|
Internet Security News
Breaking news and updates in Internet security
Last Updated: March 16th, 2010 07:04:15 CDT -0500
AVG Offers LimeWire Users Improved Protection
Given that file-sharing does indeed involve the sharing of files, it can be a dangerous practice, resulting in the spread of malware. Security experts should be pleased to hear, then, that LimeWire has teamed up with AVG to give its "Pro"-level users an additional layer of protection.
 | | AVG Offers LimeWire Users Improved Protection |  |
People who don't approve of file-sharing can view this as a sort of community health issue, perhaps similar to the way homeless individuals are given clean needles free of charge. Having less malware out there should benefit everybody in the end, since viruses don't just attack folks who break the law.
As for what, exactly, the new deal involves, a formal statement explained, "LimeWire LLC has licensed the AVG Anti-Virus SDK engine and has integrated the anti-virus/ anti-spyware protection into LimeWire Pro, its premium file sharing software. Through this partnership, all files will be scanned before LimeWire Pro will allow them to play or execute on an end user's computer, which prevents infected files from harming machines."
Jason Herskowitz, Limewire's vice president of product management, then said, "LimeWire is committed to providing peer-to-peer's best user experience and we are vigilant about user security. We are always looking for ways to improve, and with AVG's seamless integration into LimeWire, we will be providing users with peer-to-peer's most secure technology."
The LimeWire-AVG integration should be in effect now, and it doesn't appear that LimeWire will raise the price of its Pro service ($34.95 per year) as a result.
With any luck, this development will have a noticeable and immediate effect. LimeWire Pro users are likely to be trading lots more files than the average person, after all, so it may not take long for the benefits to become obvious.
The one problem might be if LimeWire Pro users - who are presumably somewhat tech-savvy - already have good security software in place, and it's regular LimeWire users who represent the real security risk.
Most Malicious Websites Hosted In U.S.
More than 40 percent of the world's malicious websites are hosted in the United States, according to a new research study from AVG Technologies.
 | | Most Malicious Websites Hosted In U.S. | |
The AVG research study is based on the analysis of threats reported during the last 6 months from AVG's 110 million global users of its LinkScanner security product. The research indicates an increase in malware serving websites targeting end users, which usually focus on stealing online baking information, credit card information, personal identities and passwords to social sites.
After the United States countries hosting the most malicious websites include Germany and China at just five percent each. Many of these malware-serving websites are legitimate sites compromised by hackers to serve exploits on their behalf. In total, exploitive servers were found in nearly 4,600 locations throughout the U.S.
AVG says it is important to note the research makes no statement about who owns or is directing the servers and the criminal networks are located all over the world.
"The results of this study shatter the myth that malicious code is primarily hosted in countries where e-crime laws are less developed," said Karel Obluk, Chief Technology Officer, AVG Technologies. "Our research shows that malicious content is much more likely to show up on web servers in the U.S. than one in Asia or Eastern Europe. This makes perfect sense since the USA is a primary target market for the criminals and has rich and mature Internet infrastructure making the threats both highly accessible and cheap to host."
"What is most striking is the clear rise in the number of malicious servers in the last six months. Today's hacking techniques are highly evasive so the average user cannot tell if a website is serving malware or not. A web security product is needed."
McAfee Warns Consumers Of Fake Antivirus Software
McAfee issued a warning today to consumers about "scareware," or fake antivirus software calling it possibly the most costly online scam in 2010, causing significant monetary loss and damage to users' computers.
 | | McAfee Warns Consumers Of Fake Antivirus Software | |
Scareware is the first scam outlined in McAfee's new Consumer Threat Alert program that warns people about the latest and most dangerous online threats.
"Even the savviest of computer users fall victim to online threats because cybercriminals have become so sophisticated," said Jeff Green, senior vice president of McAfee Labs.
"The Consumer Threat Alerts are a warning sound to keep consumers from falling victim to online dangers. We're on the front lines watching and protecting against threats, and we pass that knowledge onto consumers."
Scareware is one of the most widespread, dangerous and sophisticated online scams, victimizing an estimated one million people around the globe everyday. McAfee says cybercriminals make profits of $300 million worldwide from scamming consumers with scareware.
Fake antivirus software pops onto a users' screen and alerts the users their computer may be vulnerable. To disguise the scam, cybercriminals create legitimate looking logos of fake security companies.
The pop-up prompts the user to scan the computer for vulnerabilities, which they don't realize is fake, or even buy the "security software" which is actually malware in disguise. Cybercriminals get victims to input their credit card information, giving criminals' access to the user's computer and bank details.
