Monday, January 31, 2011

Security White Papers

Information Security Resources

Here are some new security white papers I'd like to share with you - I hope you'll enjoy them.

7 Shortcuts to Losing Your Data (and Probably Your Job)

This tongue in cheek white paper explores data loss from a contrarian point of view - exploring the top 7 shortcuts you can take to ensure that you lose your data.

Download PDF:

Top Eight Identity & Access Management Challenges with SaaS Applications

This white paper presents the eight biggest identity and access management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them.

Download PDF:

The Silent Danger of Clever Malware

This paper discusses the history and progression of the modern Trojan attack. It explores the methodology used by hackers in selecting a target and developing a compelling attack and cites several examples of some successful targeted Trojans.

Download PDF:

Vulnerability Management - Assess, Prioritize, Remediate, Repeat

This report provides insights into Best-in-Class practices for assessing vulnerabilities and threats to IT infrastructure, prioritizing fixes based on the business value of resources and acceptable levels of risk, and remediating through the efficient deployment of patches, configuration changes, and other compensating controls.

Download PDF:

Sunday, January 23, 2011

Attacks on Critical Infrastructure by Rogue and Competitive Nations

Stuxnet – marking the beginning in Cyberwar of zero-day malware targeting physical systems

While most new threats are geared towards financial gain, in June 2010, we witnessed what is considered to be the first major attack designed to harm physical systems. This malware was designed to go after Supervisory Control and Data Acquisition (SCADA) systems. SCADA systems are designed to control and monitor various processes within industrial systems. The Windows-specific worm used various zero-day attacks to target Siemens’s WinCC/PCS 7 SCADA software. It then spread via infected USB flash drives then used other exploits to go after network-based WinCC computers.

After getting inside the system, it used default passwords to command the software. What made Stuxnet so different than the other attacks during 2010 was the level of sophistication, the fact that it specifically targeted critical infrastructure, in particular, that used in controlling Nuclear power plants or Nuclear research facilities, and the geo-specific location of the target – that being facilities in Iran. Also of interest, Stuxnet surfaced in other countries without causing any known harm. Even if it never takes a system down, it did its job – folks in Iran are most likely questioning the safety of all of their SCADA equipment, most likely believing the systems have been compromised, whether or not they actually know how far the zero-day worm travelled into their country or their Nuclear facilities.

Without strong Host-based Intrusion Prevention (HIPS) in conjunction with Network Access Control (NAC), these upgraded SCADA systems, now with TCP/IP touch points, will become a major target. Most of the new malware targeting these systems will not be easily discovered by traditional UTM firewalls, Intrusion Prevention Systems (IPS) or Anti-virus Systems (AVS). It’s going to take a heuristic, real-time analysis – looking for oddities in network traffic communication requests from potentially compromised hosts. Also, by removing most Common Vulnerabilities and Exposures (CVEs), the risk of these infections will be reduced but not completely mitigated due to the surgical precision of new malware targeting these systems. It seems that nearly an unlimited amount of malware intelligence research and development went into the Stuxnet worm – there will be much more targeting Critical infrastructure in the very near future.

In recent years, Railroad executives claimed that they’ve become IT managers. With a few bits flipped, a train can be moved from one track to another and would potentially collide with another train, causing massive casualties, if it weren’t for new software written specifically for these archaic systems, to ward off a collision through automated collision avoidance detection. It’s simple software tweaks like these that can make the difference between life and death in Critical infrastructure.

Recently a teenage hacker who didn’t think of himself as a cyberterrorist was playing around with good old fashioned war-dialing software – he found a modem pool at an airport and was able to login to the computer that turned the airport lights on and off. He turned them off during the night when planes were landing. Good thing the pilots could key their microphone on a certain frequency and get the lights back on just in time to land safely. Expect the innovations in this area to outpace traditional countermeasures.

