Secure Today

What can you do to help prevent the spread of rogues and make sure that rogue software vendors stop profiting from their unscrupulous business? Follow these tips below to tell what’s real and what’s not when it comes to security software – and share them with friends and family who may be vulnerable to rogue threats.

1. Do not fall for scare tactics. While browsing sites, be cautious of pop-ups warning you that your system is infected and offering a product to clean it up. Never pay for a program that installed itself to your computer. This is a hallmark of rogue software.

2. Use security software with real-time protection and keep it up-to-date. If you know that you have anti-virus, anti-spyware, and a firewall on your PC, you can safely ignore security alerts you receive that do not come from your chosen security software provider. (Rogue security software will often try to lure computer uses by using legitimate looking pop-up messages that appear to be security alerts.) Also, most anti-malware programs will help keep you protected from rogues because they can detect and remove these programs.

3. Access experts at security forums and ask about the software you are considering before you decide to purchase it.

4. Read the software reviews at reputable sites like Download.com. Do not blindly trust individual sites offering security products.

5. Ask knowledgeable friends and family members about quality software they use. Keep in mind that when you search for trustworthy security software online, rogue products can, and often do, appear in the search results list.

6. Practice online skepticism. Be aware that rogue security software does exist on the Web, and be vigilant about avoiding it. These programs are designed to appear genuine – meaning they may mimic legitimate programs, use false awards and reviews to rope you in, or employ other deceptive tactics. It’s also a good idea to familiarize yourself with common phishing scams, and to be cautious of links in e-mail messages and on social networking sites.

Author: Erin Earley, editor of Lavasoft News.

—

NOTE: Original article is posted on Help Net Security website: http://www.net-security.org/malware_news.php?id=1245. You can subscribe to their news for up-to-date security news and articles.
Follow us on Twitter: @securetoday.

Most of organizations have spend enormous effort and money to  bring up the defenses against external attacks. Equally important is how we secure our internal assets from various threats in an ongoing basis. The presence of unsupported Operating System & applications within enterprise is one such great threat which is often neglected or missed out.

In the recent Conficker outbreak globally many customers had presence of infection on unsupported OS, making them impossible to patch as Microsoft patches were not available. Reason being those Operating systems already completed 5 year Microsoft support, crossed extended support and came to the category of “retired” OS. The presence of such un-patched unsupported systems are not limited to Microsoft environment but equally in other flavors like Linux, Mac etc. These are safe homes for virus, Trojans, bots and pose significant risk by itself. Quite interestingly most of these legacy or old systems wont be seen in DNS. Such systems pose a significant risk to the organization by itself. Continues measures needs to be taken to identify such systems or applications and get them decommissioned!

These systems or applications are present in most of the organizations for various reasons..

1. LEGACY: A good numbers of them were either used to run legacy applications and are now forgotten or abandoned or lost interest in up-gradation.
2. BUNDLED DEVICES:Others are still being used for embedded applications/controllers like security camera, printers etc. Its quite possible that individual risk assessment of these components gets left out.
3. BUSINESS REQUIREMENT:There might be a business need for such systems to support specific application. Its an unseen risk until the organization analyze the threat it can bring in.

The situation is little scary if they are noticed in critically risky environments ( like thermo nuclear plants, hydro electric plats,real-time systems, defense,medical system, government establishments) where the risk associated with such bundled products are enormously high.

Read the rest of this entry »

Just finished attending McAfee’s monthly Hacking Exposed Live Special Edition to cover the “Operation Aurora”, which I talked about in my yesterday’s post. As always, Stuart McGlure demonstrated a simple and quick exploit to show how easy it is for this exploit to be executed in a vulnerable system.

In McGlure’s demo, he accessed his customized website using IE-6, which is vulnerable to the attack and showed how the exploit is downloaded to the machine, saved, decoded, and ran. Exploits like these make it really scary for everyone because it does not even require the end user to perform anything such as clicking or downloading something.

To make things worst, the downloaded file was a jpg (or could be gif, png). To some, it could be an image file. But it is actually an executable file. The process is automatic. The jpg file is downloaded, repackaged, and then the binary is executed. The payload could be anything as installing a backdoor Trojan that sits in your computer to steal information, or it could be a nasty virus that wipes out your entire data.