"It's an incredibly lucrative business for cybercriminals," said Francois Paget from McAfee Labs, a security research expert.
"In fact, one company known as 'Innovative Marketing' made an estimated $180 million through these scams in one year, and more than four million consumers purchased their fake security software thinking it was real."
FBI Director Warns Of Cyber Threats
FBI Director Robert Mueller spoke about cyber threats along with how the U.S. is working with partners around the world to tackle them, during a keynote address at the annual RSA computer security conference in San Francisco on Thursday.
The Director said U.S. intelligence indicates the threat of cyber terror is "real and rapidly expanding," including the rise of extremist websites to recruit, radicalize, and incite violence.
Terrorists have yet to launch a full-scale cyber strike, but have "executed numerous denial-of-service attacks" and even defaced the website of the U.S. Congress following President Obama's recent State of the Union address. The Director told the crowd of cyber professionals that al Qaeda and other extremists "have shown a clear interest in pursuing hacking skills."
According to the Director, the FBI's cyber capabilities and partnerships include:
*Cyber squads in each field office nationwide, with over 1,000 specially trained agents, analysts, and digital forensic examiners who run complex undercover operations, share intelligence with law enforcement and intelligence partners, and provide training to counterparts around the world;
*More than 60 overseas offices-called legal attachs-that share information and coordinate joint investigations with their host countries;
*Agents embedded with police forces in Romania, Estonia, the Netherlands, and other countries; and
*Mobile Cyber Action Teams-highly-trained groups of agents, analysts, and experts in both computer forensics and malicious code who travel the world to respond to fast-moving cyber threats.
The Director stressed the relationship with the private sector is vital in reporting breaches of cyber security. "No one country, company, or agency can stop cyber crime," he said.
"A 'bar the windows and bolt the doors' mentality will not ensure our collective safety. We must start at the source; we must find those responsible."
Jail Sentences Not Certain For Mariposa Botnet Authors
Although the three men believed to be behind the Mariposa botnet were recently identified and arrested by Spanish authorities, it looks like they may avoid serving any jail time for their online trespasses. Spain's cybercrime laws are quite weak at the moment.
 | | Jail Sentences Not Certain For Mariposa Botnet Authors | |
According to Brian Krebs, Captain Cesar Lorenzana, who works for the Spanish Civil Guard, explained that prison sentences typically aren't associated with deeds committed from behind a keyboard. Plus, some things simply aren't against the law.
"In Spain, it is not a crime to own and operate a botnet or distribute malware," he said. "So even if we manage to prove they are using a botnet, we will need to prove they also were stealing identities and other things, and that is where our lines of investigation are focusing right now."
Furthermore, Krebs wrote, "[T]he men are all free on their own recognizance. . . . [T]hey are free to hoover up as much stolen data as they please, as the Mariposa working group has not yet been able to shutter the Web sites that served as the repository for personal and financial data stolen from people whose systems were ensnared by the bot."
The good news is that Spain is trying to modernize its laws, so even if the Mariposa's authors get off this time, they (and/or other cybercriminals) shouldn't be in the clear forever.
McAfee: Intellectual Property Poorly Guarded In Aurora Attacks
Google and the other companies that were affected by Operation Aurora had some commendable security measures in place, according to a new report from McAfee; you might consider them the virtual equivalents of steel doors with reinforced hinges. However, it turned out that the companies might have left their internal safe doors unlocked.
 | | McAfee: Intellectual Property Poorly Guarded In Aurora Attacks | |
George Kurtz, McAfee's CTO, explained late yesterday on the McAfee Security Insights Blog that he discovered some problems with respect to the companies' source code configuration management systems (SCMs). Enough problems to call them "inherently insecure," in fact, as he found that attackers were able to "siphon out source code or, worse, modify and add code."
Kurtz then continued, "SCMs are used by software engineers to manage their projects and are used to store source code, the crown jewels of any tech company."
And as you might suppose, leaving one's intellectual property exposed isn't the best way to run a business.
In response, McAfee is taking a closer look at how SCMs should be secured, and Perforce, which is a popular management system, has been scrutinized in what's supposed to be the first in a series of white papers.
These lessons should benefit a wide range of individuals and companies, considering that many organizations have probably modeled their security systems after what Google, Adobe, Rackspace, and other corporations hit by Operation Aurora have in place. Hopefully an Operation Aurora 2 will become impossible as a result. Or at the least, perhaps some less organized and skilled hackers will be repelled.
Meanwhile, efforts to identify the people behind Operation Aurora haven't progressed much since the last time we discussed them. A security company called Damballa did issue a statement earlier this week alleging that the hackers used a "garden variety botnet" and were "more amateur than average," but Google has disputed this claim.
