Security experts at the e-Crime Congress event in London this week warned of an increase in incidents of criminals using virtual technology to obfuscate malicious code, thereby making it harder to unravel.

Rik Howard, director of intelligence at iDefense, the managed security arm of VeriSign, argued that virtual machine obfuscation software is beginning to appear on the radar of researchers.

He explained that the tool is being employed by cyber criminals to create a different bytecode every time a binary is run through it, making it harder to crack.

"This makes it very difficult for our guys to pull it apart," he added. "It's a much slower process than standard reverse engineering. We expect to see it more and more in the next year or two."

Howard highlighted the worrying appearance of VM obfuscation tools readily available on the market, such as VM Protect, which is being marketed legitimately as IP protection software.

"This helps the criminals - they don't even need to build an obfuscation system," he argued.

March 16, 2010 | Permalink | Comments (0)

The percentage of targeted attacks exploiting vulnerabilities in Adobe Reader is growing at a significant rate, outstripping Microsoft Word, Excel and PowerPoint, according to the latest figures from security firm F-Secure.

In a new blog posting, the firm urged users to patch a critical vulnerability in the popular software which was discovered last month and is being actively exploited in the wild.

"Our sample was submitted by a European financial organisation and the file name includes a reference to the G20," the blog posting explained.

"The exploit drops a downloader and attempts to make a connection to tiantian.ninth.biz. We detect this attack as Exploit:W32/PDFExploit.G. It doesn't surprise us to see this Adobe Reader vulnerability utilised so quickly."

According to F-Secure's research, targeted attacks exploiting Adobe Reader grew from around 49 per cent last year to over 60 per cent in the first two months of this year.

By comparison, Microsoft Word accounted for around 39 per cent of targeted attacks so far this year, slightly up from 34 per cent in 2009. Excel and PowerPoint attacks stood at around seven per cent.

March 10, 2010 | Permalink | Comments (0)

Negligent insiders and outsourcing data to third parties are the major causes of data breaches in the financial services sector, according to a new report from IT management software firm Compuware.

The study, entitled, Privacy & Data Protection Practices: a Benchmark Study of the Financial Services Industry, was conducted by the Ponemon Institute and included interviews with chief information security officers, chief privacy officers and others with equivalent responsibilities from 80 multinational financial services organisations.

Three quarters rated negligent insiders as the top reason for a breach, while 42 per cent said outsourcing and a quarter lay the blame on malicious insiders.

While these headline stats may not come as a surprise to most working in the information security industry, what is more worrying is the wide open areas of vulnerability that the report highlights.

Just 56 per cent said they implemented some form of identity compliance procedures, 47 per cent said they used intrusion detection systems, and data loss prevention technology was used by just 41 per cent, according to the report.

"One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study," said Larry Ponemon. "While there is a great deal of progress being made, there is still a long way to go."

Very true Larry, very true.

March 4, 2010 | Permalink | Comments (0)

The Secretary for Energy and Climate Change, Ed Miliband, and Dunfermline and West Fife MP Willie Rennie are among the large number of Twitter users that have been snared by the latest Twitter phishing attack.

The two politicians sent their followers corrupt links, along with a message that reads:

"Hhey, i've been having better sex and longer with this here."

Miliband was quick to respond to the scam earlier today. "Oh dear it seems like I've fallen victim to twitter's latest 'phishing' scam," he tweeted.

He then used the publicity to his advantage. "Now I've got your attention - I want your ideas for the manifesto," he wrote.

According to STV News, Rennie's Twitter account was linked to all his social networking accounts and so the message was sent to thousands of his followers.

Rennie told the broadcaster that he assumed most of his followers would know the link is a scam and not a genuine tweet. Unlike Miliband, he has chosen not to post any Tweets about the scam in his feed.

Graham Cluley from security firm Sophos warned that unless Miliband has "a strong and different password for every web site" he uses, he may have allowed hackers to access other more sensitive accounts. "Basically, his entire online life could be handed over to hackers," he wrote.

The news of the phishing scam comes as the Lord Chancellor is reportedly investigating fake Twitter accounts that have been set up for all of the Merseyside and NorthWest MPs.

February 26, 2010 | Permalink | Comments (0)

Security-as-a-service firm ScanSafe, now part of the Cisco fold, has decided to share some advice on what users should do if they fall victim to a phishing scam pushed out via social networking sites.

