The Sans Institute has identified and determined the source of infections to some 20,000 web sites since January through research and extensive review of web sites and how they work. They have identified the point of entry for these attacks which capitalizes on a sneaky tool that uses Google’s search engine as it searches for specific types of vulnerable applications. They have also found that the process is automated, meaning they were not “live” attacks which has a user on the other end initiating it. The search tool works by finding vulnerable software and then executes a simple SQL statement that injects a script tag onto the discovered site. The exploit was designed to target Microsoft Window’s ISS which once infected, has the ability to infect all who visit the site. The sad side is that again, the malware is found and has been traced to report back to China which enforces more need for security on their side of the globe.
Their people were so thrilled at the discovery which they called a “GEM” due to the scarcity of such discoveries in the wild (internet). Discovery of such Trojans and other malware allows prompt response and sending out of updated signatures to anti-virus software and other intrusion prevention tools that prevents the spread to continue. They may have been lucky this time for the majority of malware out in the wild are not only very complex in terms of coding but have the ability to morph into totally different forms as they travel from computer to computer through the internet. The best way to avoid such problems would be to stay off the internet, which is next to impossible due to the current prevalence of the said technology in our everyday lives.

Tags: Google search tool, Malware, Web Site piggy-back

Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies, Spyware

Leave a Comment

Recent studies are showing that having merely traditional Anti-Virus Programs Installed onto a computer is proving to be highly ineffective with today’s code morphing malware. The complexity and uncanny ability of these malware to change signatures defeats most if not all intrusion prevention systems. Hackers have also capitalized on the fact that users trust content that is seemingly from legitimate sources like the recent incident with a Goggle Mail application which is used to archive email from the email company’s servers which incorporated information gathering code. The problem was only found when a programmer unknowingly de-compiled the program and found an email address along with a log-in password to the program author’s mailbox. Upon using the derived information to get into the email account, he found several user information along with usernames and passwords of others who have used the program. He took drastic steps and deleted all information (email) he found not to be the author’s and informed the company which released the program about the incident. The developer simply said an error checking routine or some draft code was arbitrarily left within the released version. They promise not to do so in the upcoming versions of the said archiving program…. Yeah Right.
People have been warned again and again regarding the risk of getting free software and other free stuff that seemingly comes from legitimate sources (not the developer’s page) for they may have embedded payload which they unload once installed. Current Trojans also use swift actions to copy itself onto all peripherals(flash disk, digital camera, digital media players, PDA’s and other similar devices which can hide the code) attached to the system it infected so even a complete Operating System reinstall would only result in reinstallation if re connected to the same system. Other malware simply use the email addresses within certain programs like outlook and messenger sending out copies of itself to all those listed and infecting further computers as it travels all over the world.
The scenario has come to the point experts are talking about implementing a white list of sorts of all valid applications, sources for all legal and safe systems which are to be allowed access to their systems. This would have a sort of inventory program which keeps track from online sources of trusted sites and sources of files and rejecting those which are not included. Manual inclusion would be the Achilles’ heel of such an audit system for any wrong addition would again make it vulnerable to attack.

Tags: Anti-Viruses, Malware, viruses

Categories: General, Malware, Network Security, News, Real-World Issues, Spyware

Leave a Comment

Experts have said it again and again and history has shown us that money is the root of all evil and so it goes the same for the development and eventual spread of more sophisticated malware intended for the ever growing mobile computing environment. Current malware is simple yet experts are warning users and other experts alike that it would only be time before some hacker develops a more robust and discreet form of malware that would circumvent standard virus scanners. As we have seen and read in news articles, these viruses, Trojans and other forms of malware are evolving so fast that removal and detection experts are finding it very hard to get one step ahead of them. In the time it takes to read this post, about 35 or so new types of malware would have been released into the wild to infect any of the millions of unprotected systems over the internet. The problem has gone into the pandemic stage that no system is safe for long. The soonest a new and more robust intrusion prevention and security system is in place, several new vulnerabilities in the computer systems we use are found and immediately exploited by hackers and their minion.
Economics or the promise of earning a buck from such malware creation and spreading is the major motivation for hackers. Say you get into the cell phone of your favorite Celebrity and get hold of private pictures, or get hold of a confidential report which lists the amount of funds along with the corresponding account information and much more information that one can sell quite profitably over the internet.