Open Identity Exchange Launches
Online identity theft might become less of a problem in the future thanks to the efforts of Google, PayPal, Equifax, VeriSign, Verizon, CA, and Booz Allen Hamilton. Today, these organizations announced the formation of the Open Identity Exchange (OIX).
OIX is a nonprofit entity meant to make exchanging online identity credentials a more secure process. It's gotten off to a good start, too, having already been approved as a trust framework provider by the U.S. government.
This means that OIX solutions should at some point allow American citizens to access all sorts of vital information on the Web. Drummond Reed, Acting Executive Director of OIX, explained in a statement, "As we roll out progressively stronger levels of certification, this will empower U.S. citizens to access and manage their tax records, Social Security records, veteran's benefits, and many other government services online."
Also, "OIX is currently working on development of trust frameworks for public media, telecommunications, library services . . . and professional associations."
You may not have to wait long to see these possibilities brought to (figurative) life. In addition to being backed by so many important partners, OIX has received grants from the OpenID Foundation and Information Card Foundation, meaning it's probably in good financial shape.
M86 Security Finds URL Filters, Anti-Virus Scanners Ineffective
New data from M86 Security corroborates the widely held idea that anti-virus scanners and URL filters won't save careless Web users. Indeed, the security company estimates that more than half of all threats can evade these two means of detection, leaving people at risk from lots of nasty stuff.
 | | M86 Security Finds URL Filters, Anti-Virus Scanners Ineffective | |
M86 Security's new report, "Closing the Vulnerability Window in Today's Web Environment," indicates that anti-virus scanning correctly identifies just 39 percent of Web threats, which isn't exactly impressive. But the practice of URL filtering fares even worse, detecting just 3 percent of threats.
Assuming these figures are accurate, something obviously needs to be done, and it seems that adding a third layer of security may be the trick.
Bradley Anstis, the vice president technical strategy at M86 Security, explained in a statement, "To counter the specific cases that we analyzed in this report, and to ensure maximum efficiency, we believe a three-pronged approach of combining URL filtering, anti-virus scanning and real-time code analysis should be best practice."
This practice achieved a 100 percent success rate in M86 Security's testing. Although people should of course exhibit caution online no matter how well-protected their computers seem to be.
Qualys Introduces Malware Scanner For Sites
The beta version of a free service has become available to help website owners keep their properties safer. QualysGuard Malware Detection is designed to scan sites for malware infections and other threats, regardless of sites' size or the site owners' physical location.
 | | Qualys Introduces Malware Scanner For Sites | |
This service is supposed to do everything shy of solve a problem. The process starts with it conducting daily scans. Then, it'll alert sites' owners to any issues it uncovers. Finally, it should point out vulnerable snippets of code, making the removal of malware easier. All without delivering false positives.
Philippe Courtot, the chairman and CEO of Qualys, explained his company's motivation for introducing this service by stating, "We created QualysGuard Malware Detection as a way to fight against cybercrime and to make the Web a safer place for everyone."
He then continued, "This is a comprehensive free solution that arms businesses of all sizes to monitor malware threats on their web sites and take steps to remediate vulnerabilities."
Hopefully QualysGuard Malware Detection will live up to its billing. A free way of keeping sites and their visitors safe certainly sounds good, and is bound to become quite popular if it works well.
Laptops, CDs Alarm Governors, Credit Unions
Today's lesson - that stuff in the physical world can pose a security threat - is a simple one. It seems to be an important one, too, as governors and credit unions are receiving unsolicited and suspicious laptops and CDs.
 | | Laptops, CDs Alarm Governors, Credit Unions | |
The laptops may represent the more interesting development. Robert McMillan reports, "The U.S. Federal Bureau of Investigation is trying to figure out who is sending laptop computers to state governors across the U.S., including West Virginia Governor Joe Mahchin and Wyoming Governor Dave Freudenthal. . . . According to sources familiar with the investigation, other states have been targeted too . . ."
New HP laptops are apparently just showing up, unsought but ready for use, at government offices. That's fine if some Bill Gates-like figure has decided to give small gifts to our country's political leaders, of course. It's less fine if someone's trying to steal all of their passwords and whatever sort of public and private info they'd use the laptops to view.
As for the CDs, the problem appears to be smaller. Indeed, the discs probably just exposed some lapses in judgment. Malware infected CDs that were sent to credit unions were "part of an authorized pen[etration] test," according to Johannes Ulrich, who spoke with a Microsolved representative.
It doesn't look like any damage has been done, then. Just try to keep in mind the old warnings about knowing where stuff's been and gifts being too good to be true.
|
