three lost messages on Facebook, to recover the messages please follow the link below." The links just go to the usual advert / viagra junk. What's kind of funny here is that an older version of this campaign claimed you were missing one message. Obviously the spammers decided to up the ante so now you have a whole three messages lost to the void.
Trend Labs shares some informative links related to malicious new SPAM attacks
BlackHole Exploit Kit - Used in new SPAM and Exploit attacks
http://blog.trendmicro.com/a-refresher-on-spam-and-exploits/#more-37481
QUOTE: Lately, we have been seeing a renewed increase in the volume of spam attacks that utilize an exploit kit, specifically the BlackHole Exploit Kit to trigger a malicious payload. We have seen this in the latest slew of Automated Clearing House (ACH) spam attacks and the more recent spam run related to Steve Jobs’s death.
In a typical spam campaign that involves malware, cybercriminals lure users through social engineering to perform several actions before the intended payload gets executed. For example, a user needs to download, extract, and execute a supposedly “benign” file for a spam attack to succeed. Spam campaigns that use exploit kits, however, are a bit more dangerous since these only need to lure the users into clicking a malicious link for the rest of the infection to take place.
In-Depth look at SPAM in today's business world
http://us.trendmicro.com/imperia/md/content/us/pdf/trendwatch/spam_trends_in_today_s_business_world.pdf
More Posts
Next page »