In its second month of compiling data, the new Kaspersky Security Network (KSN) technology revealed some significant changes amongst the most widespread malicious programs.

The first table is based on statistics provided by our 2009 antivirus products. This table shows the malicious programs detected on users’ computers.

 1              Trojan.Win32.DNSChanger.ech
 2    New    Trojan.Win32.Pakes.kab
 3    New    Trojan-Downloader.Win32.Agent.xqz
 4    New    Trojan-Downloader.Win32.Agent.yaw
 5    New    Trojan-Downloader.Win32.Agent.xws
 6    New    Trojan-Downloader.Win32.Small.zie
 7    New    Trojan-Downloader.Win32.Agent.xna
 8    New    Trojan-Downloader.JS.Agent.chk
 9    New    Trojan.Win32.Agent.tfc
10    +6      not-a-virus:AdWare.Win32.BHO.ca
11    New    not-a-virus:AdWare.Win32.Agent.cp
12    -3      Trojan.Win32.Agent.abt
13    New    Trojan-Dropper.Win32.Agent.tbd
14    New    not-a-virus:AdWare.Win32.BHO.sc
15    New    not-a-virus:AdWare.Win32.BHO.vp
16    New    Trojan-GameThief.Win32.OnLineGames.sjbb
17    New    Trojan-Clicker.Win32.Agent.bkd
18    +1      Trojan.Win32.Chifrax.a
19    New    Trojan.RAR.Qfavorites.a
20    New    Trojan-GameThief.Win32.OnLineGames.sgpq

A total of 28940 different malicious and potentially unwanted programs were detected on users’ computers in August. That is an increase of more than 8000 on July’s figures and points to a significant increase in the number of in-the-wild threats.

Source: Kaspersky Lab

Author: Christopher

(No Ratings Yet)

 Loading ...

As Dan Kaminsky recently demonstrated at the Black Hat conference in Las Vegas, the DNS security flaw presents a serious vulnerability.  In case there was previously any doubt, he showed just how dangerous to internal networks and the internet at large it is to run un-patched DNS servers.  Even with the patch, the exploit is still possible, just extremely difficult.

The vulnerabilities are not limited to the web, but affect every type of internet service and traffic, including IM, telnet, email, and usenet.  Every protocol uses DNS servers to locate and communicate with between servers and client computers.  Even HTTPS (web sites using SSL - Secure Sockets Layer) would be affected because the Certificate Authorities who authenticate the certificates rely on DNS.  Note that all major CAs have patched their DNS servers, but of course many sites use self-signed certificates.

Some services have already fallen prey to this exploit, with AT&T being the first publicized victim.  Actually, the victims were the people whose requests were directed to a bogus Google search site because of an un-patched AT&T DNS server.  Fortunately, the bogus site only hosted code to auto-click the adsense advertisements, creating extra revenue for the perpetrators.  It could have been worse, if for example the site had been created to infect visitors with drive-by infections or inducements to download crimeware.

The picture is not completely bleak.  Thanks in part to Kaminsky’s presentation, more organizations are taking the threat seriously and patching their servers.  Also, any SSH-based connections which had been made at least once prior to the exploit would warn users if new connection attempts were made to bogus sites, because of the way SSH keeps digital fingerprints of remote hosts.  So Secure Shell, sftp, scp, and SSH-based VPNs would at least warn users about the change in fingerprints, or deny the connection altogether, depending on the local configuration.

For anyone wishing to know whether or not the DNS server he or she is using has been patched, Dan has published an online DNS checker on his blog at http://www.doxpara.com/.

Author: Christopher

(1 votes, average: 5 out of 5)

 Loading ...

In February, Pfizer, the world’s leader in biomedical and pharmaceutical research, reported stolen a laptop computer which carried classified information for 800 contractors as well as current and past employees. The individuals in question may be subject to identity theft.

The information on the laptop computer included names, credit card numbers, various addressses, phone numbers and hotel loyalty program numbers and other information.  It did not appear any social security numbers or PIN codes were revealed.

The laptop computer, stolen by burglars from the home of a contractor arranging travel and meeting plans for Pfizer, was password protected.  Many operating systems store application data in numerous locations on your computer.  Full-Disk encryption is the only means to protect your entire hard-drive.

Full disk encryption benefits outweigh those of regular file or folder encryption and vault encryption.

Full-Disk Encryption:

• Swap space and temporary folders are files which could reveal confidential information, but now can be encrypted along with most all other data, with full disk encryption
• Pre-boot Authentication (PBA) which keeps the operating system from booting until the right password is entered
• If you need it there is data destruction by ridding of the cryptograph key

In light of publicized lap-top thefts and security breaches, it is important for all users to enlist full data encryption solutions to protect all confidential data on their machines. This is the precise reason that the United States Government is in the process of comparing different FDE solutions in order to choose and implement the best one. If you have confidential data in high risk locations consider full disk encryption to protect your data.

Author: Christopher

(1 votes, average: 5 out of 5)

 Loading ...

Adobe is reporting an unusually high number of social networking sites hosting fake Adobe Flash installations.  These installations are installing malicious software on to your computer.   Like all software installs, it is highly recommended you verify the URL before accepting a download and making sure your antivirus protection is up to date and active.

Author: Christopher

(2 votes, average: 3 out of 5)

 Loading ...

Throughout July the majority (76%) of all malware identified fell into the Trojan category. Of the 20,704 unique malware findings in July, 20,000 of them were found in the [...] Continue Reading…

Author: Christopher

(1 votes, average: 5 out of 5)

 Loading ...

Three publicly available DNS exploits are available that exploit the recent DNS vulnerabilities brought to light by Dan Kaminsky.  These exploits have been downloaded over 15,000 times, although we [...] Continue Reading…

Author: Christopher

(1 votes, average: 5 out of 5)

 Loading ...