While I’ve been stressing enough to everyone to be very aware about clicking links from emails or visiting suspicious websites, sometimes at the end of the day, it boils down to your system protection. What are your protections, walls, or shields from this evildoers? Do you have your system locked down, or updated, or patched?

PATCH. One best thing really to do is to patch your system so you are not vulnerable. Today, Microsoft released an out-of-band security patch to addressed this 0-day vulnerability. I highly recommend you to install this patch as your first line of defense. Here is the link: http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx. Again, do not install any third-party patches. Trust only the one that comes from Microsoft. Currently, I am attending the Microsfot’s Out-of-Band Security Release bulletin webcast, which they covered what is included in this patch.

BROWSE. It is also discovered that other versions of IE, not only IE-6 could be vulnerable to this attack. So, it is not a bad idea to use an alternate browser like Firefox, Opera, or Chrome. I might also include your favorite email clients such as Outlook can easily launch the attack too, since email is displayed in HTML. So be aware of all the doors where this attack can get in.

DEFENSE. For home users it is highly needed you have an antivirus software and an up-to-date virus definitions. Having host firewall or IPS also adds more layer of protection. In corporate world, taking advantage of the powerful features of your Firewall, Proxy, nIPS, hIPS, and your Antivirus is very crucial.

Inline proxies can block those file download that are suspicious or deemed infected, thereby, protecting the corporate users behind the proxies. With a good signature and inline IDS, you can also block or drop these attacks or traffic. And an updated Antivirus can catch this before it can wreak havoc. Multiple line of defense implemented correctly give you and your company a better protection.

So again, download and install the patch now, it is available from the link above; update your antivirus – protect yourself!

Haiti Earthquake Landslide

The recent earthquake disaster that struck Haiti is sometimes unbearable to watch. With an estimate of 80,000 death and rising or 200,000 according to Haitian government. The damages sum up to billion of dollars. It is indeed a disaster that melts your heart in pity.

More than 5 years ago, a colossal disaster hit Indonesia and other parts of the world with an earthquake in the Indian ocean that caused huge and deadly tsunamis in Indonesia, Sri Lanka, Africa, and other countries. All of these sad stories easily spread out the Internet, including heart-touching pictures.

These stories always touch the heart of many. And this is exactly what bad guys take advantage of. In a previous post about Phishing, we’ve uncovered how it works. This is what these scammers is going to use again to exploit vulnerable people. So again, BEWARE of these scam emails asking for donations to help Haiti Earthquake victims. They can appear legitimate but always ensure that you do not click on any link they provide.

Example below is a capture from McAfee’s blog of what could be a similar scam email to lure to donating money to them. This one is from a French origin.

Haiti Scam email

Last week the United States FBI released an immediate warning and reminder to Internet users to be very diligent and apply critical eyes in responding to emails asking for donations of the aftermath of the Haiti earthquake. I’ve outlined below with their guidelines:

Read the rest of this entry »

Aurora Borealis or the Northern Light is a jaw-dropping awe vista to witness. I have not witnessed one but it’s one of my dreams. While we know the beauty of it, there is another and different aurora (not borealis) that is not to be messed with.

The Operation Aurora dubbed by McAfee to describe the very recent Microsoft’s Internet Explorer Zero-Day vulnerability is a “coordinated attack which included a piece of computer code that exploits a vulnerability in Internet Explorer to gain access to computer systems.” It was used to exploit Google and other 30 more companies as previously reported. Last Friday, George Kurtz, McAfee’s CTO talked in his Security blog about the Aurora exploit that is used to attack Google in December is now in public.

Any zero-day vulnerability is always a bad thing. Two weeks ago, one of my older computers crashed and for what I know it could be caused by this same exploit. While the discovery of this vulnerability has been a while now, Microsoft has yet to release an official patch.

The bad thing is, there are third-party patches out there that have gone out to provide temporary fix for this vulnerability. I would not really recommend installing these third-party patches since we don’t know what the ill-effects in the long run. The good news is, Microsoft is going to release a patch tomorrow, January 21st. Read Microsoft’s Bulletin.

To learn more about Operation Aurora from McAfee, watch the video from George Kurtz and the McAfee team here.

Read the rest of this entry »