IT / SCADA practitioners in Critical infrastructure need to protect their networks in the most vigilant methods available with the best of breed technologies where worrying about budgets or brand names are of no use. Most managers in IT usually say I will never get fired for buying XYZ corp’s products (pick one – Cisco, IBM, Microsoft, etc.) but the reality is that these systems are under more scrutiny and attack by cyberterrorists now more than ever. Their vulnerabilities are published monthly in the National Vulnerability Database. To think systems by big brand name vendors will protect critical infrastructure is an absolute fallacy. It’s time to look at high-level policies, procedures, strategies and lesser known more innovative products and technologies that won’t telegraph easily to these bad guys– making it even harder for them to successfully break in and cause critical damage where it hurts the most.

Friday, January 21, 2011

Twitter Worm redirects to fake anti-virus

SCAREWARE - warning message claims the computer is running suspicious applications and the user is encouraged to run a scan

A fast-moving Twitter worm is in circulation, using Google’s redirection service to push unsuspecting users to a notorious scareware (fake anti-virus) malware campaign.

At 8:45 a.m EST today, this Twitter search shows thousands of Twitter messages continuing to spread the worm.

According to malware hunters tracking the threat, the worm’s redirection chain pushes users to a Web page serving up the “Security Shield” Rogue AV. The page is using obfuscation techniques that include an implementation of RSA cryptography in JavaScript to obfuscate the page code.

Once a user’s browser session is redirected to the malicious site, a warning message claims the computer is running suspicious applications and the user is encouraged to run a scan. As usual, the result is that the machine is infected with malicious threats and the scam is to trick the user into downloading a fake disinfection tool.

Source: ZDNet News

Wednesday, January 19, 2011

Beware of Trojans, Malware and Attacks Via Mobile

Top 9 Security Threats of 2011

Mobile banking and social networks are expected to pose new security threats in the payments space in 2011. But security experts say those threats won't displace the Zeus botnet, malware attacks and phishing threats, which for years have plagued banking institutions. Fraud attempts will escalate, not diminish, as new threats and channels blossom in 2011.

The top 9 threats of 2011 include:

Mobile Banking Risks

Mobile phones used for banking are on the rise, but mobile security is proving increasingly challenging for banks and credit unions, as controls put in place to protect traditional online banking do not translate well when applied to mobile.

Until recently, functionality for mobile banking was fairly limited. But as mobile application robustness has increased, so, too, have security risks. Mobile malware is an emerging threat, and Zeus attacks, such as Mitmo, aimed at mobile, have already been identified.

RSA security researcher Rivner slightly disagrees. "Mobile banking apps will not be a primary target for fraudsters," he says. Instead, he believes mobile browsing will be more targeted in the coming year, since most mobile users continue to use their online banking sites to conduct banking functions.

For more on the topic, see: Emerging Payments Options Open Doors for Mobile.

Social Networks and Web 2.0

The connection between mobile phones and social media is growing, with Twitter and Facebook apps offered for mobile users. Institutions embracing mobile also are embracing social networking. With more banks on social networks, expect to see more fake sites using social networks, like Twitter and Facebook, to try and trick people into giving up vital personal information, including banking login credentials and Social Security numbers.

But external threats aren't the only risks. Social networking sites are also a venue for an institution's own employees to intentionally or inadvertently expose sensitive information. To mitigate internal risks of data leakage, it's important for organizations to spell out social networking policies to employees. They must know when and how to use social networks in the course of their jobs, as well as what information is/is not appropriate to share.

For more on the topic, see: How to Write a Social Media Policy.

Malware, Botnets and DDoS Attacks

Distributed denial-of-service, or DDoS, attacks, as seen in the wake of the recent WikiLeaks incidents, are likely to increase. In fact, the WikiLeaks-inspired attacks against leading e-commerce sites have fueled interest among fraudsters. Botnet operators now see opportunity for additional income.

Even with the takedown of the Mariposa Botnet earlier this year, banking institutions are expected to face growing challenges in the fight against DDos attacks.

