Kidz Rage !

Security researchers at Trend Micro Inc. have spotted a Russian server loaded with more than 400 different pieces of malware that may be poised to launch a large-scale attack through malicious Web sites hosted in Italy.

Chenghuai Lu, a senior threat analyst at the Tokyo-based antivirus vendor, recently uncovered a site with several hundred malicious programs and traced the site’s server to a Russian IP address. Among the harbored malware were examples of three Trojan families: Dropper.cko, Clicker.qu and Polycrypt.g. All three clans typically hijack Internet Explorer on compromised PCs and direct users to adult Web sites.

Meanwhile, another Trend Micro researcher, senior software engineer Feike Hacquebord, discovered a large number of Italian-language Web sites that at first glance appeared to be compromised with malicious IFRAMEs, inserts in the HTML coding of a page, often JavaScript, that can hijack a PC whose browser visits the site. On second look, however, the Italian-style sites do not appear to have been hacked but instead were created with the IFRAMEs in mind. According to Trend Micro, the IFRAMES point to the malware-packed Russian site found by Lu.

“Looking at these massive samples of malware, we can’t help to think that there’s something brewing in Russia,” said Carolyn Guevarra, a third researcher at Trend Micro, on the team’s blog yesterday. “We have just seen these cybercriminals pull the ‘Italian Job’ recently,” she added. “Are we now seeing a ‘Russian Uprising’ coming our way?”

Guevarra’s Italian comment refers to a large-scale attack about six weeks ago that involved more than 10,000 hacked sites hosted in that country. Those attacks were guided by Mpack, a multistrike exploit tool kit that hackers had deployed on one or more servers; the compromised sites secretly directed users to an Mpack-equipped server, which then tried a number of exploits on the PC.

Trend Micro has blocked the malicious Web sites for its customers and is working to develop more information on the possible attack plot. “More details soon,” Guevarra promised.

Via Computerworld

Trend Micro Incorporated, a leader in network antivirus and Internet content security software and services, today published the TrendLabsSM Semi-annual Threat Roundup and Forecast. Analyzing malware trends that influence the economic growth of the malware world, the report demonstrates how malware attacks have changed in their style, motivation and target.

The era of the global malware outbreak is over. Today’s malware threats attempt to remain undetected and now often go after users in a specific region, country or group. These new attacks are of blended and sequential nature. They use combinations of malware, each of which plays a role in the delivery of the payload. Using the Web for delivery, update and entrenchments, such insidious attacks report back stolen information to the perpetrator, with the end goal of making money.

In the first six months of 2007, TrendLabs tracked several examples of just how the threat landscape has evolved, including “Storm” at the beginning of the year and the “Italian Job” most recently in June.

Via Topix

I found this interesting blog post on The Successes and Failures of the Security Industry on Computer Defense blog

The post covers 15 statements about security:

1) Today feels a lot like yesterday
2) The role of a Security Professional
3) There are too many so-called “Security Professionals”!
4) Security Breeds Apathy.
5) Security can be overwhelming
6) People are afraid of what they don’t understand.
7) Security is not seamless.
End users are ignorant
9) Not all security is right for you.
10) The World is a War Zone
11) It is no longer about the Chase, it is about the Money!
12) Attacks are Polymorphic.
13) Vendors and Security don’t match.
14) The industry is immature
15) 2+2=1

via ( Computer Defense )

How easy is it to digitally clone an electronic passport?

Very. Using an RFID reader purchased on eBay, white-hat hackers from DN-Systems consulting recently demonstrated to the BBC how they can download British e-passport data to their computer and then write it to a new, blank RFID chip to create a perfect digital clone. Sure, the hack requires access to the software used by border police, but apparently, this is already out in the wilds. Astounding, huh? Yeah, but it’s not new. This is the same hack we’ve seen repeatedly demonstrated in Germany, the US, The Netherlands, Ireland, etc.

What’s notable here is the lack of incredulity imparted by the spokesman for the UK Home Office who said, “It is hard to see why anyone would want to access the information on the chip.” Identify theft, maybe? True, British e-passports unlike those issued by other countries, do not (currently) store fingerprint scans in the chip and the encryption is just one aspect of the passport’s overall security. However, with these mechanisms also circumvented, shouldn’t our government officials be just a tad concerned?

I ended up with some hideous malware on my machine which was causing irritating popups and pop-under’s.  After searching around on the web for a quick seond i remembered about Trend Micro’s Free online tools:

In my opinion all pc users, music producers that use computers, should use this
 
Trend Micro PC-cillin Internet Security comprehensively safeguards your computers, home networks, and personal identity. E-mail, shop, share pictures, bank, and instant message, confidant this security software helps prevent malicious attacks and reduces time-consuming interruptions. PC-cillin identifies and automatically removes known viruses and spyware, filters annoying spam, warns about unauthorized wireless network access, blocks objectionable content, and identifies fraudulent phishing scams. PC-cillin features TrendSecure that offers additional security software and service protection, while you are conducting common online activities. It also entitles you to free phone support.
 
