• Categories

  • Browsers
  • Business Software
  • Communications
  • Desktop Enhancements
  • Developer Tools
  • Digital Photo Software
  • Downloads
  • Drivers
  • Educational Software
  • Games
  • Graphic Design Software
  • Home Software
  • Internet Software
  • iTunes and iPod Software
  • Linux
  • MP3 Audio Software
  • Networking Software
  • Productivity Software
  • Screensavers and Wallpaper
  • Security Software
  • Software News
  • Utilities and Operating Systems
  • Video Software

• Archives

  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009

• Links

  • Gadget Mania
  • Gadget Reviews
  • USB World
  

• Meta

  • Log in
  • WordPress
  • XHTML

Panda Security reports over 13 Million users affected by Mariposa Botnet

India, Mexico, Brazil and Korea Hardest Hit by Massive Attack

Following the worldwide shutdown of the Mariposa botnet last week, Panda Security reported today that the massive botnet had infected 13 million computers in 190 countries and 31,901 cities. The take down was the result of a collaborative operation spearheaded by Panda Security, Defence Intelligence, the FBI and Spanish Guardia Civil, resulting in three arrests.

According to Luis Corrons, Technical Director of PandaLabs, “The highest infection ratios are found in countries where computer security education is not a priority. However, in countries where cyber security awareness campaigns have been prioritized over the last few years, like the United States, Germany, UK and Japan, the number of infections was significantly lower.”

The cities most affected by Mariposa were Seoul (5.36 percent of compromised IP addresses), Bombay (4.45 percent) and New Delhi (4.27 percent). The top 10 infected cities are as follows:

1 Seoul 5.36%
2 Bombay 4.45%
3 New Delhi 4.27%
4 Mexico City 3.89%
5 Bogota 2.68%
6 Lima 1.98%
7 Kiev 1.68%
8 Bangalore 1.39%
9 Islamabad 1.24%
10 Tehran 1.23%

When looking at the infection rate by country, India leads the ranking (19.14 percent of all infections), followed by Mexico (with 12.85 percent) and Brazil (7.74 percent). The U.S. ranked 20th out of the 190 countries where computers were infected (with 1.05 percent).

The top 10 infected countries are as follows:

Country %
1 INDIA 19.14
2 MEXICO 12,85
3 BRAZIL 7.74
4 KOREA 7.24
5 COLOMBIA 4.94
6 RUSSIA 3.14
7 EGYPT 2.99
8 MALAYSIA 2.86
9 UKRAINE 2.69
10 PAKISTAN 2.55

An image of the above Mariposa infection breakdown by country can be found at http://www.flickr.com/photos/panda_security/4419015337/.

“The coordinated effort of all Mariposa Working Group members led to the worldwide shutdown of the Mariposa botnet on December 23 at 11:00 am ET. On that date, we seized control of the communication channels used by Mariposa, effectively severing the botnet from its criminal creators and redirecting all requests to a server controlled by us. At that time we realized the huge number of IP addresses controlled by the bot, almost 13 million, and determined the astonishing number of affected countries and cities. The compromised IP addresses include personal, government and corporate computers,” explains Corrons.

An image of the global infection map can be found here: http://www.flickr.com/photos/panda_security/4419780176/.

The Georgia Institute of Technology has plotted the progress of the Mariposa Botnet in an animation available at http://fritz.cc.gt.atl.ga.us/mariposa/mariposa_major_victim_areas.avi. According to David Dagon, Ph.D. Candidate at the Georgia Institute of Technology, “I think a remarkable aspect of this botnet is that it reverses the normal expectations about infections. Usually, the press tells us that ‘eastern’ botmasters are attacking ‘western’ victims. In Mariposa’s case, we tend to see the opposite: some botmasters in the west, and victims in the east. The lesson learned is that we all face a common threat.”

Panda Security recommends that all users – home users and companies alike – perform an in-depth scan of their computers to make sure they are not infected by the Mariposa bot. Individuals and businesses can do so by using the company’s free online scanner Panda ActiveScan or downloading its free cloud-based antivirus service Panda Cloud Antivirus from www.cloudantivirus.com.

Trend Micro Threat Research Report: 9 Million ZeuS attacks blocked by Trend Micro in the last 6 months

Trend Micro has seen a recent rise in average of around 300 unique ZeuS samples per day, according to a recent threat report that examines the Eastern European criminal enterprise behind one of the world’s most prolific crimeware kits designed for wholesale monetary theft. Trend Micro witnessed more than 13,000 unique ZeuS samples within January 2010 alone.

“ZeuS is nothing new – we’ve seen it at work for years. But what’s alarming is the recent rise in attacks,” said Raimund Genes, CTO of Trend Micro. “It’s one of the most notorious security threats to Internet users and Trend Micro is fighting back: In the last 6 months, we’ve blocked about 9 million ZeuS attacks and we’re not stopping.”