Attacks are also getting more sophisticated. The No. 1 banking-credential-stealing Trojan, Zeus, is used by hundreds of criminal organizations around the world, so "add-ons" are prevalent. This year alone, Zeus has been linked to some $100 million in financial losses worldwide, according to the Federal Bureau of Investigation. Zeus' anonymous programmer, who launched the Trojan in 2007, is likely to come out with a new and improved Zeus variety in 2011. There is a good chance that he will soon emerge with even more powerful ways to steal.

For more on the topic, see: New, Improved Trojans Target Banks.


Sophistication in phishing, smishing and vishing attacks also is increasing. Fraudsters now create very polished messaging that targets everything from bank accounts to Amazon accounts. In fact, respondents to the recent Faces of Fraud survey say phishing/vishing attacks rank No. 3 among fraud threats.

To fight these incidents, inroads in consumer education have been made, but the social engineering techniques that have made phishing a success are now trickling down to land-line and mobile phones. Phishing will be used as a general purpose tool that leverages a recognized brand, but doesn't try to attack them directly. Nonetheless, the damage to the brand's reputation (in the eyes of the victimized consumers) could be costly.

For more on the topic, see: Phishing Attacks on the Rise.

ACH Fraud: Corporate Account Takeover

In 2010, ACH fraud resulting in corporate account takeovers saw a dramatic increase and made for some of the year's most compelling reading. We witnessed banks suing customers and customers suing banks over the responsibility for fraud incidents and losses.

In 2011, commercial banking attacks are expected to rise, experts say, especially as man-in-middle or man-in-the-browser, also known as MitB, schemes increase.

MitB attacks targeting two-factor authentication intensified in 2010, requiring commercial banks to deploy additional lines of defense, such as out-of-band authentication, desktop hardening and anti-Trojan services. As the MitB attacks get easier, less sophisticated criminals are expected to target consumer accounts, too, despite smaller returns.

For more on the topic, see: ACH Fraud: 1 Year Later.

Cloud Computing

Cloud computing is touted for its ability to curb fraud, but fraudsters are working overtime to create new threats in what Rivner calls "the Dark Cloud." He predicts fraudsters will hone their ability to exploit new and yet-unknown cloud vulnerabilities. Rivner says institutions can expect in 2011 to see cloud-targeted Trojans, like Qakbot, that focus on a geographic region and/or specific banking sectors.

Cloud computing, in particular, is thought to be failsafe. People sometimes think there is no hardware involved ... and, as a result, it will never fail. So it's one thing to keep in mind: Cloud computing is not limitless. Every cloud has its own boundaries.

Inside Attacks

Malicious attacks or hacks are often launched inside an organization by a disgruntled employee. But the inside threat also may be posed by an outside person who uses false credentials to pose as an insider to illegally gain access to internal servers and systems.

The problem: companies and financial institutions have not properly limited access to databases and files that contain sensitive information.

WikiLeaks serves as a prime example of how insider threats can pose significant security risks. The controversy brewed when an Army private allegedly accessed and downloaded classified information that he later sent to WikiLeaks. Though the private had some security clearance, he did not necessarily have authorization to access and download the classified files he leaked.

It's often all too easy for employees to illegally grab sensitive information. "It's the little things that lead to most internal compromises, like walking away from your desk and not locking your screen. Internal fraud is still one of the biggest issues in financial services, especially since the embezzlement of funds and the compromise of consumer financial information is so tempting.

As RSA's Rivner points out, the challenges posed by outsiders are just as alarming, since many take aim at government and bank employees. Noting Operation Aurora as an example, Rivner says insiders can unknowingly pose threats, especially when they are targeted by sophisticated hackers.

For more on the topic, see: Most Breaches Caused by Crime Gangs.