Version 2007 includes anti-fraud protection against phishing and pharming and cellphone security.
 
I use Trend products, and have never had a problem with any of my machines, other than the occasional hardware replacement.  As far up to Gateway protection, small & Medium size business’s all the way down to the home user / gamer / producer….I would recommend Trend by far.  Not to mention their technologies and software use the least amount of system resources, are easy to operate and most importantly WORK.

Virus creators and malware authors are moving with greater speed than ever before, exploiting gaps in company security networks and even using online communities to spread information about potential vulnerabilities, according to security experts at Trend Micro.

Executives at the company have pointed to two new developments which could threaten systems in the Middle East over the summer.

The first is the rise in the use of ‘bots’ and ‘bot networks,’ clusters of computers taken over without the owners’ knowledge and deployed to attack unsuspecting users in high numbers.

Botnets can be comprised of as few as a couple hundred computers, or be as large as tens – or even hundreds – of thousands of computers, all tied together by a common underlying infection, which enables the botmaster to remotely control them.

‘Botnets are frequently used as vehicles for quickly and efficiently spreading malware, and they are readily available to malware writers,’ said Trend Micro’s Jamz Yaneza, Senior Threat Analyst.

‘They are one of the most efficient ways to compromise computers for targeted attacks,’ adds Yaneza. ‘Botnets grant malware writers a wide array of power to inflict damage, from launching denial of service attacks to targeting financial institutions.’

In the Middle East, the traditionally long summer holidays – in addition to the large numbers of companies that don’t employ full-time IT security staff – means that these networks can go undetected for significant lengths of time, increasing the virulence of the attacks.

‘It’s definitely the case that the number of bot network attacks within the region is rising, and we’re also convinced that a higher proportion of computers have been drawn into these networks without their owners’ knowledge,’ said Justin Doo, Regional Director, Trend Micro Middle East and North Africa.

In addition, the company has also drawn attention to the potential damage that publicly-accessible online hacker communities can cause.

This phenomenon was underlined by the listing of three ‘proof-of-concept’ exploits on publicly-accessible Web sites in June this year, which would enable hackers to use the popular computer program Microsoft Excel as a vehicle to spread viruses.

‘It’s common for proof-of-concept code to become available shortly after the discovery of a vulnerability,’ said Yaneza. ‘Most malware writers these days don’t want to risk getting caught and going to jail, so they prefer to post the code to hacker sites to display their technical knowledge, but let somebody else use it for malicious purposes.’

Though such exploits may not immediately – or sometimes ever – be deployed in an actual attack, security experts at Trend Micro advise users to remain vigilant, nonetheless, since the code is readily available and can be employed by a malicious author at any time.

In fact, according to researchers at Trend Micro, one of these exploits has already been utilized in a targeted attack and further attacks are possible.

The experts recommend the following ‘tried-and-true’ policies to minimize the risk posed by these exploits:
• Do not open Excel files attached to any emails from those you don’t know;

• Do not open Excel attachments from those you do know, if you weren’t expecting an attachment from that person, or if the content of the email seems out of character for that person;

• In corporate settings, administrators should consider blocking all incoming Word, PowerPoint, and Excel files from external unverified sources by policy. Inter-company documents may be considered relatively safe from this particular threat, assuming no significant internal problem exists;

• Avoid opening externally-hosted Excel documents

• Ensure your antivirus definitions are up-to-date.

• Run a manual scan with your updated Trend Micro product, or with Housecall, Trend Micro’s free online virus scanner.

Trend Micro, Inc. has issued a warning to internet users to beware of spy-phishing, a technique that capitalises on the increasingly popular trend of blended threats to steal money and personal information.

Besides technological advances, the emergence of spy-phishing as a significant element in the threat landscape also highlights the shift in the intent of malware writers. Previous generations of malware writers developed their programs chiefly to show off their expertise, unlike current writers who are interested in financial gain.

Spy-phishing is done by using Trojan spyware, or software that secretly installs itself on a computer and extracts personal information without the user’s knowledge. According to the Trend Micro Trojan Spyware Index, the incidence of Trojan spyware has increased by over 250 per cent over the past 16 months. Similarly, according to a report published by the Anti-Phishing Working Group, an average of more than 188 new samples of Trojan spyware have been utilised in spy-phishing attacks each month in the first four months of 2006 – a 234 per cent increase over the same period in 2005. “Spy-phishing is anything that causes financial or intellectual loss,” explains Jamz Yaneza, senior threat researcher at Trend Micro. “Spy-phishing’s direct antecedents are spyware, phishing, and backdoor Trojans. It is a blended threat that uses phishing techniques to initially present itself to users, and then typically engages a host of other techniques and exploits to surreptitiously download and install spyware applications in the background. These applications often download additional spyware applications to extend their functionality.”