Latest developments

For the greater part of last year, Trend Micro discovered that ZeuS variants were also distributed via the Avalanche botnet – a fast-flux botnet — which sent spammed messages en masse. The spam runs imitated several popular social networking sites. The cybercriminals behind the operations even tried to copy email messages and Web sites of U.S. government institutions like the Federal Deposit Insurance Corporation (FDIC), the Centers for Disease Control and Prevention (CDC), the Social Security Administration (SSA), and the Internal Revenue Service (IRS).

Another significant feature that was recently added to the current ZeuS versions is the “Jabber” functionality. Jabber is an open source instant messaging protocol and JabberZeuS is a ZeuS variant where the credentials stolen during a banking session are relayed in real-time to the ZeuS botmaster via instant messages so she can immediately log in to the same account undetected using the same credentials as the victim.

ZeuS-BREDOLAB connections

According to Trend Micro research, BREDOLAB and ZeuS are individual tools that are freely available in the cybercriminal underground. Their uses complement each other, which is why they’re often seen together. While ZeuS specializes in stealing information from infected systems, BREDOLAB enables cybercriminal organizations to deliver any kind of software to its victims. Once a user’s machine is infected by BREDOLAB, it will receive regular malware updates the same way it receives software updates from the user’s security vendor.

Poor economy fueling ZeuS

The success of ZeuS is partly attributed to cybercriminals’ ability to recruit money mules that move their stolen money around through bogus work-from-home scams. Given the current economic situation in the United States–with millions of people out of work–cybercriminals know they have a high success rate in recruiting accomplices.

Work-from-home recruits are instructed to provide bank account information, which the cybercriminals use to access compromised online bank accounts and to wire money amounting to less than US$10,000 to money mules, indicating that they are fully aware of banking alert limits. The money mules then wire the money back to Eastern Europe.

How can companies protect themselves?

Designed to quietly steal banking information and other sensitive data, the ZeuS botnet can turn itself off to remain undetected. Trend Micro offers the most advanced technology and expertise to immediately eliminate botnet attacks. The Trend Micro(TM) Smart Protection Network(TM) provides instant, real-time protection and is the infrastructure behind Trend Micro products. It correlates more than 20 billion emails, Web sites and files a day, using that data to immediately identify and respond to the latest emerging threats.

Trend Micro Recommends

– Home & Home Office Products Trend Micro(TM) Internet Security
– Small Business Products Worry-Free(TM) Business Security Standard/Advanced and Services
– Medium Business/Enterprise OfficeScan(TM) Client/Server Edition Threat Management Services InterScan(TM) Messaging Hosted Security InterScan(TM) Web Security

ZeuS and other bots now control more than 100 million computers worldwide. If you’re concerned that info-stealing malware is on your network, sign up for a free Security Threat Assessment today.

For the full research report, visit: http://us.trendmicro.com/us/trendwatch/research-and-analysis/white-papers-and- articles/index.html

SonicWALL identifies growing threat of cybercriminals attacking new searches

Over 284 Top Search Terms attacked over the last 7 days with 6600 Malicious URLS; Threat team outlines tips to protect against searching threats

SonicWALL announced it identified that cybercriminals are continuing to attack Google’s top search items. In the last 7 days, more than 284 top search terms have been attacked by more than 6600 malicious URLS. The threat team has found up to nine of the top 20 search terms are under attack at any one time. To help individuals defend against these types of threats, SonicWALL’s threat research team has identified certain search terms that have returned the greatest number of malicious sites and has developed several tips for combing through search terms.

“Cybercriminals use whatever is at their disposal to spread malware. In this instance they are launching attacks against Google’s top search terms that identify the most popular stories of the day,” said Deepen Desai, Lead Malware Researcher, SonicWALL. “These criminals are now going after these top search terms using their knowledge to insert malware infected websites almost immediately after people show interest in a particular news site.”

Using social engineering tactics, cybercriminals are able to jump onto the latest news events ranking high on Hot Search to draw more traffic to their infected websites. Search Engine Optimization (SEO) tactics are then used to make the websites show up higher in the search results, thus making it more likely that individuals will click on them.

The counter offensive to remove these threats is on-going. However, some sites have remained within search results for a number of hours before being removed. Recent and topical infected searches include:

• A search on “elinor burkett” within a 24 hour period between March 8th and 9th presented 40 unique malicious URLs appearing in Google search’s top 30 results.
• A search on “the new tenants” on March 8th presented 56 unique malicious URLs appearing in Google search’s top 30 results.

SonicWALL suggests you remember the following tips when searching for a news event:

• Be diligent when clicking on the links that show up in search engine results. Be sure to look at the URL before you click on it. Quite often the legitimate sites show up with complete readable sentences in their description whereas the malicious sites show up with jumbled keywords.
• If you do click on a malicious website, quickly get out of it. Most of the malware found redirect to fake antivirus websites that pretend to discover malware on a computer and offers to sell antivirus software that will clean it up.
• Make sure that your antivirus is up to date. Use defense-in-depth by layering protection, having antivirus both on the gateway and the client.
• Steer clear of any kind of video codecs or protection software executables downloads prompted by most of these sites.
• Do not execute any files that come through e-mail attachments.

