When it comes to security issues at organizational level, it is not dealing with malware that comes first but managing employees to use web in secure and efficient way. According to a report from MessageLabs Security Safeguard, the top 10 issues faced by IT managers of American companies are:

1. Time wasting online: 86% of the IT managers surveyed said that they worry about employees wasting time in social networking and similar sites, which in turn saps the productivity and discourages honest people from disciplined web usage.
2. Enforcing acceptable web usage policies: 53% of the IT managers found enforcing acceptable Internet usage policies in a consistent way, a challenge.
3. Monitoring web usage: Effective monitoring of web usage and generating reports was another challenging issue for 52% of the IT managers.
4. Keeping security systems up to date: Updating patches for typical software like in-house web filters, policy engines, spam and anti-malware systems and signatures for antivirus database was biggest management challenge for 49% of respondents.
5. Addressing Legal risks: The accidental disclosure of confidential info online (57%) and employees visiting inappropriate or offensive websites (44%) are some legal risks, which the respondents found challenging to address.
6. Internet bandwidth wastage: Around 44% of the respondents were concerned about wastage of internet for non-business related purpose like video streaming, social networking sites, etc., which affects the bandwidth availability for legitimate business purposes like email, web browsing and VPN connections.
7. Protecting employees working from remote and home locations: 42% of the IT managers were concerned about the possibilities of infections spread by employees working from homes and remote locations via laptops or computers, who cannot be covered under the company’s firewall.
8. Access to unauthorized web applications: 42% of the respondents found it challenging to restrict access to unauthorized web applications like personal mail, IM applications, etc., through which employees can upload company’s confidential information or access to services that are outside company control.
9. Malware and spyware protection: With the increasing number of threats online, protecting the network from malware and spyware was a challenge for 40% of the IT managers.
10. Protecting multiple locations: Around 19% (76% among companies with 500 employees or more) of the IT managers found it challenging to protect their company’s branches in multiple locations from online threats as well as inappropriate web usage of the employees.

The company that owns Nasdaq Stock market, recently informed that a malware attack was identified on its servers. The story was first posted on Wall Street Journal. The Nasdaq trading was not affected as the attackers’ target was information from the boards of directors of publicly traded companies.

Going into the details, few suspicious files were found on the U.S servers by the Nasdaq OMX group, who then confirmed a breach in their systems. The breach was found to be through their Web-based collaboration platform – Directors Desk, a system offered by NASDAQ with about 10,000 users worldwide and is operated separately from Nasdaq’s trading platform.

The FBI and DOJ, together are investigating the issue for over a year to find out on how the malicious files were stored inside Directors Desk system. The intent of the hackers was unknown but as per the reports, the program allowed the designers of the software to see what items and messages were being shared via the Directors Desk platform. According to Directors Desk’s website, the application is used by 10,000 directors at Fortune 500 sized companies. Not surprising, on why the system was targeted.

On a side note, the website of the Directors Desk claims to have its security standards complying with ISO27001.

Read the rest of this entry »

Your network might seem well protected with all the security measures you have taken from direct attacks. But a whopping 25 percent of malware today is developed to spread through USB devices. Infection through USB drives spreads undetectable into the network and makes it harder to deal with later.

The autorun feature in Windows will simply make the operating system execute anything it is told to execute by an autorun.inf file on the removable media. Disabling autorun is one of the best methods to secure your PCs from notorious USB drives.

The process to disable autorun in Windows XP Professional, Server 2003 and 2000 versions is as follows:

• Click Start → Run → type Gpedit.msc Enter
• In the window that opens, go to Computer Configuration and expand Administrative Templates
• Click System and go to Settings pane
• Right click on Turn off Autoplay and select Properties → Enabled
• Select the required drives in the Turn off Autoplay box to disable Autorun on respective drives or select All drives to disable on all drives
• Click OK
• Restart the computer

The process to disable autorun in Windows Server 2008 or Windows Vista versions is as follows:

• Click Start → type Gpedit.msc in Search programs and files box and hit Enter
• In the window that opens, go to Computer Configuration → expand Administrative Templates → expand Windows Components and click on Autoplay Policies
• In the Details pane, double-click Turn off Autoplay
• Select Enabled
• Select the required drives in the Turn off Autoplay box to disable Autorun on respective drives or select All drives to disable on all drives
• Click OK
• Restart the computer