The five per cent of spyware that can be considered to be malicious is intended solely to steal passwords, bank account information, credit card numbers, social security numbers, and then use that information for illegal purposes.

Phishing, in which the identity of a target organisation is stolen in order to steal identities of unsuspecting customers, frequently uses professional-looking, HTML-based e-mails that include company logos, font styles, colors, graphics, and other elements to successfully spoof the supposed sender. Most also contain a link to a Web site, which is an exact replica of the spoofed site, to lure users into parting with their personal information. Backdoor Trojans are malware programmes that perform unexpected or unauthorized actions on the user’s computer and enable unauthorised access by remote systems.

Online money transfer service, E-gold, has been attacked in the past with spy-phishing emails and classical phishing. A trojan EXE was used to steal information that was sent as an attachment in an email. These attacks are similar to phishing in that they spam potential victims, but instead of giving a link to a fake website, they include a trojan in the message. The trojan monitors web traffic in order to steal the usernames/passwords to banking websites.

Spy-phishing offers malicious authors a variety of applications and uses. While individual end-users are an obvious target, enterprises and their work force have more to lose from spy-phishing exploits.  “Businesses of all sizes are potentially at risk, as spy-phishing can also just as easily be utilised for corporate espionage,” says Yaneza. “In fact, due to the Trojan components, and the long-term stealth capabilities they employ, the threat to sensitive corporate information is perhaps greater than is the risk to the individual.”

“There is a growing sophistication of techniques used to target vulnerable individuals. Besides regularly updating security software, firms need to realise that enterprise phishing relies on tricking people. They need to instill a healthy dose of scepticism into employees when it comes to trusting emails and web sites. Enterprises need to adopt a strategy of strength and depth,” says Justin Doo, regional director, Trend Micro Middle East and North Africa.

Trend Micro Inc. on Monday launched the 2007 edition of its consumer security suite with features and pricing to take on Microsoft’s OneCare.

PC-cillin Internet Security 2007 comes with a price tag identical to OneCare — $49.95 for a three-PC family license — and includes anti-virus, anti-spyware, anti-spam, and anti-phishing defenses; a personal firewall; and wireless and Smart phone protections.

Sold by annual subscription, the suite also boasts access to TrendSecure, Trend Micro’s new online security services. Trend Micro is positioning TrendSecure, which offers tools to encrypt folders and protect users who surf from public PCs, such as those at Internet cafes, as a step toward online-delivered software-as-a-service.

“This is a hybrid of software and services,” said Lane Bess, the global general manager of consumer products and services at Trend. “TrendSecure is a collection of Web services and [shows] a shift in our direction.”

The move also allowed TrendSecure to offload some components to the Web, which was important because consumers want smaller-footprint security software, Bess argued.

Like Microsoft, with its OneCare software, and its traditional rivals — Symantec and McAfee — Trend moved toward an annual subscription model with the 2007 edition. “I think this is the last version [of Internet Security] where we’ll attach a date,” Bess said. “We’re really looking to move away from annual releases and toward an 8- to 12-week cycle on updating features and services.”

Trend also matched Microsoft’s price and three-PC license, something McAfee didn’t when it released its revamped consumer software this summer. (Symantec has not yet disclosed price or licensing plans for Norton 360, its next-generation consumer package.) “The consumer doesn’t want to buy a copy for each PC in the house, they want to buy a service or a subscription.”

Although it competes with Microsoft for consumer security dollars, Trend is also closely cooperating with the Redmond, Wash. developer on Vista in order to make sure its follow-on efforts work well with the next version of Windows.

“I think consumers will feel Vista is more secure, but that they’ll say ‘I still need to buy a security service,’” Bess said. “We plan to sync the release of our Vista security product as closely as possible with the OS’s release.”

PC-cillin Internet Security 2007 is available immediately.

By Gregg Keizer, TechWeb Technology News

RSS feed from http://www.techweb.com

Sure, they did not get to blow up a couple planes, but they did manage to make the TSA impose all kinds of idiotic new rules. This is a victory for them. Let us live normal lives. I bet if someone were to tell them that there is a new bomb you can set off by thinking about it, they would ban thinking.

Update 8/24/06
Bruce Schneier says it much better over at Wired. I hope this propegates a new meme. Antiterror: the ability for the press and politicians to refuse (not just resist) to make a big deal about any terrorist related events. Bush says, “Either you are with us, or you are with the terrorists.” I say “Either you are for terror or you are anitterror.”