For more information and to track the latest network and e-mail security threats, go to: http://www.sonicwall.com/securitycenter.asp?tab=NS

Introducing the Fraud Prevention Suite to combat fraud in international eCommerce

Wirecard AG Presents a Further Development in the Field of Risk Management

Munich-based Wirecard AG introduces the Fraud Prevention Suite, a further development within the scope of its risk management product line. By means of a refined analytics system, fraud patterns automatically identified in the field of electronic online payments processing are now directly included in bodies of rules to combat fraud in international eCommerce.

The Fraud Prevention Suite provides merchants with optimum fraud detection facilities, combined with a simultaneous minimization of the number of transactions erroneously categorized as being suspected of fraud. This is because portfolio data is used to optimize sets of rules by means of integrated simulation functions to assess the relationship between identified cases of fraud to rejected, regular transactions.

Not only are merchants operating with an international reach exposed to fraud attempts more frequently; they also have to contend with a larger variety of fraud patterns than merchants trading within a single country. Particularly as far as credit card processing on a global scale is concerned, the challenge is to be able to identify fraud better and faster and to take preventive steps to counteract fraud.

“Online fraud is becoming increasingly sophisticated internationally,” says Heiner Kallweit, Head of Product Line Risk & Fraud Prevention at Wirecard AG. “On the basis of our many years’ experience, in combination with new software developed we have created a solution which, based on extensive possibilities of analyzing inventory data, identifies online fraud before damage or loss can occur,” adding: “In this context, the behavior patterns differ completely from one industry segment to another, making it necessary for industry-specific parameters of relevance relating to fraud to be included in fraud detection as such. In the case of airlines, for instance, these are the route, method of payment, flight class or advance booking periods. The system even identifies complex patterns to distinguish genuine transactions from fraudulent ones.”

Wirecard AG has adjusted its new Fraud Prevention Suite solution to the requirements of the core industries of eCommerce: consumer goods, airlines/tourism and digital goods.

The range on offer from technology services provider Wirecard comprises individually tailored, industry- and customer-specific payment and risk management systems, ranging from special BSP solutions for airlines, tele-shopping and Internet trading all the way through to PoS terminal solutions in the stationary segment. The services of the online-oriented Wirecard Bank complement and extend the array of products and services for business customers to include credit card acceptance agreements (acquiring), banking services and innovative prepaid card products.

Panda Security and Defence Intelligence coordinate massive botnet shutdown with international law enforcement

Collaborative cybercrime investigation results in three arrests, more pending

Personal and financial data compromised from massive cyber attack impacting nearly 13 million unique IP addresses, 50 percent of Fortune 1000 companies

Preliminary damages estimated to be in the millions of dollars

According to IT security firms Panda Security and Defence Intelligence, the Mariposa botnet, a massive network of infected computers designed to steal sensitive information, has been shutdown and three suspected criminals accused of operating the botnet have been arrested by Spanish law enforcement. Mariposa stole account information for social media sites and other online email services, usernames and passwords, banking credentials, and credit card data through infiltrating an estimated 12.7 million compromised personal, corporate, government and university IP addresses in more than 190 countries. The botnet was shutdown and rendered inactive on December 23rd, 2009 thanks to the collaborative effort of different security experts and law enforcement, including Panda Security, Defence Intelligence, the FBI and Spanish Guardia Civil.

With almost 13 million compromised computers, Mariposa is one of the largest botnets ever reported on record. Christopher Davis, CEO for Defence Intelligence, who first discovered the Mariposa botnet, explains: “It would be easier for me to provide a list of the Fortune 1000 companies that weren’t compromised, rather than the long list of those who were.”

Following the discovery of Mariposa’s existence in May 2009, Defence Intelligence, Panda Security and the Georgia Tech Information Security Center spearheaded the Mariposa Working Group as a collaborative effort with other international security experts and law enforcement agencies to eradicate the botnet and bring the perpetrators to justice. The main botmaster, nicknamed “Netkairo” and “hamlet1917″, as well as his immediate botnet operator partners, “Ostiator” and “Johnyloleante”, were arrested earlier this month.

Pedro Bustamante, senior research advisor at Panda Security, said: “Our preliminary analysis indicates that the botmasters did not have advanced hacking skills. This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss. We’re extremely proud of the coordinated effort made by all of the Mariposa Working Group members and the speed at which we were able to bring down this massive botnet and the criminals behind it.”