Tags: Malware, Mobile Malware Threat, viruses

Categories: Cryptography, General, IM, IT Security Basics, Instant Messaging, Malware, Network Security, News, Operating Systems, Real-World Issues, Security Policies, Spyware

Leave a Comment

To think the attacks over the internet would end, users of MySpace have been hit by a termed “Link Hack” which was discovered and is being studied by Websense which found the hack to re-direct the parsing process from the MySpace profile page, to the malicious site them back to the said legit page. The hack allows malicious code to be attached to all aspects of the MySpace page (such as the View Pictures, View Profile and other such legitimate functions that are normally used on the social networking site but instead of doing the requested operation, the user is re-directed to another site which prompts the user to click the back button or try to figure out what the hell just happened with the malicious phishing site getting all the info it needs and the cycle continues again and again.

The hijack process comes in stages and all the while the misguided clicks always execute a piece of JavaScript which re-directs the user to a page that seems to be the MySpace site but actually isn’t. The problem has seemingly dropped traffic due to the shutting down by the phishing site. Websense has informed the MySpace people regarding the matter and they are surely taking action to provide measures to ensure the privacy (which may be next to impossible to such open sites) of their subscribers. Symantec has also raised the alarm and has released information that can help users avert the disclosure of personal information to the said phishing site. MySpace has also identified several individuals who might be involved in the attack and have suspended their accounts as they continue to investigate the actions of these errant users and what part they had with the attach on the social networking site.

Tags: Link Hack, Malware, myspace, Social Network Under Attack

Categories: General, IM, IT Security Basics, Malware, Network Security, News, Real-World Issues, Review, Security Policies

2 Comments

They are not only growing in numbers, but growing in complexity that they are en-likened to their real-life counterparts that mutate and give doctors and geneticists a hard time to treat. Major software developers mainly in the anti-virus/malware area have been finding it very difficult to remove and provide cures for the damage they do. This may be a sign of hard times to come when it comes to viruses and other forms of malware that have more than one instances in their databases. This has become so much of a danger that a single virus may have a hundred or so variants all having individual differences with the damage they cause rising exponentially. The initial discovery of a virus may be the first time it encounters virus detection experts who dissect them and find out how they work from the inside out allowing them to provide updates to already installed protection software allowing detection and removal. The instances when these software use the Quarantine facility is when the damage is too severe and cannot be repaired or that the software recognizes it but is not quite sure which one it is. That is why these software have facilities to submit these errant files to their rapid response centers where they are studied and feedback is sent back to you to show you what the infection was and what happened to your beloved file.

They might simply be code but they are evolving everyday and they are doing so in ever complex ways. The initial code might have little resemblance to their variants and so is the damage they cause. Advice for the millions of users out there, keep your anti-virus updated as much as possible, also keep your operating system updated which has updates released to correct vulnerabilities that are discovered and if you do not have an anti virus software installed, better get one or you might be surprised to see a lot of garbage on your hard disk where your hard earned documents and other vital files used to be leaving you crying your pants out in utter disgust sending you towards endless overtime to re-do all the stuff you lost. Get email you don’t know the sender or am not expecting don’t open it.

Tags: Malware, Strains, Variants, virus

Categories: General, IT Security Basics, Malware, Network Security, Operating Systems, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware

4 Comments

The last post tackled the damage an internal threat might do to a person on the outside of a business organization. This post deals more with the threat from within from the viewpoint of the targeted organization itself. The problem with an internally planted backdoor or some other form of malware is that it is integrated with the programs themselves that are supposed to provide security to the system. The system that is affected can most of the time be freed of these stated threats by re-installing the said application with a version that is free of the problem code.

Just imagine the amount of information that has to be moved, re-processed and re-stored just to make up for a few lines of code that has been very well placed, hidden from view. Firewalls were supposed to prevent intrusion to links of the organization from the outside and inside but if the firewall was not to know the workings of the said code, it would recognize it as a legitimate process and allow the transfer of data without taking a second look. Corporate espionage has rival companies trying to get at the other’s secrets in hopes of getting ahead of other competitors. In the US, the FBI and other Internal security forces continuously monitor such activities such as the problem when stocks were manipulated within the Stock Exchange itself to boost the value of a particular stock to favor investors.

