Computer Internet network security News

PandaLabs, Panda Security’s malware analysis and detection laboratory, issued a security alert that reveals a direct correlation between the recent stock market volatility and the growth of new threats. According to PandaLabs, the two are tied together much more closely than previously thought and recent stock market instability has accelerated the volume of targeted cyber attacks and their relative impact on the economy over the last month and a half. In addition, analysts at PandaLabs believe the recent spike in malware could be related to cyber-criminals now having fewer possible targets as a result of consolidation within the banking industry.

“When we began looking into the specific effects cyber-criminals had on the economy during times of duress we found a startling connection: the criminal economy is closely interrelated with the economy,” said Luis Corrons, Technical Director at PandaLabs. “Based on our extensive research and analysis of emerging malware patterns, we believe that criminal organizations are closely watching market performance and adapting as needed to ensure maximum profit.”

According to PandaLabs, the new strategy appears to be developed in response to banking industry consolidation brought on by the multi-million-dollar bank bailout packages introduced by several governments around the World. As a result of this consolidation, fewer banking entities will exist in the long term and the perception of instability in the financial community makes for a less attractive target. This situation has increased the volume of other types of malware such as adware, which under normal circumstances would be second to Trojans.

“Cyber-criminals have to increase their activity to reach more users with campaigns designed to put money directly into their pockets, especially during times of economic instability. For example, we have seen a surge in the number of fake antivirus software scams that trick unsuspecting consumers into making an online transaction, instead of criminals relying heavily on phishing the credentials for banks,” explains Corrons. “Our data also shows that these fake antivirus campaigns are generating over 10 million euros in profit each month for the underground economy.”

The following are highlights of PandaLabs’ key findings:

• On average, the US stock market experienced between a 3 to 7 percent decline from Sept. 1st to Oct. 9th. However, activity on the “malware markets” was the opposite: it grew substantially as the stock markets declined.

• From Sept. 5th to 16th, the Dow Jones Industrial Average, NASDAQ, S&P 500 and Composite Index all dropped from the plus 0.0 percent range to approximately negative 3.0 percent or lower . In the same period the Spanish IBEX 35 index and the London FTSE 100 also suffered major losses. The same timeframe witnessed a significant surge in daily malware threats; for example from Sept. 8th to Sept 10th the volume of daily threats grew from 10,150 to well over 24,000.

Source Panda security

News computer-threats, online threats, panda security

You’re doomed, says cheery security vendor.
The latest research report from McAfee has painted a frightening picture for enterprise IT administrators, predicting a rapid maturation of cyber-crime and the technological being used to carry out attacks.

n no particular order, McAfee Avert Labs’ top ten security threats for 2007 are:1.       The number of password-stealing Web sites will increase using fake sign-in pages for popular online services such as eBay

Malware computer-threats, Malware, mcafee

Symantec Corp. (Nasdaq: SYMC) concludes that cyber criminals are increasingly becoming more professional – even commercial – in the development, distribution and use of malicious code and services. While cybercrime continues to be driven by financial gain, cyber criminals are now utilizing more professional attack methods, tools and strategies to conduct malicious activity.“As the global cyber threat continues to grow, it has never been more important to remain vigilant and informed on the evolving threat landscape,” said Dan Lohrmann, chief information security officer, State of Michigan. “Symantec’s Internet Security Threat Report continues to provide us with critical information on the most current online security trends, helping us better protect our state’s infrastructure and citizen information.”

Read more at Symantec

Computer threats computer-threats, cyber-crimes, security-news, symantec

Signature-based detection: Signature-based engines are extremely effective at identifying and blocking known threats. Multiple signature-based engines form an important part of a multi-layered cocktail approach to real time scanning.

However, signature-based malware detection only works for known malware. It is not useful for new threats. Additionally, in order to be effective signatures must be delivered quickly and propagated — a time consuming task.

Heuristics: Using a rule of thumb to detect variants of known malware is an effective tool in the fight against malware. However, if your heuristics are too aggressive, you experience false positives. Also, heuristics are designed to increase the probability of detecting something that is similar to something that you have seen before. This means that a heuristic won’t detect completely novel malware.

Code Analysis: The behavior of the code can be determined by modeling program logic, behavioral rules, and contextual system call analysis techniques that suggest good or bad intentions.

Code reputation: Unlike URLs whose content can change, a binary can, in fact, have a reputation based on historical analysis. “Good” code can be treated differently than unknown or bad code.

URL Reputation: URL reputation is derived by examining parameters such as IP address information, country of the web server, history and age of the URL, domain registration information, network owner information, URL categorization information, and types of content present.

Antivirus, Computer threats Antivirus, categorization, code-analysis, Computer threats, computer-threats, heuristics, Malware, program_logic, signature

Counter to what the movies might say, hacking grades is not just cheating it’s a crime:

An investigation showed the professor’s network account had been accessed without her permission and grades were assigned to nearly 300 students, prosecutor Robert Fratianne said.