Late last year, the Mariposa Working Group infiltrated the command-and-control structure of Mariposa to observe the communication channels used by the suspected botmasters. These channels relay information from the compromised computers to the perpetrators and are commonplace, similar to those used by the Zeus, Conficker and Koobface botnets or as shown recently in the Google/Aurora operation. After analyzing the main command-and-control servers the Working Group was able to facilitate the coordinated worldwide shutdown of the Mariposa Botnet on December 23rd. Panda Security is currently leading a comprehensive analysis of the malware, as well as coordinating international communication among other antivirus companies to ensure that their signatures are updated.

Highlights from Panda Security’s preliminary analysis include:

– Once infected by the Mariposa bot client, the botmaster installed different malware (advanced keyloggers, banking trojans like Zeus, remote access trojans, etc.) in order to gain additional functionality into the zombie PCs.
– The botmaster made money by selling parts of the botnet, installing pay-per-install toolbars, selling stolen credentials for online services and using the stolen banking credentials and credit cards to make transactions to overseas mules.
– The Mariposa botnet spread extremely effectively via P2P networks, USB drives, and MSN links.

A more comprehensive report from Panda Security’s forensic analysis will be available at http://pandalabs.pandasecurity.com/ shortly. In the meantime a short description of the Mariposa botnet software can be found at http://www.pandasecurity.com/homeusers/security-info/217587/ButterflyBot.A.

“Once again, the coordinated efforts of various international law enforcement agencies and Spain’s Guardia Civil, together with the Internet security industry, have been able to tackle the global threat of cyber-crime,” said Juan Salom, commander of the Cybercrime Unit of the Guardia Civil.

According to Dave Dagon at the Georgia Tech Information Security Center: “Instead of making pie charts, we should treat a botnet as a crime scene and not just a research project.”

The Mariposa Working Group has officially seized control of the communication channels used by Mariposa, effectively severing the botnet from its criminal creators. In an apparent act of retaliation, a Distributed Denial of Service (DDoS) attack was initiated against Defence Intelligence shortly after the botnet was shut down in December. The attack was powerful enough to impact one large Internet Service Provider, many of whose customers were knocked offline for several hours.

According to a representative from CDmon, the ISP that collaborated in the investigation and where the criminal domains were hosted: “We are pleased to have been able to support this international operation, along with the Spanish Guardia Civil, Panda Security, Defence Intelligence and other law enforcement agencies, and to help bring down the botnet. CDmon is strongly committed to the concept of quality Internet, guaranteeing standards of quality and security across all our services. This collaborative effort is a big win in the fight against cybercrime.”

“We will continue to fight the threat of botnets and the criminals behind them,” says Davis. “We’ll start by dismantling their infrastructure and won’t stop until they’re standing in front of a judge.”

Defence Intelligence and Panda Security are attempting to contact affected organizations. To find out if your organization has been compromised, contact compromise@defintel.com or info@pandasecurity.com.

Cybercriminals continue to show their love for Valentine’s Day

PandaLabs provides tips for Internet users to protect their PCs from holiday-themed malware

PandaLabs, Panda Security’s malware analysis and detection laboratory, warns that cybercriminals are continuing to exploit Valentine’s Day with holiday-themed malware as a lure to trick users and infect computers.

As in years past, Internet users can expect to see numerous e-mails this weekend with links to malicious downloads, which are often perpetrated through romantic greeting cards or messages with subject lines related to Valentine’s Day. In 2010, cyber-crooks are also exploiting social networking sites such as Facebook or Twitter.

Social engineering remains cyber-crooks’ preferred technique for deceiving users. In these cases, cybercriminals obtain confidential information from users by convincing them to take a series of actions: a carefully selected social engineering ploy convinces users to hand over their data or install a malicious program, which captures information and sends it to fraudsters.

“The continued use of social engineering by cyber-crooks is a good indication of the high infection rate that this technique achieves. The technique works well, so criminals will continue to use it until people stop falling for it,” explains Luis Corrons, technical director of PandaLabs.

PandaLabs recommends Internet users follow these guidelines to avoid falling victim to computer threats this Valentine’s Day:

– Don’t open e-mails or messages received on social networks from unknown senders.

– Do not click any links included in e-mail messages, even if they come from reliable sources. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications.

– If you do click on any such links, take a close look at the page you arrive at. If you don’t recognize it, close your browser.

– Do not run attached files that come from unknown sources. Stay on the alert for files that claim to be Valentine’s Day greeting cards, romantic videos or another related ploy.

– If a page seems legitimate but asks you to download something, you should be suspicious and choose not to accept the download.

– If, in any event, you download and install any type of executable file and you begin to see unusual messages on your computer, you have probably been infected with malware.

– If you are making any purchases online related to Valentine’s Day, type the address of the store in the browser, rather than going through any links that have been sent to you.

– Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page. To check if a page is secure, look for the security certificate in the form of a small yellow padlock next to the toolbar or in the bottom right-hand corner of the screen.

– Don’t use shared or public computers for making transactions or operations that require you to enter passwords or other personal details.