First-Party Fraud

First-party fraud continues to pose security challenges. Also known as "advances fraud," "bust out fraud," "application fraud," "friendly fraud" and "sleeper fraud," first-party crime typically involves a customer applying for and accepting credit with no intention of repayment.

First-party fraud applicants can use synthetic identification or misrepresent their real identities.
The British Bankers Association estimates between 10 percent and 15 percent of bad debt losses may result from first-party fraud. Specialized criminal gangs now target financial institutions with counterfeit identification and advanced knowledge of lending practices. Once an identity is established, the fraudster builds credit and applies for multiple financial products.

For more on the topic, see: 'Watch the Lower Lip!' - Using Facial Expressions to Detect Fraud.


In 2010, card skimming of all types took off, including traditional ATM skimming and new incidents at merchant point-of-sale systems and self-service gasoline pumps. Even though skimming incidents are localized, they represent a growing problem. The advent of ATM "blitz" or "flash" attacks reveals growing sophistication and coordination among counterfeit-card operations. Blitz or flash attacks involve the simultaneous withdrawal of funds from multiple ATMs in different locations, sometimes scattered throughout the world.

Flash attacks will pose increasing challenges, since they "fly under the radar" of most fraud-detection systems. Banks can stop it if they can figure out the point of compromise, but many have a hard time doing that with current fraud-detection solutions.

Fraudsters throughout the world rely more on wireless communications to transmit skimmed card data. Improving awareness is important and the PCI PED standard is addressing some of the global card skimming trends we are seeing.

Stronger cardholder authentication through contactless radio-frequency identification payments or contact chip technology such as EMV could address some of these emerging fraud concerns. Anything beyond better authentication would involve changing the whole infrastructure.

Tuesday, January 18, 2011

Open WiFi and Firesheep

Hijack Facebook Using Firesheep

What’s new about Firesheep isn’t the exploit – HTTP session hijacking has been well known for years – it’s that Firesheep is a simple Firefox plug-in that is available to anyone and requires no technical expertise to utilize. In other words it allows anyone with Firefox and Firesheep to be a hacker. No experience required.

What’s the problem with unsecured WiFi?

If you connect to the internet at unsecured WiFi hotspots, like say your favorite coffee shop or book store, then you have always been at risk of the vulnerability exploited by Firesheep. So what exactly is this vulnerability?

This exploit is commonly referred to as HTTP session hijacking or side-jacking and, it’s been known and used by bad guys for a very long time. Up until now it required some modicum of expertise on the part of the hacker to accomplish a side-jacking attack. The attacker had to use a packet sniffer to capture all those packets flying around, decode the packets to find session cookies in the clear and then create spoofed session cookie responses to join your session. For experienced hackers this wasn’t terribly challenging since they usually had software that would automate the process.

Firesheep was developed for the express purpose of exposing the HTTP session hijacking problem to everybody on the internet, ostensibly to force sites like Facebook to quit making it so easy. This Firefox plugin is named for the notorious Blackhat Wall of Sheep where clueless, unsuspecting users’ unprotected private information is intercepted and displayed very publicly. If you are foolish enough to attend the Blackhat conference in Las Vegas without seriously locking down your communications you will end up on the Wall of Sheep where you will be mocked and worse by other participants.

Firesheep automates side-jacking attacks in a very simple way by building it all right in to your Firefox browser. Facebook advised checking their new Account Security Page, which gives you a history of sign-ins by IP address thereby letting you know if there are two IPs currently signed-in from the same access point.

Anti-Firesheep tools like Fireshepherd were released. Written by Gunnar Atli Sigurdsson, an electrical engineering student at the University of Iceland, Fireshepherd periodically jams the local wireless network with a string of junk characters intended to crash Firesheep when the snooping program reads them.

How can websites keep you secure over unsecured WiFi?

The vulnerability that is exploited by side-jacking has been well understood for years, so too has the solution / mitigation. Consequently your bank has been using this more secure mechanism for most of those years.

