Napera

A recent study highlighted by Brian Krebs at the Washington Post offers a disturbing glimpse of the incredible amount of stolen data powering the cybercrime economy. The study, from the University of Mannheim, Germany, shows how cybercriminals are harvesting data en masse in order to profit from their malware.  Based on just a small subset of malware in the wild, this demonstrates how criminals are accessing personal information by the tens of thousands.

Read the full article…

For most malware authors, deriving profit from cybercrime is a simple numbers game. The more machines infected with malware that join a botnet, steal data via keyloggers or send spam, the more profitable the operation.

As a result, malware authors are always looking for new vectors for infecting victims. Although today’s vector of choice remains web browser exploits via compromised sites, this is self-limiting in the sense that the pool of people willing or able to visit a compromised site is somewhat small. When you consider that many malware infected machines are located in a network with other machines close by, compromising the local network is another way to quickly spread the infection. This behavior isn’t new – it goes back to the Morris Worm in 1988 and continued with Code Red and others in more recent times. New malware we’ve seen in 2008 such as Conficker, Gimmiv and Agent.BTZ looks for local hosts or network shares that can be compromised.

One of the original drivers behind network access control was the driving need to stop the spread of this type of network aware worm. The recent malware Trojan.Flush.M is an example that expands upon the network based attacks seen with a trojan like Conficker or Gimmiv to potentially compromise an entire network. Trojan.Flush.M does this by using a rogue DHCP server as a mechanism to change local domain name settings in a new spin on what is traditionally known as a pharming attack.

Read the full article…

Tis the season for out of schedule updates! Hot on the heels of last weeks bumper Patch Tuesday comes advance notice from Microsoft of an update for a recently discovered remote code execution vulnerability in Windows Internet Explorer 7. That update is apparently for Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.

The reason for the rush? Exploits for 961051 are in the wild already, and allegedly the bad guys are hacking legitimate websites via SQL injection attacks to host these exploits.

Read the full article…

IT teams have a hard enough time making sure users are keeping systems up to date and protected in a timely fashion to stop malware, and now they have a new threat to deal with. One of the less publicized trends during 2008 has been the continuing push by cybercriminals to distribute fake anti-virus programs that are actually malware and trick the end user into installing (and even paying) for them.

These slick looking programs, rife with phony Windows branding, are distributed online to unsuspecting users, usually via pop-up ads relying on scare tactics. I’ve also seen them appear on Google Adwords on occasion. Once installed, they contain the usual panoply of rootkits and bot software, but of course little in the way of actual anti-virus functionality. IT staff, particularly in smaller enterprises, need to educate users about these fake programs and take steps to protect the network in case a user does download one.

Read the full article…

2008 has been a malware roller coaster ride, and as the end of the year approaches, the bad guys appear to be picking up speed. Microsoft released six critical patches this morning, fixing remote code execution flaws in Windows, Word, Excel, Internet Explorer and Visual Basic. No news yet of exploits in the wild but they usually aren’t far behind.

These latest fixes come on the heels of a New York Times article which claims malicious software is spreading faster than ever and that the industry cannot get ahead of the onslaught, and many folks are saying we are losing the war.

Read the full article…

Today Napera released the results of our online survey of 200 small and medium-sized enterprises that revealed a high level of security risk and an overall lack of confidence among IT managers. Seventy percent of those surveyed received scores on the Napera Network Test indicating medium to high risk of a network security breach, and more than half of the respondents stated they do not have confidence in the security of devices and users on their networks.

The comment we heard most from folks who took the test was that the questions made them think about network security in a new way and they had never thought about the security risks the test revealed.

Read the full article…