http://www.securitypronews.com Breaking news and updates in Internet security en-us Wed, 10 Mar 2010 11:59:01 EST rrobinson@ientry.com mike@ientry.com http://www.securitypronews.com/rss.gif http://www.securitypronews.com 55 266 http://www.SecurityProNews.com/insiderreports/insider/spn-49-20100310MostMaliciousWebsitesHostedInUS.html

Most Malicious Websites Hosted In U.S.

The AVG research study is based on the analysis of threats reported during the last 6 months from AVG's 110 million global users of its LinkScanner security product. The research indicates an increase in malware serving websites targeting end users, which usually focus on stealing online baking information, credit card information, personal identities and passwords to social sites.

After the United States countries hosting the most malicious websites include Germany and China at just five percent each. Many of these malware-serving websites are legitimate sites compromised by hackers to serve exploits on their behalf. In total, exploitive servers were found in nearly 4,600 locations throughout the U.S.

AVG says it is important to note the research makes no statement about who owns or is directing the servers and the criminal networks are located all over the world.

"The results of this study shatter the myth that malicious code is primarily hosted in countries where e-crime laws are less developed," said Karel Obluk, Chief Technology Officer, AVG Technologies. "Our research shows that malicious content is much more likely to show up on web servers in the U.S. than one in Asia or Eastern Europe. This makes perfect sense since the USA is a primary target market for the criminals and has rich and mature Internet infrastructure making the threats both highly accessible and cheap to host."

"What is most striking is the clear rise in the number of malicious servers in the last six months. Today's hacking techniques are highly evasive so the average user cannot tell if a website is serving malware or not. A web security product is needed."

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20100309McAfeeWarnsConsumersOfFakeAntivirusSoftware.html

McAfee Warns Consumers Of Fake Antivirus Software

Scareware is the first scam outlined in McAfee's new Consumer Threat Alert program that warns people about the latest and most dangerous online threats.

"Even the savviest of computer users fall victim to online threats because cybercriminals have become so sophisticated," said Jeff Green, senior vice president of McAfee Labs.

"The Consumer Threat Alerts are a warning sound to keep consumers from falling victim to online dangers. We're on the front lines watching and protecting against threats, and we pass that knowledge onto consumers."

Scareware is one of the most widespread, dangerous and sophisticated online scams, victimizing an estimated one million people around the globe everyday. McAfee says cybercriminals make profits of $300 million worldwide from scamming consumers with scareware.

Fake antivirus software pops onto a users' screen and alerts the users their computer may be vulnerable. To disguise the scam, cybercriminals create legitimate looking logos of fake security companies.

The pop-up prompts the user to scan the computer for vulnerabilities, which they don't realize is fake, or even buy the "security software" which is actually malware in disguise. Cybercriminals get victims to input their credit card information, giving criminals' access to the user's computer and bank details.

"It's an incredibly lucrative business for cybercriminals," said Francois Paget from McAfee Labs, a security research expert.

"In fact, one company known as 'Innovative Marketing' made an estimated $180 million through these scams in one year, and more than four million consumers purchased their fake security software thinking it was real."

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20100308FBIDirectorWarnsOfCyberThreats.html
The Director said U.S. intelligence indicates the threat of cyber terror is "real and rapidly expanding," including the rise of extremist websites to recruit, radicalize, and incite violence.

Terrorists have yet to launch a full-scale cyber strike, but have "executed numerous denial-of-service attacks" and even defaced the website of the U.S. Congress following President Obama's recent State of the Union address. The Director told the crowd of cyber professionals that al Qaeda and other extremists "have shown a clear interest in pursuing hacking skills."

According to the Director, the FBI's cyber capabilities and partnerships include:

*Cyber squads in each field office nationwide, with over 1,000 specially trained agents, analysts, and digital forensic examiners who run complex undercover operations, share intelligence with law enforcement and intelligence partners, and provide training to counterparts around the world;

*More than 60 overseas offices-called legal attachs-that share information and coordinate joint investigations with their host countries;

*Agents embedded with police forces in Romania, Estonia, the Netherlands, and other countries; and

*Mobile Cyber Action Teams-highly-trained groups of agents, analysts, and experts in both computer forensics and malicious code who travel the world to respond to fast-moving cyber threats.