– Have an effective security solution installed that is capable of detecting both known and new malware strains.

Solutionary identifies Top Security Risks and provides precautionary tips for Winter Olympic Games

Company encourages businesses, event advertisers, and corporate and individual attendees to remain vigilant and take information security precautions

Solutionary, has identified the top information and data security risks facing businesses, Olympic advertisers and attendees of the upcoming Winter Olympic Games in Vancouver from February 12th to 28th. In addition, the company has provided precautionary tips to help these people and organizations protect their data and assets.

Solutionary is a trusted security advisor to companies of all sizes around the world, processing more than 300 billion events annually through the company’s Security Operations Centers (SOC). Solutionary’s certified SOC analysts and technology offer 24/7 live and automated event monitoring to ensure the highest levels of protection.

“Hackers, spammers and scammers often take advantage of major events, like the Olympics, to steal confidential consumer and corporate data and information or to generally create chaos,” said Don Gray, Chief Security Strategist of Solutionary. “Since the 2008 Games, new and more malicious threats have surfaced and attacks are more prevalent, from the Google email hacks to Twitter and Facebook denial of service (DDOS) attacks. In the age of Web 2.0 and constant connectivity, it’s more important than ever for businesses and individuals alike to remain vigilant about information security – especially around an event of such international significance.”

Solutionary’s information and cyber security experts have identified the following as the top five information security risks around the Olympics:

Social Networks & Instant Messaging (IM) – In recent months, sites and services like Facebook, Twitter and MSN Messenger have been repeatedly targeted by hackers. Keep your guard up, even during the excitement of the Games. Who you are connecting to? How you are connecting to them? Are you sharing information that could be used for social engineering? Never share files thru IM services and connect only to branded, trusted information sources.

Masquerading Wireless Networks - Always know what network you are connecting to and avoid unsecured wireless networks. Only connect to networks associated with trusted brands/providers and be sure to verify names and credentials of the access points.

Malvertising – Website ads containing malicious exploit code may be hosted by unsuspecting websites in an attempt to maximize online ad revenue around the Games.

Hacktivism – Nationalistic pride can be a powerful motivator in driving hackers to initiate attacks. In the recent Google hacking incident there was evidence of retaliatory hacking affecting Baidu.com.

Whaling – Corporate executives and guests should be trained to recognize attempts to target them, their laptops, and phones for exploit. Promotional items can easily be faked. Emails, devices, CDs, and memory sticks can all convey malicious software.

Solutionary’s experts recommend Olympic attendees, advertisers and Vancouver-area businesses take the below security precautions, at a minimum, leading up to and during the Games:

Awareness – Make sure everyone in your network – whether it’s your kids or your employees – is aware of potential threats. If they are aware of heightened risk, they will be more vigilant and likely to flag suspicious activity or items.

Protect Endpoints - Attendees must protect mobile computers and phones as these devices often are targeted for the data they contain as well
as an exploit path for stealing account credentials, credit card information, etc.

If you can, leave them at home. Consider limiting yourself to one pocket-able device that’s easy to keep track of.

If you must have a laptop, ensure that it is up to date with the latest patches, anti-X (virus, spyware, malware) software.

Remove all non-essential data from laptop before traveling – especially if it’s confidential or sensitive.

If you must travel with sensitive or confidential data, employ strong whole disk encryption.

Check, Double-Check and Re-Check Security Processes – Local businesses and advertisers should review their information security countermeasures, validate that patches are up-to-date, that web applications are not vulnerable, and that wireless networks are secured using WPA/WPA2 authentication and TKIP/AES encryption.

Log Monitoring – Local businesses involved with the Games and advertisers must recognize that their participation brings about the possibility of increased motivated attackers targeting them for nationalistic or political reasons. Ensure security log monitoring is adequate to handle the increased threat level and volume.

Check ATM’s – Attendees and local financial institutions should be vigilant about checking for ATM pin-pad skimmers. Most pin-pad skimmers can be detected by careful examination and physical checking as they are often taped on top of the real card-entry mechanism on the ATM. If there is any doubt, find another ATM to be safe.

Top 10 Malware Threats for January

Leading anti-malware developer finds continued prevalence of Trojan horse programs

Sunbelt Software announced the top 10 most prevalent malware threats for the month of January 2010. The report, compiled from monthly scans performed by Sunbelt’s award-winning anti-malware solution, VIPRE® Antivirus + Antispyware, and its antispyware tool, CounterSpy®, is a service of SunbeltLabs(TM).

In January, the malware landscape remained remarkably similar to December, according to Sunbelt Software ThreatNet statistics. The top seven detections were the same as December, but in a slightly different order. In December and January, six of the top 10 detections were Trojan horse programs.

Trojan.Win32.Generic!BT – a generic detection for Trojans that comprised nearly one quarter (23.15 percent) of all the malware found. It remained in the top position for the third month in a row, growing by nearly 20 percent from 18.69 percent of all detections in December. It is a detection that includes many downloaders associated with scareware or rogue security products.