On Internet banking websites, an HTTP over SSL (HTTPS) connection is established before you send your credentials to the your bank’s web site. But note that after your credentials are validated, the secure HTTPS connection is maintained for the entire session. In other words once you establish that secure encrypted channel with your bank, everything for the entire session is protected. I know what you’re thinking now:

Why doesn’t Facebook, Twitter and Flickr do their sessions like this? Clearly they have the SSL capability because they use it for the logging in part of the session. It turns out that Eric Butler, the developer of Firesheep, was motivated by exactly these questions. Quoting from the announcement on his blog:

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL.

There are several reasons that websites don’t use strictly HTTPS sessions. First, they want their sites to be accessible to the largest possible audience, including users of older mobile devices that may not support HTTPS connections. Second, there is a lot more overhead involved on both ends when everything is encrypted. Those are the main reasons, but I don’t mean to imply that they good reasons. The first reason may have been valid five years ago, but smart phones and other portable devices have come a long way in that time. The second reason may have been valid before broadband internet connections were ubiquitous, but certainly no one in a WiFi hotspot is connecting via a modem at 28K. Besides, it would be easy to keep the legacy mode connection for those few users who actually have old smart phones or dial-up connections. As always, the real reason is financial.

They would have to develop and roll out changes to not only the web servers but to all of those slick little apps that everybody is using. Remember the problems that Microsoft encountered when making Hotmail use fulltime HTTPS that were mentioned earlier.

What can you do to be secure over unsecured WiFi?

So while popular websites like Facebook are trying figure out how they can fix this problem with the smallest amount of effort, what can you and I do if we want to mess around on Facebook while enjoying a latte at our favorite coffee shop? There are several approaches you can take but the goal is to create a secure connection between your web browser and the insecure website. The best way to do this is to connect to a secure Virtual Private Network (VPN) and once that secure connection is established, surf wherever you like since the last hop on the journey to and from your web browser will be secure. This is great if you have access to a VPN like most road warriors use to connect to the office. Problem with that is that most businesses take a dim view of using VPN bandwidth and company resources to play around on Facebook.

You could install a VPN at home, but that is not an exercise for the fainthearted. There are some subscription based VPN services such as Hide My Ass (HMA vpn/) that will provide a VPN to anyone for a fee. It’s not terribly expensive (1 month for around $12 US or a year for around $80 US) and is certainly easier than setting up your own VPN and way cheaper than getting fired for misusing the company VPN.

Finally there are browser add-ons that attempt to force HTTPS connections to sites that don’t offer them, like say Facebook, Twitter or Flickr. Unfortunately there are many websites where these just won’t work. Furthermore most of these add-ons are implemented as intrusive toolbars and egregious ad-ware.

Sunday, January 16, 2011

Hire a Hacker?

Russian Hackers are offering Collection of Advanced Hacking Guide & Tools

I came across a website "". I was not surprised to read that they are offering a service to "Hire a Hacker". On their website I found:

"Russia Hackers is pleased to announce RH2.5 KIt ver 2011 that users can use to Hack & secure computer systems by knowing exactly how a hacker would break into it."

Collection of Advanced Hacking Guide & Tools.

PDF Guide:

1. Advanced Hacking Guide with Metasploit

2. Malware Development (RATS, botnets, Rootkits)

3. Convert exe into PDF, XLS, DOC, JPG

4. Exploit development guide

5. Tech Tricks (Spoofing-Sms,email,call)

6. Download any Apple Apps Free of cost

7. Credit Card HAcking
8. Netbanking Hacking-bypass Virtual KEyboard

9. Spreading guide to Infect 100K/Victims per day

10. Advanced Email Hacking Tricks

11. SET(Social Engineering Toolkit) module
12. Links for other russian hacking sites

Cost: 100 USD

If you are not interested in reading or learning about the hacking, you can directly buy their hacking services, details are given below:

