The PowerShift Program puts a world of resources at your fingertips.
Login Page:
http://powershift.netgear.com/ 
Apply to be a Partner:
http://powershift.netgear.com/et.cfm?eid=register
Forgot Password:
http://powershift.netgear.com/et.cfm?eid=resend_password
Not Yet a Partner? Learn More
Language or region not listed above?
Visit our Contact Us page to locate detailed regional contact information using our worldwide map.
Check back soon for deployment of more international websites.
From wireless routers and adapters to Layer 3 Managed Switches we have the networking equipment you need for your home or small business.
Visit NETGEAR.com
Purchase your license key(s) today for your ProSecure® STM and UTM appliances.
Posted By Pete at 3:18 PM, March 27, 2009
Remember the Kido (Conficker, Downadup) worm that has been talked about again and again on this blog (and just about every other security Web site)? Well, just when you think things have settled down, they've (the worm's creators) made it bigger and badder. Variant "C" of the worm has recently hit the scenes and now feature a variety of new tricks that make it even harder to detect than ever before, tricks like replicating itself into 5 different Windows system folders, registering dummy services, and modifying system access control settings.
What's worse, once it infects a PC, it does the following to make sure that it is not easily removed:
• It prevents the host from contacting security vendor sites (No contacting for outside help)
• Disables Windows security notifications and error reporting (You won't even know what hit you)
• Deletes system restore points and prevents starting from safe mode (No going back to better times)
• Cripples and deletes security related processes on the infected machine (It makes it so that you can't even defend yourself)
• Previously, it randomly generated 250 domains a day and contacted 32 of them.
That algorithm was cracked by security experts. Now, it generates 50,000 domains a day and contacts 500 of those, making it nearly impossible to prevent the worm from phoning home.
Sounds bad? Well, the worst part is that the end is nowhere in sight. On April 1st, PC's infected by the worm will begin downloading additional payload (from where is still unknown for the reasons mentioned above). What will this payload contain? Will it contain more attack code? Or will it contain additional methods to prevent detection? No one knows for sure. However, with over 15 million (and growing) infected nodes, this has potential to get very ugly, very fast. In the mean time, remember to back up your critical data, patch and update your system, use strong passwords, and hope for the best.
Posted by: Pete at 3:18 PM
Categories: Malware
Posted By Netgear Threat Lab at 11:07 AM, March 20, 2009
Each new security vulnerability that is discovered opens up a new flood gate for malware authors to spread their work. Recently, the Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability (MS09-002) has paved the way for many new malware. This is a vulnerability found in Microsoft Internet Explorer 7. The specific flaw exists in the handling of document objects. When an object is appended and deleted in a specific order, memory corruption occurs. A vulnerable user could be exploited through a specially crafted web page, which can arrive through a different distribution vector such as a malicious file. Once the user views the web page, the vulnerability may allow remote code execution.
Figure 1. The script used during the attack
Figure 2. Pointer points to the shell code which causes the buffer overflow
Although a patch for this security hole has already been released, our monitoring still shows large amounts of new malware being creating in attempt to exploit this vulnerability. Web sites that originally hosted Trojan horses to exploit MS08-78, instead now host Trojan horses that attempt to exploit this particular vulnerability (MS09-002). We believe that in the coming weeks, this security hole will still be one of the main ways malware authors use to spread malicious code.
Posted by: Netgear Threat Lab at 11:07 AM
Categories: Malware , Netgear Threat Lab
Posted By Netgear Threat Lab at 10:54 AM, March 4, 2009
The Kido (Conficker) worm was first discovered in November 2008. The rate in which it has propagated has far exceed any other worm in recent years. Based on conservative estimates, Kido has infected over 15 million computers worldwide. It is highly possible that these 15 million computers have already been added to a botnet, forming a virtual "super computer" and potentially the world's most powerful spam server. However, the worm has remained relatively quiet since bursting onto the scene late last year. Typically, when a botnet is formed, it is used by hackers to launch large scale network attacks, either paralyzing servers across the Internet or to send out billions of spam emails. This worm has kept a low profile, seemingly hidden in the shadows, waiting for the exact moment to strike, like a time bomb ticking away.
Posted by: Netgear Threat Lab at 10:54 AM
Categories: Malware , Netgear Threat Lab