Symantec’s Monthly State of Spam report for March showed an increase in bounced messages that found spammers forging sent email addresses and using them in the “From” header of their own Spam messages.

Reminiscent of Backscatter, spammers are taking advantage of mail transfer agents configured to send back a list of failed email recipient addresses, an explanation of the cause of failure, and a copy of the original email. This opens a window for Spam attacks, as anti-spam filters do not block most “failed email” replies. Since spammers forge the sender’s address, this mail is going to be received by people who have nothing to do with the Spam.

Corporate networks will feel the greatest burden of the increased attacks. Using increased bandwidth and an increase of unwanted Spam messages in users’ inboxes will result in lost productivity. Networks are encouraged to configure mail transfer agents to not send back a copy of the original failed messages and require signatures for outgoing emails.

Author: Christopher

(No Ratings Yet)

 Loading ...

Almost 300,000 web sites hosted with Internet Information Services are infected with a new malicious malware according to PandaLabs. By injecting SQL code in all pages hosted on the same IIS server, this vulnerability allows hackers to inject SQL code and redirect the visitor to a malicious site. The malicious page scans the visitors machine to find ways to compromise the visitors machine. Exploits are then downloaded and used to infected the redirected visitor based on the information found on the scan.

If your site is hosted with Internet Information Services it is highly recommended you check to see if your site is compromised. To check if your site is compromised, search your source code for the following IFRAME reference: “<script src=http://www.nihaorr1.com/1.js>”. If this IFRAME reference is found, remove them immediately and notify your IIS admin right away.

Author: Christopher

(No Ratings Yet)

 Loading ...

In a white paper released last November by RSA, research from ordinary person-on-the street interviews with random office workers revealed troubling trends for those concerned with information security.  Sometimes in an honest effort to finish their work from home or while traveling, sometimes through simple carelessness, but in either case without intending to put secure information at risk, employees from all sectors of the workplace admitted to behaviors which do, in fact, put secure information at risk.

In interviews conducted in Boston and Washington, D.C., employees from both the public and the private sector answered “frequently,” “sometimes,” or “never” to questions probing their own customary behavior and also to questions asking what they had observed in their workplace.  Employers with international networks full of proprietary and confidential private information, including social security numbers and other personally identifying information, were reported by nearly 20% of private enterprise employees as routinely leaving networks set up for conference room and guest use open and available, without a password, to anyone who might walk in.

Employees themselves, with their own logins and passwords, accessed their work-network at home, in airports, in hotel and restaurant hot-spots, and even, at times, on public access hotel or internet cafe-type computer terminals.  In fact, the number of workers who retrieved their work e-mail from a public access computer was slightly higher than the number who used their own laptop but at a public wireless hotspot.  Both numbers, however, were over 50%.  Since well over 80% of workers reported that they “frequently” or “sometimes” conduct business over some kind of network away from their workplace, one can conclude that perhaps 30% of employees access work from a home computer, either by modem high speed internet connection.

More knowledge of security protocols will not solve the problem, according to RSA.  Almost all employees confirm that they have been trained in their employer’s security policies and that they are familiar with those policies.  Nevertheless, they hold doors to secure areas open for persons they don’t recognize, they notice people they don’t know working in empty offices without comment, and they find themselves with access to parts of the network they know they have no need to see.

Perhaps most troubling, a full third of all employees surveyed answered “yes” to the question, “Do you ever feel that you need to work around your company’s established security policies and procedures just to get your job done.”

RSA concluded its report, provocatively titled “The Confessions Report,” with a summary of its findings and a set of “Recommendations for Managing Information Risk.”  The recommendations call for a “holistic, information-centric security strategy [that] takes people, processes and technology into account and has a feedback mechanism.”  Clearly, an alert has been sounded.

Author: Christopher

(No Ratings Yet)

 Loading ...

1. Trojan.FakeAlert: Trojan
2. Virtumonde: Adware (General)
3. Trojan-Downloader.Zlob.Media-Codec: Trojan Downloader
4. ClickSpring.PuritySCAN: Adware (General)
5. SecurityToolbar.DesktopScam: Hijacker
6. Trojan.in-t-e-r-n-e-t: Trojan
7. WhenU.Save: Adware (General)
8. Zango: Adware (General)
9. Hotbar: Toolbar
10. MyGeek/CPVFeed: Browser Plug-in

Author: Christopher

(No Ratings Yet)

 Loading ...

A recent article on Forbes talks about a Lieutenant Colonel of the Army purchasing Apple Macintosh computers to decrease their risk of exploitation. Primarily in response to the recent security breach of the Pentagon back in June as well as a few other incidents. It is widely discussed that Macintosh computers are more secure than Windows & Linux based computers because fewer vulnerabilities exist for the Mac platform.

What I never hear talked about in these discussions is the alarming fact that Macintosh had five and a half more vulnerabilities per month on average than Windows throughout the year 2007. You can see the details and the numbers in a recent ZDNet article. It is quite common to see Macintosh users without any active Malware (Anti-Virus, Worm, Trojan, Spyware) protection.

Back in April 3Com held a short lived contest that resulted in compromising a fully patched Macintosh laptop for a prize of $10,000 and the MacBook.

Author: Christopher

(No Ratings Yet)

 Loading ...

According to Microsoft’s own MSDN (Microsoft Developer Network) site Dual_EC_DRBG random number generator is being added to the future release of Vista Service Pack 1 and their new server OS Windows Server 2008. The reason this is a significant newsworthy point of fact is because there are many rumors there is a back door to this random number generator. A majority of the rumors point to the NSA having the keys to this back door. Encryption based off a random number generator that has been compromised is only a little better than clear text.

A presentation from a few research developers at Microsoft provides some insight on the math, but reading it requires a masters in advanced mathematics.

Author: Christopher

(No Ratings Yet)

 Loading ...