The Director stressed the relationship with the private sector is vital in reporting breaches of cyber security. "No one country, company, or agency can stop cyber crime," he said.

"A 'bar the windows and bolt the doors' mentality will not ensure our collective safety. We must start at the source; we must find those responsible."

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20100305JailSentencesNotCertainForMariposaBotnetAuthors.html

Jail Sentences Not Certain For Mariposa Botnet Authors

According to Brian Krebs, Captain Cesar Lorenzana, who works for the Spanish Civil Guard, explained that prison sentences typically aren't associated with deeds committed from behind a keyboard. Plus, some things simply aren't against the law.

"In Spain, it is not a crime to own and operate a botnet or distribute malware," he said. "So even if we manage to prove they are using a botnet, we will need to prove they also were stealing identities and other things, and that is where our lines of investigation are focusing right now."

Furthermore, Krebs wrote, "[T]he men are all free on their own recognizance. . . . [T]hey are free to hoover up as much stolen data as they please, as the Mariposa working group has not yet been able to shutter the Web sites that served as the repository for personal and financial data stolen from people whose systems were ensnared by the bot."

The good news is that Spain is trying to modernize its laws, so even if the Mariposa's authors get off this time, they (and/or other cybercriminals) shouldn't be in the clear forever.

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20100304McAfeeIntellectualPropertyPoorlyGuardedInAuroraAttacks.html

McAfee: Intellectual Property Poorly Guarded In Aurora Attacks

George Kurtz, McAfee's CTO, explained late yesterday on the McAfee Security Insights Blog that he discovered some problems with respect to the companies' source code configuration management systems (SCMs). Enough problems to call them "inherently insecure," in fact, as he found that attackers were able to "siphon out source code or, worse, modify and add code."

Kurtz then continued, "SCMs are used by software engineers to manage their projects and are used to store source code, the crown jewels of any tech company."

And as you might suppose, leaving one's intellectual property exposed isn't the best way to run a business.

In response, McAfee is taking a closer look at how SCMs should be secured, and Perforce, which is a popular management system, has been scrutinized in what's supposed to be the first in a series of white papers.

These lessons should benefit a wide range of individuals and companies, considering that many organizations have probably modeled their security systems after what Google, Adobe, Rackspace, and other corporations hit by Operation Aurora have in place. Hopefully an Operation Aurora 2 will become impossible as a result. Or at the least, perhaps some less organized and skilled hackers will be repelled.

Meanwhile, efforts to identify the people behind Operation Aurora haven't progressed much since the last time we discussed them. A security company called Damballa did issue a statement earlier this week alleging that the hackers used a "garden variety botnet" and were "more amateur than average," but Google has disputed this claim.

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20100303OpenIdentityExchangeLaunches.html
OIX is a nonprofit entity meant to make exchanging online identity credentials a more secure process. It's gotten off to a good start, too, having already been approved as a trust framework provider by the U.S. government.

This means that OIX solutions should at some point allow American citizens to access all sorts of vital information on the Web. Drummond Reed, Acting Executive Director of OIX, explained in a statement, "As we roll out progressively stronger levels of certification, this will empower U.S. citizens to access and manage their tax records, Social Security records, veteran's benefits, and many other government services online."

Also, "OIX is currently working on development of trust frameworks for public media, telecommunications, library services . . . and professional associations."

You may not have to wait long to see these possibilities brought to (figurative) life. In addition to being backed by so many important partners, OIX has received grants from the OpenID Foundation and Information Card Foundation, meaning it's probably in good financial shape.

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20100302M86SecurityFindsURLFiltersAntiVirusScannersIneffective.html

M86 Security Finds URL Filters, Anti-Virus Scanners Ineffective

M86 Security's new report, "Closing the Vulnerability Window in Today's Web Environment," indicates that anti-virus scanning correctly identifies just 39 percent of Web threats, which isn't exactly impressive. But the practice of URL filtering fares even worse, detecting just 3 percent of threats.

Assuming these figures are accurate, something obviously needs to be done, and it seems that adding a third layer of security may be the trick.