The process to disable autorun in Windows 7

• Click Start → type Gpedit.msc in Search programs and files box and hit Enter
• In the window that opens, go to Computer Configuration → expand Administrative Templates → expand Windows Components
• Right click on Turn off Autoplay and select Edit
• Select Enabled
• Select the required drives in the Turn off Autoplay box to disable Autorun on respective drives or select All drives to disable on all drives
• Click Apply → OK
• Restart the computer

No amount of precautions and security measures for a network will equal the vulnerability created by a small USB device. You can see all the pain you have taken to make your network secure, crumble in a matter of seconds, due to an issue caused by a USB drive. USB drives are small, handy and convenient but one can’t imagine how notorious they are.

Few instances here will tell you how dangerous can a small USB drive be:

• According to research from Avast, roughly one in eight of the 700,000-plus malware incidents it identified in 2010 were due to tainted USB devices.
• Security consulting and research firm the Ponemon Institute, found that more than 800,000 data-sensitive devices, including USB drives, portable hard drives and laptops, were compromised in 2009.
• The top two virus threats reported by BitDefender, are actually spread through USB drives.
• According to research by Panda Security, a whopping 25 percent of malware today is developed to spread through USB devices.
• Recently, an assistant professor and his student at George Mason University, demonstrated how Operating Systems fail a USB Attack. They just used a smartphone connected to a PC through a USB cable and were able to hack it. The professor simply credited his successful exploit to the USB protocol which does not ask for authentication when an unknown device connects to a computing platform.

These are only a few instances on what an infected USB drive can do.

USBs – a threat for Corporate Networks
An employee can simply bring in an infected USB drive to office, knowingly or unknowingly, and connect it to his system and get it infected. The system then spreads its infection to other PCs over the network. A research report from Avast says that more than 60 percent of all malware in circulation can be spread via USB drives. To corporate networks, notorious USB devices are not just confined to spreading malware. They simply offer a way for indiscernible data stealing.

Precautions and necessary steps to be secure
The situation today isn’t so worse that the USB drives would simply force the users to face the threats they impose. It requires just a few changes in the default settings of USB ports to eliminate the hazards of notorious USB drives. Few of them are as follows:

• Disabling autorun option (Windows PCs)
• Blocking unauthorized USB devices
• Maintain personal and business USB drives separate. So that you don’t contaminate your office network from threats outside.
• Do not plug an unknown USB drive into your computer. This is a simple precaution but works best.
• As prevention is better than cure, you can just block USB drives on your computer/laptop (through registry key settings in Windows OS) permanently and use alternatives.

Avast products were the most used antivirus globally, but when it comes to North America – Norton rules. A recent report from OPSWAT on quarterly market share and usage data for antivirus software for Q4 2010, said that avast antivirus product line were the most used antivirus products globally with 17.53% of market share. ESET Software and Symantec products were in following positions with 12.05% and 10.04% of market share respectively. Together, these top 3 AV vendors occupied around 40% of the global antivirus market.

ESET Software was the largest gainer for Q4 2010 with 6.39% increase in market share since June 2010. Kaspersky labs and Panda Security were the other product lines which gained notable market shares with 2.46% and 2.50% increase respectively.

In North America, only 5 out of the 53 antivirus vendors detected, constituted for a majority of antivirus market with 60.74%. Symantec Norton was leading with 16.45% of the market share. Top 2 antivirus software globally – ESET and Avast – also stood top in North America with 12.86% and 10.86% market share respectively. Together, these top 3 AV vendors occupied nearly 40% of the North American antivirus market.

Microsoft’s Security Essentials was leading the North American individual antivirus products market with 10% share. Avast! Free AV and ESET NOD32 AV were in following positions with 8.81% and 7.75% of market share respectively. Norton AV and Norton 360 stood in 4th and 6th positions, with the AVG Free AV being ahead in position 3.

However, only 60% of the 90,000 cases considered by OPSWAT globally, had an antivirus application installed. What seemed interesting was that free antivirus accounted for 58% of the installations (in July 2010, it was 42%). Thus, a majority of the AV users were using free solutions offered by vendors.

A recent report from Symantec declared that spam volumes in January 2011 fell to the lowest levels, since March 2009. The spam volumes seemed to drop dramatically since 25th December of 2010 and continued its phase in January. The only time that spam volumes dropped by such a remarkable extent was after the closure of McColo, a California-based ISP in 2008, for being implicated in criminal and botnet activities.