The risks the information we entrust to companies who serve us is great and sure they do take all necessary preventive measures as much as they could, but a threat from within is truly an adversary to be dealt with.

Tags: back-doors, hidden-code, Malware, trojans

Categories: General, IT Security Basics, Malware, Network Security, News, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies

Leave a Comment

Viruses and malware issues are far from being a thing of the past. On the contrary, they seem to grow large by numbers as each day passes. Thus the works of security software companies have their work cut out for them. There is not definite date to which such threats and intrusions would wholly be resolved.

For the time being, it would be advisable for people to scan third party storage devices such as diskettes, USB drives and mobile storages to be safe and sound. These wandering viruses can attack at any time and this is a fact anywhere computer related materials are concerned.

Files can go as far as infecting the executable files, hence document, excel and compiled scripts are baits for immediate infection and malicious intrusions. Software applications also have their limits as their development teams cater only to a specific genre for known harmful files. But it is better to lower the risk of intrusion than not having protection at all.

[tags]scan, spyware, virus, infections, spyware, malware, trojans[/tags]

Tags: infections, Malware, scan, Spyware, trojans, virus

Categories: Backups, IT Security Basics, Malware, Network Security, Operating Systems, Programming, Real-World Issues, Security Policies, Spyware, Storage, Tips, Wireless Security

Comments Off

The main gist of security conscious and malicious programmers is to play with the known algorithms where most of the problems can be created and avoided. The never ending search for understanding algorithms has been a given today. Malware development has been obviously aggressive and the issues and plagues that it has continued to spread is really something that keeps technology people up on their feet.

The best way is to be aware of possibilities. The Internet is known to be always up to date with such risks, but overall, a person aware of the capabilities of such should know beforehand that spyware, malware and Trojans can easily penetrate systems without notice if they are not secured properly.

Such security breaches and issues are placed under the tutelage of network administrators and officers. Being aware of such potential risks beforehand is something that they should be aware of. Besides, it is also a given that most of these professionals are aware of such risks since they are always logged on the web.

Tags: administration, algorithms, Malware, Network Security, Spyware, trojans

Categories: Cryptography, IT Security Basics, Malware, Network Security, Privacy & Anonymity, Programming, Security Policies, Spyware

Comments Off

Downloading practically anything on the web is only normal. It is the primary basis and tag that the Internet has gained over the years, especially if one talks about music and images available over the Internet. While downloading practices by people have no limit whatsoever, it would be wise for people to stick towards the reliable and suggested sites such as that of Tucows and Download.com for programs and files needed. The Internet simply has too much unknowns that places workstation at risk.

Viruses and infected sites are normal over the web as well. Phone dialers usually associated with pornographic sites may soon be installed on the computer desktop of any person without their knowledge. Further, the presence of malware and worms may be lurking around simultaneously with the actual download. Symptoms such as slower browsing and peculiar pages that appear on start-up should keep anyone worried. It may just so happen that they have been intruded by untoward programs and viruses gotten online.

[tags]downloads, music, graphics, images, applications, malware[/tags]

Tags: applications, downloads, graphics, images, Malware, music

Categories: IT Security Basics, Malware, Network Security, Programming, Spyware, Storage

Comments Off

It is evident that most people have had their share of untoward incidents of opening their browsers and being re-directed towards another site other than their set homepage. Nope, the computer settings are not to be blamed, but rather possibly visiting a site which automatically changes the start page towards a site which is up to no good.

Avoiding such browser hijacking will be of different norms. For one, watch the clicking of pop-ups or queries that would usually ensue from an unknown site. Once a computer is infected, the need to resort to third party tools such as Adaware or Spyware Doctor to fix the problem would be needed.

For extreme measures, manual removal of such implanted files can be done as well. But for people who have issues with these, the best way is to delete all the Internet Cookies and Temporary folder initially. This alone will show the infected files so that they can be identified and contained.

[tags]spyware, malware, adaware, browser hijack, pop-ups[/tags]

Tags: adaware, browser-hijack, Malware, pop-ups, Spyware

Categories: IT Security Basics, Malware, Network Security, Operating Systems, Real-World Issues, Security Policies, Spyware, Tips

Comments Off