After holding the top spot on the list for most of 2009, the password-stealing Trojan-Spy.Win32.Zbot.gen held the second position on the list for the third consecutive month, decreasing from 6.23 to 4.91 percent of all detections.

“I think we can expect to see Trojan horse programs continue to be the top detections for the foreseeable future,” said Michael St. Neitzel, Sunbelt Software vice president of Threat Research. “Trojans used to download and install a wide variety of other malware and those are the real moneymakers for the bad guys.”

Other Trojans in the top 10 were:
– Trojan.Win32.Generic!SB.0
– Trojan.Win32.Malware
– Trojan.ASF.Wimad (v)
– Trojan.HTML.FakeAlert.a (v)

Meanwhile, three new detections moved onto this month’s top 10 list. Virtumonde — a generalized description of an adware program with many versions of pop up advertising — constituted 1.23 percent of overall detections. Packed.Win32.TDSS.aa.3 (v) — a sophisticated rootkit and Trojan that is used primarily to redirect search engine results — made up 1.21 percent. Finally, Trojan.HTML.FakeAlert.a (v) — a detection for an HTML file which replaces a desktop background and works with other rogue malware — made up just under one percent of all detections.

The top 10 results represent the number of times a particular malware infection was detected during VIPRE and CounterSpy scans that report back to ThreatNet, Sunbelt’s community of opt-in users. These threats are classified as moderate to severe based on method of installation among other criteria established by SunbeltLabs. The majority of these threats propagate through stealth installations or social engineering.

The top 10 most prevalent malware threats for the month of January are:
1. Trojan.Win32.Generic!BT 23.15%
2. Trojan-Spy.Win32.Zbot.gen 4.91%
3. Exploit.PDF-JS.Gen (v) 4.55%
4. Trojan.Win32.Generic!SB.0 2.40%
5. Trojan.Win32.Malware 1.93%
6. Trojan.ASF.Wimad (v) 1.92%
7. INF.Autorun (v) 1.46%
8. Virtumonde 1.23%
9. Packed.Win32.TDSS.aa.3 (v) 1.21%
10. Trojan.HTML.FakeAlert.a (v) 0.98%

Source: Sunbelt Software

Hacker attacks targeting healthcare organizations doubled in the 4th Quarter of 2009

SecureWorks®, Inc., a leading global provider of information security services protecting 2,700 clients worldwide, reported  that attempted hacker attacks launched at its healthcare clients doubled in the fourth quarter of 2009.

Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. Attempted attacks against other types of organizations, protected by SecureWorks, did not increase in the fourth quarter.

“From October through December of 2009, we blocked hundreds of SQL Injection and Butterfly/Mariposa Bot malware attacks launched at our healthcare clients. These attempted attacks were responsible for the increase in our attack statistics,” said Hunter King, security researcher with SecureWorks’ Counter Threat Unit(SM) (CTU).

In the Fall of 2009, SecureWorks and the security community began tracking a new wave of attacks involving the latest version of the Butterfly/Mariposa Bot malware, according to King. If a computer is infected with the Butterfly malware, it can be used to steal data stored by the victim’s browser (including passwords), launch Distributed Denial of Service attacks, spread via USB devices or peer to peer, and download additional malware onto the infected computer.

SQL Injection attacks target vulnerabilities in organizations’ web applications. “We also saw a resurgence of SQL Injection attacks beginning in October,” continued King. “They were being launched at legitimate websites so as to spread the Gumblar Trojan. Although SQL Injection is a well known attack technique, we continue to read news reports where it has been used successfully by cyber criminals to steal sensitive data,” said King. One of the most recent cases reported involved American citizen Albert Gonzalez who was charged, along with two unnamed Russians, with the theft of 130 million credit card numbers using SQL Injection.

Factors Contributing to Healthcare Attacks
1. Valuable Data Stores – Healthcare organizations often store valuable data such as a patient’s Social Security number, insurance and/or financial account data, birth date, name, billing address, and phone, making them a desirable target to cyber criminals.
2. Large Attack Landscape – Because of the nature of their business, healthcare organizations have large attack surfaces. Healthcare entities have to provide access to many external networks and web applications so as to stay connected with their patients, employees, insurers and business partners. This increases their risk to cyber attacks.

“In order for healthcare organizations to effectively protect their sensitive patient data, they should consider employing a defense-in-depth strategy. This approach involves implementing multiple layers of protection to shield the organization from current and emerging threats,” said Jon Ramsey, CTO for SecureWorks.

SecureWorks has outlined a set of information security guidelines to assist the healthcare industry in protecting their patient data from cyber attacks and other data breaches. Adopting these security measures will also assist organizations in demonstrating their adherence to the HIPAA regulations and the requirements outlined in the new Health Information Technology for Economic and Clinical Health (HITECH) Act.