Dramatic decline in spam levels
Spam, in January 2011, accounted only for 78.6% of the total email traffic. This was a 3.1% drop since December 2010 and a significant 65.9% lower compared to same period, a year ago. However, the spam rate is still alarming with 1 in every 1.3 mails being a spam one. The fall of the spam was credited to the apparent fall in activity of 3 major botnets – Rustock, Xarvester and Lethic.

Spam levels – Country wise for January 2011

1. Oman – 88.8%
2. China – 84.6%
3. Hungary – 83.3%
4. Luxembourg – 82.8%
5. Kuwait – 81.9%
6. South Africa – 80.0%
7. US – 78.8%
8. UK – 78.7%
9. Canada – 78.3%
10. Australia – 77.3%

Minute increase in phishing activity
One in 409.7 emails was found to comprise of a phishing attack in January 2011, said Symantec. This was a small 0.004% increase since December 2010. Phishing levels in US were 1 in 892.8 emails. South Africa was the most targeted geography by email phishing attacks with one in 51.7 emails blocked as phishing email. Other top targeted geographies by phishing emails are as follows:

• UK – 1 in 188.6 emails
• Canada – 1 in 204.6 emails
• UAE – 1 in 247.3 emails
• Oman – 1 in 248.4 emails

Increase in new malicious domains
Symantec message labs has identified an average of 2,751 malicious websites each day, in January 2011. Around 44.1% of them were identified to be new domains, a 7.9% increase from December 2010. These websites contained malware and other potentially unwanted programs including spyware and adware. 21.8% of all malware blocked on these sites was new. Another recent report from OpenDns said that 53.8% of all the phishing websites were hosted out of US.

Though email spam has decreased in volumes, web-based malware seems to increase in both volumes and coming up with new forms. The report suggests that organizations can combat the lurking threats by a policy-based security model. It is also important for users to choose an antivirus that is proactive in detecting malware and offers real-time updates for malware database.

Unites States stands as a major hosting hub of phishing sites, according to a report from OpenDns. According to the report, more than 60,000 separate attempts came from websites hosted in the U.S.

The following are top countries hosting phishing websites in 2010:

1. United States — 53.8%
2. Germany — 6.3%
3. Canada — 5.2%
4. United Kingdom — 4.8%
5. France — 3.5%
6. Russia — 2.9%
7. China — 2.8%
8. South Korea — 2.8%
9. Italy — 2.5%
10. The Netherlands — 2.4%

Percentages indicate the proportion of phishing sites verified in 2010 hosted in a given country.
Read the rest of this entry »

Spoofed websites have become even more extensive than in previous years. The most common name spoofed by phishers is Paypal, acording to a recent report released by OpenDns. The most common spoofed brands belonged to the online and social games category.

The following are the most common targets of spoofing websites for 2010:

1. PayPal — 45.9%
2. Facebook — 5.3%
3. HSBC Group — 4.1%
4. World of Warcraft — 3.2%
5. Internal Revenue Service — 3%
6. Bradesco — 1.9%
7. Orkut — 1.7%
8. Sulake Corporation — 1.5 %
9. Steam — 1.2%
10. Tibia — 1%

Percentages indicate the proportion of phishing sites verified in 2010 and associated with a given target.

So, the next time you are dealing with the above brands online, make sure that they are genuine and not spoofed websites. To know more about spoofed websites and how to protect yourselves from spoofed sites click here.

Secunia has recently released an security advisory on Google Chrome asking users to update to the latest version (8.0.552.237) of the browser. According to the advisory, multiple vulnerabilities have been found on the browser that can be exploited by malicious people to manipulate certain data and potentially compromise a user’s system.

The vulnerabilities are as follows:
1) An unspecified error exists within the extensions notification handling.

2) A second unspecified error exists when handling pointers within node iteration.

3) A third unspecified error exists when printing multi-page PDF files.

4) An error when handling CSS and canvas can be exploited to reference a stale pointer.

5) An error when handling CSS and cursors can be exploited to reference a stale pointer.

6) A use-after-free error when handling PDF pages can be exploited to reference freed memory.

7) An error due to an out-of-memory condition when processing PDF files can be exploited to cause stack corruption.

8 ) An error when handling mismatched video frame sizes can be exploited to reference invalid memory.

