The PowerShift Program puts a world of resources at your fingertips.
Login Page:
http://powershift.netgear.com/ 
Apply to be a Partner:
http://powershift.netgear.com/et.cfm?eid=register
Forgot Password:
http://powershift.netgear.com/et.cfm?eid=resend_password
Not Yet a Partner? Learn More
Language or region not listed above?
Visit our Contact Us page to locate detailed regional contact information using our worldwide map.
Check back soon for deployment of more international websites.
From wireless routers and adapters to Layer 3 Managed Switches we have the networking equipment you need for your home or small business.
Visit NETGEAR.com
Purchase your license key(s) today for your ProSecure® STM and UTM appliances.
Posted By Netgear Threat Lab at 12:40 AM, December 25, 2011
Microsoft has just released this year's last monthly security update which includes 13 patches for Windows, Office, IE, Windows Media Player and Publisher that resolves 19 security vulnerabilities found in these products.
One patch of particular concern is MS11-087. The patch fixes the Windows kernel vulnerability that the DUQU virus had been taking advantage of.
(Attackers embedding specially crafted TrueType fonts in documents can exploit this vulnerability in the Windows kernel.)
MS-11-092 is another important patch. It is for a high-risk level security hole for the windows media player remote code execution vulnerability - when a vulnerable user opens Windows Media Player, the attacker can use a carefully constructed digital video recording file (.Dvr-ms) to exploit the hole and use it to install malicious programs or steal users' privacy.
We remind users not to open suspicious files and promptly install security patches.
Posted by: Netgear Threat Lab at 12:40 AM
Categories: Netgear Threat Lab
Posted By Netgear Threat Lab at 3:11 PM, November 23, 2011
Recently, Microsoft released a security warning that basically confirmed that the popular "Duqu" virus uses a zero-day vulnerability within the Windows kernel and also provided a temporary solution to combat it. (http://technet.microsoft.com/en-us/security/advisory/2639658)
Posted by: Netgear Threat Lab at 3:11 PM
Categories: Netgear Threat Lab
Posted By Netgear Threat Lab at 3:08 PM, November 23, 2011
BIOS (Basic Input / Output System) is a small program that starts when the computer first boots up. When the BIOS is loaded to run, the computer loads only the most basic hardware information; nothing about the overlaying OS is known at that time. So if the BIOS is infected, it undoubtedly, would be a very terrible thing. Anti-virus software would have a terrible time trying to remove the virus, reinstalling the system would be useless, and even replacing the hard disk would do nothing to eliminate the virus.
One of the more memorable BIOS targeting viruses was known as the CIH virus (1999). This particular virus caused tremendous damage and was named as one of the world's top ten viruses by a number of security organizations. We recently found another BIOS virus infection spreading globally named Rootkit.Win32.Mybios.a. This virus is usually bundled with game software, tricking users into turning off their security software and subsequently attacking the BIOS, MBR (master boot record) , and windows system files.
First, the virus will drop bios.sys, flash.dll, my.sys, hook.rom and cbrom.exe in an attempt to infect the BIOS. Once the BIOS is infected, an additional ISA module called Hook.rom will be added to the BIOS. It's role is to detect whether the MBR is infected. If it finds that the MBR is not yet infected, it will write virus code located in the BIOS into about 14 sectors in the MBR, and then save the original MBR to sector 8.
Second, when the infected part of the MBR is loaded and executed, it will execute different viral code according to the OS (Winlogon.exe (XP/2003) or wininit.exe (Win7/Vista)). When the infected executable is run, the screen displays "Find it ok! ". This behavior can also be used to determine whether the machine has been infected by the virus.
Third, when the infected winlogon.exe is loaded at run time, it will attempt to download a variety of malicious programs from a remote server.
The virus will also load my.sys. This driver will hook disk.sys and prevent anti-virus software from repairing the infected MBR.
As always, we remind users to update their virus definitions as well as system patches and do not open suspicious files and game plug-ins. We remind users to update the pattern. Do not open suspicious files and game plug-ins.
Posted by: Netgear Threat Lab at 3:08 PM
Categories: Malware , Netgear Threat Lab
Posted By Netgear Threat Lab at 11:01 AM, August 4, 2011
South Korea's leading Web portal Nate and blog site Cyworld was attacked by hackers last week. An estimated 35 million records of user data were stolen.
Both sites have 25 million and 33 million subscribers respectively - totalling to about 35 million users worth of information leakage. Taking into account South Korea's total population of about 49 million, this is a staggering amount of data leakage! This is also by far the worst global hacking incident (that we know of) of 2011.
The stolen information, included user names, phone numbers, email addresses, encrypted passwords, social security numbers, blood types, and many other types of user info. Details on how the hack took place is still under investigation, but we can expect a large number financial theft, phonefraud, spam and other illegal acts performed with the stolen data. When information sensitive as this is stolen, the threat is no longer cyber any more. It can threaten even the physical well being of the victims.
Major networks continue to enhance their own security, but incidents such as this continue to occur. We suggest limiting the personal information you provide to different sites. Don't give out more than you have to. Also use different user names and passwords for different sites - especially the ones involving any form of financial transaction.
Posted by: Netgear Threat Lab at 11:01 AM
Categories: Netgear Threat Lab
Posted By Netgear Threat Lab at 10:42 AM, July 15, 2011
On Wednesday morning, Microsoft released the security patches for July.
In this current update, Microsoft released 4 security patches, which fixed a total of 22 vulnerabilities. Although the number of patches was only a quarter of what it was last month, what they fixed were highly critical.