{Value more than 1500 USD}

1. Polomorphic Crypter's (to make Files undetectable-bypass all AV Scantime,runtime)

2. Java Driveby FUD (deploy your exe by URL on target)

3. Immunity Canvas (Hack remote pc with IP address)
4. Paid Botnets (Spyeye,etc)

5. IRC Bots(Ganga, niger,etc)
6. Yahoo messenger zeroday exploit (run exe on target yahoo messenger ID without any alaert)

7. Ice pack Enterprise (execute exe using php script)

8. Bleeding_Life_V2_pack /

Other Packs

1. One Linux Based VPS with Root access for Lab Setup (Safe & Secure)

2. VPN Double + Triple Encrypted (Hide your real Ip Address)

3. Fake Emailer with attachment

4. Email Bomber (Send 1 million emails into Inbox)

5. DDOS Attacks Shells

tools+services :
250 USD

Futhermore I also found the following on their website:

"We sell latest zero day exploits (doc, xls, PDF FUD), Java driveby, browser packs, remote pen testing tools, VPN, VPS, Bots, etc.."

The above details are self-explanatory. You can imagine why security is so important for your corporate or home environment. Your enemies, competitor or anyone who doesn't want you to be in the business or want to take revenge can do nasty things with your environment. In worse case scenario, they might not do themselves because they can "Hire a Hacker".

Saturday, January 15, 2011

A Beginners Guide to Ethical Hacking

Learn how to hack and defend attacks

A Beginners Guide to Ethical Hacking is a great resource for people interested in ethical (White Hat) hacking. It is targeted at "beginners”, but some "intermediate” users may find value in this book as well.

This book defines the ethical boundaries of hackers – what the cognoscenti considers too far. It also gives the explanation on realm of programming and how code-writing can be leveraged to achieve the readers’ goals.

The author has given detailed illustration and explanation on hacking and cracking of passwords, Microsoft Windows OS, Wi-Fi, web applications, malware and viruses.

This book will helps you to learn the both hacking and defensive side of information security.By providing a good balance of both offense and defense, the reader is presented with the tools needed to make accurate and educated decisions regarding not only ethical hacking, but also how to properly secure themselves when doing business online.

Cost: $20

Friday, January 14, 2011

Google Sandboxes Flash Player

Chrome's 'dev' build for Windows now blocks Flash attack code from infecting PCs

Google has introduced a sandbox version of Adobe’s Flash Player in order to protect users from Flashbased attacks. According to tech news site Computer World, Google has been working with Adobe to transfer Flash Player to the sandbox that comes with Google’s Chrome web user. Users, especially those with PCs running Windows XP OS, have been facing a number of security threats through holes found in Adobe’s Flash Player. The move is set to help protect them from potential attacks exploiting those vulnerabilities by containing the platform in a sandbox and not on the system.

The Windows version of the Chrome web browser with the sandboxed Flash Player is already available for developers, with the public version in the works as well. Peleus Uhley, Adobe’s platform security strategist, said in a statement: The interfaces to open-source browsers are completely different from, say, Internet Explorer, and we had to restructure Flash Player to put it in a sandbox

Thursday, January 13, 2011

Windows UAC Malware Threat

The exploit allows an attacker to impersonate the system account

A new zero-day attack against Windows, capable of bypassing the User Access Control (UAC) protections introduced in Windows Vista and designed to prevent malware from gaining administrative access without user authorisation, has been discovered in the wild.

The proof-of-concept implementation of the infection technique, known as Troj/EUDPoC-A, was posted to a Chinese educational forum before being discovered by anti-virus researchers from various security firms.

Chester Weisniewski, of anti-virus vendor Sophos, warns that the technique used by the Trojan enables an attacker to impersonate the system account, which has nearly unlimited access to all components of the Windows system, and does so without triggering the User Access Control protections introduced by Microsoft to prevent exactly that occurring. The flaw currently exists in all versions of Windows.