Bradley Anstis, the vice president technical strategy at M86 Security, explained in a statement, "To counter the specific cases that we analyzed in this report, and to ensure maximum efficiency, we believe a three-pronged approach of combining URL filtering, anti-virus scanning and real-time code analysis should be best practice."

This practice achieved a 100 percent success rate in M86 Security's testing. Although people should of course exhibit caution online no matter how well-protected their computers seem to be.

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20100301QualysIntroducesMalwareScannerForSites.html

Qualys Introduces Malware Scanner For Sites

This service is supposed to do everything shy of solve a problem. The process starts with it conducting daily scans. Then, it'll alert sites' owners to any issues it uncovers. Finally, it should point out vulnerable snippets of code, making the removal of malware easier. All without delivering false positives.

Philippe Courtot, the chairman and CEO of Qualys, explained his company's motivation for introducing this service by stating, "We created QualysGuard Malware Detection as a way to fight against cybercrime and to make the Web a safer place for everyone."

He then continued, "This is a comprehensive free solution that arms businesses of all sizes to monitor malware threats on their web sites and take steps to remediate vulnerabilities."

Hopefully QualysGuard Malware Detection will live up to its billing. A free way of keeping sites and their visitors safe certainly sounds good, and is bound to become quite popular if it works well.

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20100226NYMansPleadsGuiltyToSellingPiratedSoftwareOnline.html
According to court documents, Robert Cimino, 59, of Syracuse, N.Y., advertised the sale of discounted popular software programs on a number of Internet advertising forums, operating under the business name "SoftwareSuite."

Customers would contact Cimino by email and would usually buy the products using PayPal. Cimino would mail them pirated copies of Adobe, Autodesk, Intuit and Quark programs he had burned to CD or DVD to the customers. Cimino admitted that from February 2006 to September 2009, he received at least $270,035 from his sales of infringing software products.

Cimino is scheduled to be sentenced by U.S. District Judge Anthony J. Trenga on May 28, 2010. Cimino faces a maximum sentence of five years in prison, three years of supervised release, a $250,000 fine, restitution and forfeiture.

]]> SecurityProNews Insider Reports http://www.SecurityProNews.com/insiderreports/insider/spn-49-20100225USSchoolsFallShortOnCybersecurityEducation.html

U.S. Schools Fall Short On Cybersecurity Education

More than three quarters of teachers have spent fewer than six hours on education related to cyberethics, cybersafety, and cybersecurity in the last 12 months; more than 50% of teachers reported their school districts do not require these subjects as curriculum; and only 35% taught proper online conduct.

Key highlights of the survey include:

*More than 90% of technology coordinators school administrators and teachers support teaching cyberethics, cybersafety and cybersecurity in schools. However, only 35% of teachers and just over half of school administrators report that their school districts require cyberethics, cybersafety, and cybersecurity in their curriculum.

*Low levels of integration of key cyberethics, cybersecurity, and cybersafety topics into everyday instructional activities. For example, only 27% of teachers taught about the safe use of social networks, only 18% taught about scams, fraud and social engineering, and only 19% taught about safe passwords in the past 12 months. Additionally, 32% of teachers indicated they had not taught cyberethics, and 44% of teachers had not taught cybersafety or cybersecurity.

*Differing opinions between teachers and administrators as to who is or should be responsible (parents vs. teachers) for educating students about cyberethics, cybersafety, and cybersecurity. For example, while 72% of teachers indicated that parents bear the primary responsibility for teaching these topics, 51% of school administrators indicate that teachers are responsible.

"The study illuminates that there is no cohesive effort to provide young people the education they need to safely and securely navigate the digital age and prepare them as digital citizens and employees," said Michael Kaiser, Executive Director of the National Cyber Security Alliance. "Unfortunately, we are not meeting the needs of schools, teachers, or students.

The survey also found schools rely on shielding students instead of teaching behaviors for safe and secure Internet use. More than 90 percent of schools have built up digital defenses, such as filtering and blocking social networking sites, to protect children on school networks. Those measures may help reduce the online risks children face at school, they do not prepare students to act more safely when accessing the Internet at home or on mobile devices.

]]> SecurityProNews Insider Reports