The HITECH Act has extended the HIPAA regulations to apply not only to healthcare providers, insurers and healthcare clearinghouses, but also to business associates that are handling personal information about patient health, as well as other protected information, including name, social security number, address and insurance account numbers. These associates must adhere to the Security Safeguards Rules outlined by HIPAA. The HITECH Act has also added a data-breach notification requirement and increased penalties for violation of the HIPAA rules.

SecureWorks’ Recommended Information Security Guidelines for the Healthcare Industry

Security Risk Assessments – Performing regular security risk assessments will give your organization a much better understanding of the actual risks posed to your Protected Health Information (PHI) and Personally Identifiable Information (PII). This process will also look at the controls you have in place compared with regulatory requirements, and help you determine if there are any gaps. It will also give you an opportunity to compare your security posture with others in the industry. Recommendations made as a part of this process can be integrated into your overall information security program, keeping your security safeguards current, as well as helping your organization show diligence and a commitment to compliance.
Intrusion Prevention and Detection Services (IPS/IDS) – The implementation of IDS and IPS enables you to detect and block attempts by cyber criminals to access data on your servers and your network. Proactive alerting mechanisms and monitoring services can notify you of attempted cyber attacks and allow you to respond in real-time as a component of your Information Security Program. It is much less costly, both from a monetary and reputational perspective, to prevent a cyber breach then to be faced with notifying affected individuals and the Department of Health and Human Services (HHS), as required by the HITECH Act.
Data Loss Prevention (DLP) - A DLP solution can help monitor your network traffic for possible leakage of PII such as social security numbers and PHI, such as Health Level 7 (HL7) codes (medical standards/procedures codes), etc.
Log Monitoring – Log Monitoring centralizes and correlates audit logs from your applications and systems to allow you to identify improper access to sensitive patient data from internal or external sources. Proactive monitoring or regular reviews of logs is a key step in ensuring that your patient data is secure, as well as in meeting the short time-window required by the HITECH Act for notification of a breach.
Web Application Security Testing and Web Application Firewalls – Web applications are becoming more common in healthcare environments. Due to their increasing role in the IT business environment and prevalence of security flaws, web applications are a frequent target of Internet hackers. Healthcare organizations and business associates should perform web application security testing regularly and when
significant changes are made to the web applications in order to protect against current security threats. Also, the implementation of a web application firewall can help protect against emerging attacks being launched from cyber criminals.
Encryption – Implementing strong encryption policies and technologies on mobile devices, laptops, portable storage and backup tapes is key to reducing your risks with regards to improper data disclosure.

SecureWorks currently protects 82 healthcare clients in the US. Attack statistics provided are from a 12-month study of 38 clients using SecureWorks’ Managed Intrusion Detection and Prevention service (IDS/IPS) at the edge of their network, giving SecureWorks visibility into all attempted network attacks while blocking them. In addition to healthcare organizations, SecureWorks protects banks, utilities, retailers, technology providers and government organizations. For more information on IT security solutions for healthcare organizations, please visit http://www.secureworks.com/compliance/industries/healthcare.

RSA Global Survey reveals confidence in social networking security shaken as online crime rises

More than 4,500 people divulge concerns with safety of personal information on the Internet and a desire for better identity protection, in survey from EMC’s security division

Two in three people reluctant to share on social networks

Three in ten people fall prey to phishing attacks; a six-fold increase in just two years

RSA, The Security Division of EMC, announced the results of its 2010 Global Online Consumer Security Survey that polled more than 4,500 consumers regarding their awareness of online threats, concerns with the safety of their personal information online and their willingness to share it, and desire for better identity protection.

Of the more significant survey findings, consumer awareness of phishing attacks has doubled between 2007 and 2009 and the number of consumers who reported falling prey to this attack increased six times during that same period of time. In addition, while hundreds of thousands of people join social networking websites each day, the survey exposed that nearly two in three (65 percent) people who belong to these online communities indicated they are less likely(1) to interact or share information due to their growing security concerns.

Social networking websites have become a hotbed for online criminals because of their global reach and the participation by hundreds of millions of active users from all walks of life. This makes these communities prime targets for exploitation by criminals who seek to steal personal information through socially engineered attacks. Reflective of this trend, the survey exposed that four out of five (81 percent) people using social networking websites displayed concern(2) with the safety of their personal information online.

“Fraudsters continue to fine-tune their array of tactics that result in millions of computers becoming infected with Trojans and other malware,” said Christopher Young, Senior Vice President at RSA. “These online criminals are adept at social engineering with at-the-ready phishing attacks that are launched within moments of breaking news about popular celebrities, professional athletes or serious global events. In these cases, people are lured to legitimate websites infected with malware as well as complete fakes designed to look like well-known news sources. Within these websites, Trojans can easily be masked as ‘required’ updates to a media player which can result in countless computers becoming infected with malware. While it’s difficult to prevent consumers from visiting these websites, we can do a better job of protecting those who do.”