Pls ensure your system is up to date with latest patches and your anti-virus with latest virus definitions.

Gangsters hiring hackers to make “cyber attacks”

Korean DDoS arrests - be warned, you can be caught

A group of gangsters have been caught hiring hackers to make “cyber attacks” to shut down rival gambling websites. The Korean Times reports the arrest of a pair of hackers over the weekend on DDoS charges. According to prosecutors, the pair, Lee and Park, operated a gambling website on behalf of a crime gang. In an effort to boost traffic to their own site, they used a 50,000-strong botnet to overload 109 rival sites during November and December 2010.

A botnet, of course, is a collection of malware-infected computers (often called "zombies") which can remotely be instructed to initiate network-related activity. Sending spam is a common criminal task for which zombies are used; visiting targeted websites deliberately to waste their bandwidth is another.

Since most web requests look alike, distinguishing the web hits of malevolent time-wasters from those of potential customers can be tricky. Sites which don't usually get a large number of simultaneous requests often aren't built to sustain heavy load.

Some simple warnings come out of this:

* Make sure your PC isn't infected with malware. Otherwise, it might be aiding and abetting criminal activity. In most countries, you can't yet be prosecuted for unknowingly having a zombified computer, but you may get cut off by your ISP - and quite rightly, too! The "offence" will be that you failed to act for the greater good of everyone else on the internet.

* If you're flirting with joining the ranks of the cybervandal group Anonymous when it urges people to join in DDoS attacks, typically in an effort to deny free speech in an effort to protest the denial of free speech, don't assume that you won't get caught. And don't expect much sympathy if you do.

* DDoSing a prospective customer is a high-risk sales technique.

Wednesday, January 12, 2011

Increasingly sophisticated threats that target enterprise users and data

Re-inventing Network Security

Enterprise networks and applications have evolved but security infrastructure has not.

Learn why application visibility and control (regardless of port, protocol, or encryption) are critical for preventing increasingly sophisticated threats that target enterprise users and data.

Offered Free by: Palo Alto Networks

Beware - Facebook phishing scam

Facebook phishing email

The email, which resembles genuine friend requests, includes the message `Hi, the following person invited you to be their friend on Facebook’ and an invitation to join the social networking site.

Symantec security channel product manager, Robert Pregnell, said the email can be identified as a fake because it has no confirm button and there is no prompt for an email address to sign up to the site.

“At this time we can’t say that this particular email is of a particularly aggressive or high-profile attack,” he said.

According to Pregnell, the emails can be stopped by checking the privacy policy and user account settings on the social networking site. He also advised users to have separate passwords for different accounts and regularly update their internet security.

“Have a different password for each online account and stay updated,” he said. “Make sure your antivirus, internet security, operating system and web browser software is up-to-date.”

“Multi-layered internet security programs offer additional protection with strong, non-obtrusive firewalls, watching for personal details going out of your computer, and for suspicious behaviour, even by legitimate programs on your computer.”

McAfee Asia Pacific chief technology officer, Michael Sentonas, said the Facebook phishing scam is designed to trick the recipient into going through the login process in order to accept the new friend request.

“For the unsuspecting people that do click on this and submit their login information, they may appear to login as they would normally, however, their credentials are almost always sent to the scammer as well,” he said.

He said research conducted by McAfee has shown that as much as 85 per cent of emails in some months are spam, including these types of phishing scams.

Friday, January 7, 2011

Most notable threats and trends of 2010

Crimeware-as-a-Service on the rise

In the new report from CA Technologies Internet Security team, researchers identify more than 400 new families of threats--led by rogue security software, downloaders and backdoors.

Trojans were found to be the most prevalent category of new threats, accounting for 73 percent of total threat infections reported around the world. Importantly, 96 percent of Trojans found were components of an emerging underground trend towards organized cybercrime, or "Crimeware-as-a-Service."

