Security Blog
October 2009 Archives
October 30, 2009
This Week in Phishing
I just received this email in my Yahoo mailbox:
What do you guys think? Should I email Mrs. Elizabeth and claim my 11 million?
I could really use the extra cash right now.
Posted by: Pete at 4:59 PM
Categories: General , Phishing , Spam
October 30, 2009
Threat Lab Q3 Report: Malware and Phishing Web Sites
Based on data collected in Q3 2009, we found that business related sites were most likely to host malware. Pornography and sexually explicit sites came in at number 2 this quarter. As a sign of the economic times, real estate, shopping, and travel sites also made the top 10.
As for sites manipulated by phishing, health & medicine related sites still top the list, followed closely by sex education and finance. The rest of the top 10 contained no surprises, however we do see a drop in social networking phishing sites. That may be due to more awareness on the existence of such sites being exploited for phishing.
Posted by: Netgear Threat Lab at 3:16 PM
Categories: Malware , Netgear Threat Lab , Phishing
October 30, 2009
Threat Lab Q3 Report: Spam
In Q3, Pharmacy spam returned to the top spot with 68% of all spam messages. Last quarter's top spam subject, enhancers, fell from 46.2% to 11% of all spam messages this quarter.
Spam levels averaged 83% of all email traffic throughout the quarter, peaking at 97% in July and bottoming out at 71% in August.
Source: Commtouch Labs
Posted by: Netgear Threat Lab at 3:01 PM
Categories: Netgear Threat Lab , Spam
October 30, 2009
Threat Lab Q3 Report: Pharma spam masquerading as Facebook message
Spammers are continually looking for ways to hide their true identity to bypass content filters, and ways to employ social engineering to bypass human filters (i.e., judgment) that can often distinguish if something is spam just by looking at it. The message pictured here was circulated in the third quarter.
This message, with its familiar blue header, was designed to fool people and spam filters that may not properly identify image-based spam, since all the actual content was in an image. The image itself is typically blocked by email clients like Microsoft Outlook, until the user downloads the image. However since the email appears to be legitimate, the user may download the image, revealing that it is actually pharmaceutical spam. The only content that text-based filters can identify in such a message is the traditional Facebook text, such as..."if you do not wish to receive this type of Facebook mail in the future" making it appear legitimate.
The message was not actually sent from Facebook - if it had been, the return address would have been Facebook, and not "Tammi Manley". Also, all the links within the message, such as "Unsubscribe" and "More info", lead to the pharmaceuticals site pictured in the advertisement.
Source: Commtouch Labs
Posted by: Netgear Threat Lab at 2:48 PM
Categories: Netgear Threat Lab , Phishing
October 29, 2009
AV-Test /Tolly Report: UTM Virus Detection Comparison
AV-Test.org and Tolly have released their UTM virus detection comparison report. In the report the ProSecure UTM10 was pitted against all-in-one solutions from Sonicwall, Fortinet, and Watchguard.
The test consisted of two parts:
1. Wildlist malware detection
2. Zoo malware detection
The results really highlight the lack of emphasis on the "security" aspect of existing all-in-one solutions.
While we see a big emphasis being put on throughput, the truth is, throughput from existing multifunction firewalls is fine at our current WAN connection speeds - even with all security enabled.
What you need is better protection.
And our ProSecure UTM was architected from the ground up to provide you just that.
You can download the full report here
Posted by: Pete at 5:05 PM
Categories: General , Malware , Viruses
October 26, 2009
Threat Lab Report: Troj.Downloader.JS.Agent.edg
Description of Report (Troj.Downloader.JS.Agent.edg):
The Office OCX Word Viewer OCX ActiveX control with the CLSID:97AF4A45-49BE-4485-9F55-91AB40F288F2 is prone to a remote code-execution vulnerability. The vulnerability is caused due to the use of the insecure OpenWebFile() method. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to download arbitrary executable files to the victim's system and execute arbitrary code on the system with the privileges of the victim.