The MS11-053 patch fixes a serious vulnerabilty which allowed remote code execution by the attacker Bluetooth. This affected multiple versions of Windows 7 and Vista operating systems. The vulnerability may cause the remote control of computer users, leakage of personal information, virus, and Trojan attacks; adding up to a very serious threat.
Another patch which caught our attention was MS11-055. This is the patch for a well-known Microsoft Visio vulnerability. If a user opens a legitimate Visio file and the file is on the same network as a special library directory, the vulnerability could allow remote code execution. Successfully exploited, this vulnerability could gain the same privileges as the logged-on user.
We would like to remind our readers - A new vulnerability always comes with the subsequent invasion of computer viruses and Trojans. Timely installation of security updates will help your computers significantly reduce the possibility of malicious attacks.
Posted by: Netgear Threat Lab at 10:42 AM
Categories: Netgear Threat Lab
Posted By Netgear Threat Lab at 5:35 PM, October 14, 2010
Yesterday, Microsoft released its security updates for October. This update includes a record 16 security patches-which fixes 49 vulnerabilities.
This update contains 4 patches of the highest level of risk, 10 patches of the level important, and 2 medium-level patches. Of the most notable are MS10-071 and MS10-076.
The MS10-071 patch fixes 12 security vulnerabilities within IE. Most of the vulnerabilities can cause the user when using IE, be vulnerable to attack by a Web page that contains a specially crafted viruses resulting in disclosure of data, unwanted remote access to the machine, and other serious consequences.
The MS10-076 patch fixes some of the unusual embedded EOT fonts vulnerability within the OS. An attacker could exploit this vulnerability to launch remote code execution attacks.
We recall back in August, Microsoft had to release at that time the largest update yet, which included patches for 34 security vulnerabilities. That record was short lived however - lasting only two months.
Posted by: Netgear Threat Lab at 5:35 PM
Categories: Netgear Threat Lab
Posted By Netgear Threat Lab at 12:32 PM, September 28, 2010
Stuxnet began in July earlier this year and rapidly gained popularity because it is the first known malware specifically designed for an SCADA system and also for the theft of the digital certificates of some hardware companies. These in addition to reports that Stuxnet is targeting an Iranian nuclear power plant has created quite a stir.
Earlier variations of Stuxnet used a forged autorun.inf file in mobile USB hard disks to spread. Later on it also spread by exploiting the Microsoft Windows Shortcut 'LNK' Files Automatic File Execution Vulnerability (again, this is primarily through mobile USB hard disks). More recently, it has added another method of transmission by using a loophole in the Microsoft Print Spooler service. (This vulnerability has been patched by on Sept. 15th).
Posted by: Netgear Threat Lab at 12:32 PM
Categories: Netgear Threat Lab
Posted By Netgear Threat Lab at 4:40 PM, August 5, 2010
Recently a new virus is using the Windows Shortcut Vulnerability is quickly spreading through removable storage devices.
Earlier, Microsoft released the advisory, "this vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability is most likely to be exploited through removable drives."
The vulnerability exists in almost all currently supported Windows versions. This means a lot of Windows users may potentially be affected when they use Explorer or any other file manager which can display icons. When they open a malicious .lnk file in USB storage, they will be infected - even if they turn off autorun for that particular device.
Currently, Microsoft has not released a patch for the vulnerability. Users can disable displaying icons for all shortcuts for the time being to avoid the vulnerability being exploited. Detailed steps can be found in the microsoft security advistory.
Posted by: Netgear Threat Lab at 4:40 PM
Categories: Netgear Threat Lab
Posted By Netgear Threat Lab at 2:05 PM, June 30, 2010
On June 10th, security researcher Tavis Ormandy discovered and released to the public details on a new vulnerability in the Microsoft Windows Help Center. We have since found a lot of new malware trying to take advantage of this loophole.
HCP is a protocol similar to HTTP. It can use a URL to open documents wthin Windows Help and Support Center. Help and Support Center (HSC) is the built-in help function of Windows which provides users with the ability to download and install software updates and other help documents. Internet Explorer by default can use the protocol to open the Help and Support Center.
In this case, if the user opens a Web page which exploits the HCP vulnerability, hidden malicious scripts automatically run and attempt to infiltrate the system.
Another way malicious attackers attack is embedding the HCP exploit code into a number of advanced audio formats files. When the user opens the audio stream file, the operating system also will be subject to malicious intrusions.
As this vulnerability was announced recently, there is no existing patch yet. We recommend users to temporarily shut down the HCP related functions manually until a patch is released.
Posted by: Netgear Threat Lab at 2:05 PM
Categories: Netgear Threat Lab
Posted By Netgear Threat Lab at 4:05 PM, June 8, 2010
With the 2010 FIFA World Cup closely approaching and the world going into a frenzy, spammers armed with malicious emails are also joining in on the festivities.
So far we've seen two types of these mal-emails:
The first is your typical Nigerian scam - The email claims that the recipient was just drawn as a winner in the online sweepstakes held by the International Federation of Association Football (FIFA). In order to receive the winnings the victims are required to provide detailed personal information. Further emails will eventually require them to pay a fee to secure their winnings. The personal information provided will be used in a vast array of crimes such as identity theft, distribute spam, phishing, and other types of fraud.
The other type of spam contains a PDF attachment. The message body has content such as a detailed guide to South African tourism, ticketing services, and other information to induce the user to open the PDF attachment.
The PDF file actually contains malicious code that exploits a known vulnerability in Adobe Reader. Once the user opens the PDF, it will automatically download and install a variety of malware.
FIFA has recently alerted fans about similar online scams on their blog. With the start of the World Cup approaching in a couple of days, expect to see more and more of these scams.
Posted by: Netgear Threat Lab at 4:05 PM
Categories: Malware , Netgear Threat Lab , Phishing , Spam