"Crimeware isn't new, but the extent to which a services model has now been adopted is amazing," said Don DeBolt, director of threat research, Internet Security, CA Technologies.

"This new method of malware distribution makes it more challenging to identify and remediate. Fortunately, security professionals and developers are diligent about staying one step ahead of these cyber criminals."

The most notable threats and trends of 2010 to-date include:

Rogue or Fake Security Software: Also known as "scareware" or Fake AV, the first half of 2010 saw this category of malware continue its dominance. Google became the preferred target for distribution of rogue security software through Blackhat SEO, which manipulates search results to favor links to infected websites domains. Rogue security software displays bogus alerts following installation and will coerce users to pay for the fake product/service.

An interesting trend observed recently is the prevalence of rogue security software cloning, whereby the software employs a template that constructs its product name based on the infected system's Windows operating system version, further enhancing its perceived legitimacy.

Crimeware: 96 percent of Trojans detected in H1 2010 functions as a component of a larger underground market-based mechanism which CA Technologies Internet Security has termed "Crimeware-as-a-Service." Crimeware essentially automates cybercrime through collecting and harvesting of valuable information through a large-scale malware infection that generates multiple revenue streams for the criminals.

It is an on-demand and Internet-enabled service that highlights cloud computing as a new delivery model. This crimeware is primarily designed to target data and identity theft in order to access user's online banking services, shopping transactions, and other Internet services. <

Cloud-Based Delivery: Research revealed cybercriminals' growing reliance on using cloud-based web services and applications to distribute their software. Specifically, cybercriminals are using web and Internet applications (e.g. Google Apps), social media platforms (e.g. Facebook, YouTube, Flickr, and Wordpress), online productivity suites (Apple iWorks, Google Docs, and Microsoft Office Live), and real-time mobile web services (e.g. Twitter, Google Maps, and RSS Readers).

For example, recent malicious spam campaigns are posing as email notifications targeting Twitter and YouTube users, luring targets to a click on malicious links or visit compromised websites. The Facebook ecosystem has been an attractive platform for abusive activity including cyberbullying, stalking, identity theft, phishing, scams, hoaxes and annoying marketing scams.

Social Media as the Latest Crimeware Market: CA Technologies recently observed viral activities and abusive applications in popular social media services such as Twitter and Facebook the result of a strong marketing campaign in the underground market.

CA Technologies Internet Security has observed a black market evolving to develop and sell tools such as social networking bots. Underground marketers promote new social networking applications and services that include account checkers, wall posters, wall likers, wall commenters, fan inviters, and friend adders. These new crimeware-as-a-service capabilities became evident as observed from the latest Facebook viral attacks and abusive applications that are now being widely reported.

Spamming Through Instant Messaging (SPIM): One new vector used to target Internet users is SPIM, a form of spam that arrives through instant messaging. CA Technologies Internet Security observed an active proliferation of unsolicited chat messages on Skype.

Email Spam Trends: When examining email spam trends, the Internet Security team tracked the usage of unique IP addresses in an effort to determine the source of the most prevalent spam bot regions. Based upon its observation, the EU regions ranked as the number one source of spam recording 31 percent, followed by 28 percent in Asia Pacific and Japan (APJ), 21percent in India (IN), and 18 percent in the United States (US).

Mac OS X Threats: Attackers gaining interest remains during the first half of 2010, the ISBU witnessed Mac-related security threats including traffic redirection, Mac OS X ransomware 'blocker' and notable spyware 'OpinionSpy'.

Happy New Year To All My Blog Readers

Dearest readers,

I personally wanted to wish everyone a Happy and Healthy New Year. Thank you for your support throughout 2010 and I look forward to sharing, meeting and working with more of you in 2011.

I was travelling overseas to attend various conferences and to present in couple of SCADA / Smart Grid conferences therefore was not able to keep the blog upto date. I'll try to catch up with that soon.

May you and your loved ones have a joyful 2011.

All the best !!