Affected Version: Office OCX Word Viewer OCX 3.2
Posted by: Netgear Threat Lab at 5:28 PM
Categories: Malware , Netgear Threat Lab , Viruses
October 23, 2009
ProSecure UTM Obtains ICSA Labs Anti-virus Certification
I'm proud to announce that the ProSecure UTM has passed ICSA Labs Anti-virus certification.
This is the third certification it has passed in the past month (the other two being West Coast Labs Checkmark and VPNC).
For any new security vendor, the biggest challenge is always the initial step of proving your legitimacy in this space and this is one step forward for us in this regard. Our mission is to provide all businesses with the protection they need in today's Internet, and we will continue to push towards that goal.
Posted by: Pete at 1:08 AM
Categories: General
October 22, 2009
Windows 7 is Live
Windows 7 is finally here. I've been using the beta version for a few months now and have been anxiously waiting to get rid of Vista (I still ran XP or Linux on most of my machines but switched to Vista on my main at home). My two copies should be arriving in the mail today so I should have everything up and running tonight when I get home.
You can bet that cyber criminals alike will begin shifting (if they haven't already done so) to Windows 7 as their primary OS of choice and that we'll begin to see Win7 specifically targeted malware in mass soon. Only time will tell if Win7 effectively protect users from malware better than previous Microsoft OS's.
On another note, I'll be trying out Microsoft Security Essentials (basically free AV from Microsoft) soon, and see how it stacks up against offerings from Kaspersky, Symantec, McAfee...etc.
Posted by: Pete at 8:43 AM
Categories: General
October 12, 2009
Threat Lab Report: New Adobe Vulnerability Prevention Tips
Adobe officials have confirmed that a new vulnerability exists in Windows, Macintosh, Unix versions of Adobe Reader and Acrobat 9.1.3 and earlier versions (CVE-2009-3459). Adobe Reader and Acrobat 9.1.3 users running Windows Vista with DEP should be protected from the vulnerability. Turning off JavaScript in Adobe Reader and Acrobat also avoids the use of the code affected by this attack, the steps to disable Javascript are as follows:
1.Run Acrobat or Adobe Reader
2.Go to Edit -> Preferences
3.Select "JavaScript" type labels
4.Uncheck the "Enable Acrobat JavaScript" option
5.Click "OK"
Vendor solution:
Adobe will release a corresponding patch on 2009-10-13. Users should contact the vendor to obtain the appropriate patch:
Posted by: Netgear Threat Lab at 12:25 AM
Categories: Malware , Netgear Threat Lab
October 9, 2009
Another Adobe Reader Vulnerability
Adobe has issued a new security advisory about another critical vulnerabilty being exploited in the wild.
Here's an excerpt:
"Among other issues, this update will resolve a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier (CVE-2009-3459) on Windows, Macintosh and UNIX. There are reports that this issue is being exploited in the wild in limited targeted attacks; the exploit targets Adobe Reader and Acrobat 9.1.3 on Windows."
Adobe expects to have an update available to address this vulnerability on October 13, 2009.
Posted by: Pete at 12:27 PM
Categories: General
October 1, 2009
Cloud Security - The Holy Grail?
The latest buzz word around the tech industry is cloud computing. Seems like everything is moving towards the cloud now. Cloud based storage, computing, email hosting, software, documents, heck there's even talk about a cloud based video game system. With the movement toward the skies, security is no exception.
Due to the nature of cloud based applications, there is always a certain amount of latency associated with passing data to and from the cloud. While sending a URL to the cloud for analysis may not be too high, sending files even only a few megs in size for virus analysis will make Web browsing virtually unusable. Perhaps someday network bandwidth will increase to the point where large files can be sent across the Internet in milliseconds. Until then, there is a definite need for local anti-malware scanning. Whether that be at the gateway or desktop (or even better, both) doesn't matter. At our current speeds and processing power, local anti-malware scanning is still essential to the well being of ANY network. Don't let anyone tell you otherwise.
At the same time, don't forget to utilize cloud computing in areas where it shines.
Posted by: Pete at 12:00 AM
Categories: General