I bet they just guessed her password but still, there’s more legal ways to cheat.
Students face 1 year in jail for hacking [Yahoo News / AP]

Read more at  Security Wonk 

Computer threats, Government IT security, Passwords Authentication, Computer threats, computer-threats, Government IT security, Government-IT-security, Identity-theft, Passwords

In China, UTM (Unified Threats Management) has been rocketing in recent months, not only in the media, but also in the real market transactions. International vendors, such as Fortinet, Watchguard, Sonicwall, ZyXel, bomb the newspapers, journals and other soft-ad everyday, while Cisco, Juniper, Symantec, Securecomputing, McAfee and etc. keep talking on their vision of UTM directions. Of course, the prediction of IDC’s report on UTM market that UTM will occupy 57.6% of total firewall, vpn, and anti-virus market share is one of the main stir and encouragement to the investment. Then, how is everything going about those local security vendors? Yes, they won’t just stand by and watch the growth, instead they are deeply involved in this arena.

During the past 1-2 years, most of those major players in China security market have been brewing and rolling-out their UTM products. Kingsoft is one of the top three local anti-virus vendors in China(the other two is Rising and Jiangmin). Recently, they inked the agreement with xScreen on the UTM product OEM cooperation. In conjunction with their desktop antivirus/firewall/IDS, anti-virus gateway and server protection, no one would like to ignor their competition in the total security solution for SMB.

According to the UTM description by IDC, anti-virus is one basic function of UTM devices, ie. it’s easier for those anti-virus vendors to turn to catch up UTM market. So it’s an easy job to predict that Rising/Jiangmin/CA-JC won’t wait long time to sell their UTM.

As to the UTM market, OEM is doomed to be a good choice for those vendors who want to break into this market. Because a single core technology within a UTM, such as firewall, VPN, IDS engine, and anti-virus engine, is a little bit overwhelming for an average vendor to develop from the much beginning. As a proof of my point, IDC’s report list reflect the anti-virus engine OEMed in the major UTM products. So again it’s easy to predict there are more and more vendors choose OEM to enhance their features and shorten the rolling-out time. It must leave such technology companies as xScreen a big space to make money and grow.

Computer security Systems Computer security Systems, Computer-security, computer-threats, threat-management

BlackWorm Summary

Published: 2006-01-26,
Last Updated: 2006-01-27 02:01:42 UTC by Johannes Ullrich (Version: 3(click to highlight changes))

About BlackWorm

Over the last week, “Blackworm” infected about 300,000 systems based on analysis of logs from the counter web site used by the worm to track itself. This worm is different and more serious than other worms for a number of reasons. In particular, it will overwrite a user’s files on February 3rd.

At this point, the worm will be detected by up to date anti virus signatures. In order to protect yourself from data loss on February 3rd, you should use current (Jan 23rd or later) anti virus signatures. Note, however, that the malware attempts to disable/remove any anti-virus software on the system (and does this every hour while the system is up), so if the machine was infected before signatures were deployed, obviously, that anti-virus software can’t be expected to clean up the infection for you.

The following file types will be overwritten by the virus: DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, ZIP. The files are overwritten with an error message( ‘DATA Error [47 0F 94 93 F4 K5]’).

We will try to post more detailed cleanup instructions later. However, it is likely that you will have to rebuild the system from scratch. Obtaining good backups is critical as a first step.

The first thing you should do is to update your anti virus signatures.

This page will be updated as new information becomes available. Please see the end of the page for references to other sites. Use only this url to link to this page: http://isc.sans.org/blackworm

Naming

As usual, this worm/virus has collected a number of names from various vendors. It is so far known as: Blackmal, Nyxem, MyWife, Tearec among other names. Update: we have been informed that the CME number will be ‘CME-24′. cme.mitre.org should shortly list this number.

How would I get infected?

The worm spreads via e-mail attachments or file shares. Once a system in your network is infected, it will try to infect all shared file systems it has access to. You may see a new “zip file” icon on your desktop.

What will BlackWorm do to my system?

It will disable most anti virus products and delete them. The worm will e-mail itself using a variety of extensions and file names. It will add itself to the list of auto-start programs in your registry.

Removal

Anti virus vendors offer removal tools. Microsoft provides detailed instructions for manual removal. However, there are two important reasons to rebuild “from scratch”:

1. BlackWorm uses the same tricks to install itself as other viruses/worms. It may not be the only one on your system. Antivirus will not detect all viruses, and the removal tool will only remove this specific worm.
2. BlackWorm will allow remote access to your system, and additional malware may have been installed via this backdoor.

To read the rest of this post, go here: SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System.

Computer threats blackworm, Computer threats, Computer-security, computer-threats