Consumers more aware of phishing threats, but new attack methods dupe six times as many in just two years

In a similar RSA survey in 2007, one in three (38 percent) consumers reported they were aware of the threat of a phishing attack – and this figure doubled in two years(3) where three in four (76 percent) consumers have become aware. Additionally, in RSA’s 2010 survey, nine in ten consumers (89 percent) reported concerns caused by the threat of phishing.

Despite increased awareness, there have been a growing number of online users that have fallen victim to a phishing attack. In the 2007 RSA survey, only one in twenty (5 percent) consumers cited they had fallen victim to a phishing scam – and this rate increased six-times in 2009 to represent three in ten (29 percent) consumers. This increase can be attributed to more advanced communications tactics and greater sophistication such as improved writing and web design skills on the part of the fraudsters. Phishing attacks have also evolved in an attempt to exploit users in different ways and through a broader variety of methods including offshoots known as “vishing”, “smishing” and “spear phishing.”

The sheer volume of phishing attacks launched in recent months is also contributing to these trends. The RSA® Anti-Fraud Command Center recently reported(4) the highest-yet detected rates of phishing attacks between August and October 2009, as well as a 17 percent increase in the total number of attacks between 2008 and 2009.

An increase in consumer knowledge of online threats is further evident from the growth in the number of respondents that expressed awareness of Trojans. In 2007, 63 percent of consumers stated that they were aware of Trojans and in 2009 that figure climbed to 81 percent.

Consumers’ safety concerns translate to significant eagerness for better identity protection

Online banking continues to provide significant levels of convenience for consumers, with quick access to checking and savings accounts, the ability to pay bills automatically, transfer funds and perform other financial transactions. There is dramatic adoption of the use of social networks in which people use to form and nurture personal and professional relationships with each other. Finally, healthcare organizations as well as local, state and federal government agencies are bringing the power and convenience of online services to the consumer – offering access to personal healthcare records, driver’s license renewals and payment of tax bills.

The RSA survey revealed that consumers using online banking (86 percent) websites shared more concern with the theft of their personal information than those using healthcare portals (64 percent) and government websites (68 percent). As a result of these concerns, more than half of all consumers reported that they are less likely to share information and interact on these websites.

Consumers agreed that their identities should be better protected than a simple username and password on social networking (59 percent), healthcare (64 percent), government (70 percent) and online banking (80 percent) websites. Nine in ten consumers are willing to use a stronger form of security if offered.

Young continued, “Consumer education and awareness is one of the first lines of defense in the ongoing battle against online crime. Organizations will continue to take advantage of the many benefits offered by the Internet and consumers will seek the convenience offered online – all despite the inherent risks. In order to maximize the full value of what the online world can offer, organizations need to take a layered approach to Internet security in order to best protect their customers’ information.”

Survey Methodology
– Respondents totaled 4,539 consumers between the ages of 18 and 65
– Conducted in October 2009 by market research firm InfoSurv, Inc.
– Represented 22 countries across North America, South America, Europe and Asia Pacific
– All respondents actively use the Internet

Addendum
(1) “Less likely” = “somewhat less likely” + “much less likely”
(2) “Concerned” = “somewhat concerned” + “very concerned”
(3) The 2010 Global Online Consumer Security Survey was conducted in October 2009
(4) Source: RSA Monthly Online Fraud Report, November 2009

Source: EMC Corporation

Next Page »

• Recent Posts

  • Wordfast Pro 2.3 for Windows
  • Panda Security reports over 13 Million users affected by Mariposa Botnet
  • Trend Micro Threat Research Report: 9 Million ZeuS attacks blocked by Trend Micro in the last 6 months
  • SonicWALL identifies growing threat of cybercriminals attacking new searches
  • Introducing the Fraud Prevention Suite to combat fraud in international eCommerce
  • Panda Security and Defence Intelligence coordinate massive botnet shutdown with international law enforcement
  • SAP Business One 8.8 beckons new era of software for small businesses
  • Microsoft announces global launch of Windows MultiPoint Server 2010
  • SIIA announces finalists for 2010 CODiE Awards in Education categories
  • New Emotional Technology in KODAK Picture Kiosks creates opportunity to tap into trillions of images
  • Cybercriminals continue to show their love for Valentine’s Day
  • Tableau launches free software to make data social
  • Apple releases Aperture 3
  • Solutionary identifies Top Security Risks and provides precautionary tips for Winter Olympic Games
  • Top 10 Malware Threats for January

• Tags

  2009 2010 America antivirus Apple application beta browser business Conficker cybercriminals data protection download educational encryption free Home Software IBM internet iPhone Mac Malware Microsoft news office online PandaLabs Panda Security productivity protection safety security Security Software service software Software News tech technology threats Trend Micro United States US USA Windows Windows 7