9) An error when handling SVG “” elements can be exploited to reference a stale pointer.

10) An error when handling rouge extensions can be exploited to reference an uninitialised pointer.

11) An error within the Vorbis decoder can be exploited to cause a buffer overflow.

12) An error within PDF shading can be exploited to cause a buffer overflow.

13) An error when handling anchors may result in an incorrect type cast.

14) An error when handling videos may result in an incorrect type cast.

15) An error after removal of a DOM node may result in a stale rendering node.

16) An error when handling speech can be exploited to reference a stale pointer.

Procedure to check the version:
1. Click the Tools menu .
2. Select About Google Chrome.
3. If the version is not 8.0.552.237 then click on the Update button and restart the browser.

Vulnerabilities in commonly used and popular software applications were being exploited by the hackers to contaminate the PCs. Adobe PDF Reader was one of the most commonly exploited software.

Adobe Reader 9 was known for its vulnerabilities in the year 2010, which kept evolving despite the number of security patches released by Adobe. In order to check it, Adobe Reader X was released with security enhancements like sandboxing protection for Windows XP/Vista/7 and protected mode view. However, the safety in using Adobe Reader X, especially for Windows OS is still questionable.

Security in 2010 for Adobe Reader
Adobe applications were already the most targeted client-software by attackers during the last quarter of 2009. A report from McAfee came up saying that Adobe Reader and Flash, will be the primary target for attacks in 2010. According to National Vulnerability Database, there have been around 60 vulnerabilities reported for Adobe Reader and Acrobat for Mac, nearly all of which are rated with a “high” severity, since January 2010. In some cases, the vulnerabilities were released after they were already exploited.

The number of security patches addressing critical security vulnerabilities have increased for the version 9 of Adobe Reader. Amid these, Adobe came up with Adobe Acrobat X (version 10.0) on November 15, 2010.

Why Adobe Reader was targeted?
While there are many other PDF readers in the market, Adobe is heard much of all in terms of security vulnerabilities. This can be because of -

• Adobe Reader supports JavaScript and Flash within PDFs. This creates opportunities for attackers to embed malicious codes in PDFs using these programming languages, that execute when you open the file.
• Adobe Reader supports embedded content for which it uses Parser (a bit of software) to interpret the content and display it properly. However, each bit of parsing code is a potential point of failure and is mostly exploited by hackers. Malformed content is used in PDFs to crash the parser and execute a memory corruption attack on the PC.
• The popularity of Adobe due to its support to the Windows is also one of the reasons why it is mostly targeted. Windows being the major OS with 91% market share in client PCs and Adobe being used in most of these PCs, hackers find it easy to hack into these PCs using vulnerabilities of Adobe. Adobe has Acrobat version for PDF reader in MAC OS, which isn’t reported to be targeted by attackers much.

Enhanced security features in X version
Adobe Reader X has many security advancements compared to its earlier versions. The majors being the following:

• The biggest security change in Reader X is the addition of Sandboxing or Adobe Reader Protected Mode – only for Windows. Sandboxing mitigates the risk of what an attacker can do even if they successfully exploit Reader. The risks covered include deployment of malware in the PC to changing the file system or registry of the PC.
• An intensive code hardening program was implemented to reduce vulnerabilities or security flaws in Reader. This security development process included a combination of testing, code review, and programming standards.
• Improved JavaScript blacklist framework, which allows you to disable only specific functions of JavaScript instead of completely disabling it.
• Altered way of prompting security alerts or preference settings. Especially for alerts, a yellow alert bar with descriptive text is dropped down, in place of Yes/No dialog boxes that users instinctively click without reading. The user will have to click on the Options in the text and choose one of them.

Adobe Reader X still not safe
The enhanced security features discussed above do not make Adobe Reader invulnerable. Sandbox mode only acts as a protection layer, preventing the attacker from writing files or installing malware on potential victims’ computers, even if the vulnerabilities are exploited. Other security features explained above depend on the preferences of the user. However, the version 10 of Adobe Reader is the best in terms of security, compared to its previous versions. If you are still using the older version of Reader click here to update.

Malware creators are getting innovative and looking for new ways to infect the PCs with malware. “Eternal vigilance is the price of freedom.” Similarly, the more you are watchful and aware of the security vulnerabilities and ways to defend them, the more you will be safer and secure.

Read the rest of this entry »