Phishing scams are becoming increasingly popular via social networking sites, as they try to tap the implicit trust users have in their friends' or followers' messages.

By hacking users' accounts, sending out messages to their friends and using social engineering techniques to get them to click on malicious links in these messages, cyber criminals have been able to harvest a rich bounty of user credentials - many of which can then be exploited on other sites such as online banking.

According to ScanSafe senior security researcher Mary Landesman, there should be an ABC of proper etiquette after suffering one of these scams: acknowledge the attack to anyone affected; be detailed in telling them what might have happened as a result; use the attack as an opportunity to caution friends/followers in case it happens again.

If sending out an apology to their followers after their account has been hacked and malicious messages sent out, users should never stick another link in the message, she advised.

"Using as few words as possible, try to include enough details about the message sent so folks can identify it, ended with a brief 'I'm sorry'," said Landesman.

Another best practice tip Landesman gave was that when sending legitimate links, users steer clear of generic messages, which are usually used by cyber criminals.

"Get in the habit of including some identifying info so that the recipient can tell that the human you really did intend to send it," she said. "For example, instead of sending 'check out this funny video', always include more specifics like, 'funny video - reminds me of that crazy guy we saw on the beach in the Bahamas.'

"If enough folks adopted this habit, it would become much easier to distinguish the really generic messages as being likely phishing/malware attacks."

All good advice, although some stronger content filtering technology from the likes of Twitter would also help matters no doubt.

February 23, 2010 | Permalink | Comments (0)

New research from Webroot tells us that enterprises are deeply concerned about the impact that social networking has on their security.

In a new blog posting the security firm released the results of research conducted with 800 IT professionals in the UK, UK and Australia, in which it found that over three quarters of them think that Web 2.0 malware will be the biggest issue they face this year.

"Eighty per cent of those who responded anticipate Web 2.0-based malware threats will be among their biggest challenges, and 73 per cent said these types of malware are much harder to manage than email-based threats", wrote the firm.

Those firms that are confident they are sufficiently protected seem to be living under an illusion, according to the survey. These firms also admitted to a number of security problems, including attacks from viruses (60 per cent), spyware (57 per cent), phishing attacks (47 per cent), hacking attacks (35 per cent), and SQL injections of their Web sites (32 per cent).

None of which really tally with any "sufficiently protected" claims, although it is kind of in Webroot's interests to paint this rather depressing picture, given that such a strategy is likely to shift a few more units.

February 18, 2010 | Permalink | Comments (0)

A notorious hacker has been sentenced to 13 years in jail on charges of wire tapping and identity theft.

A court in Pittsburgh said that Max Ray Vision - nee Butler - pleaded guilty to charges last year and had now been sentenced to the jail time, fined almost £20m in repayments to his victims and will face an extra five years of supervised release.

When Vision, who went by the psuedonym Iceman, was arrested he had the details of almost two million card holders on his home computer; card details which he was using on his trading site cardmarket.com.

We do not know how much money he made through the site, but the size of the fine suggests that it was a significant ammount. Court reports say that the fine was based on the $25 cost card companies faced with replacing a lost or stolen number, adding that it was estimated that the Iceman has personally stolen some 1.1m IDs himself.

This is not the first time Vision has been arrested. Having started his career in crime early by writing a backdoor program that could be used to access federal machines, he was sent to jail for 18 months. And this after doing volunteer work at the FBI.

Having served this time he was unable to find any other work and was, he said in a memo to the court, unable to pursue any other career than that of a life of crime. His punishment will be a lesson to some, although the rewards that Iceman clearly enjoyed before his arrest will be enough to persuade the rest that cyber crime is worth the risk.

February 15, 2010 | Permalink | Comments (0)

Security experts are warning that adware and spyware pushers are trying to bundle their wares into the latest version of Firefox in order to trick users into downloading the software.

A new blog posting from network security firm eSoft explains that adware pushers are trying to capitalise on the success of Firefox 3.6 in order to extend their reach.

The fake Firefox download site uncovered by the firm has been designed to fool users hoping to upgrade, but contains the spelling errors which are often a tell-tale sign of a scam site, said the blog posting.

"Victims of this scam install the 'Hotbar' toolbar by Pinball Corp, formerly Zango," the post noted.

"Not only are users subject to the annoying toolbar, they're also barraged with pop-up ads and host to a new Hotbar weather application running in the system tray."

ESoft warned users only to download software directly from the publisher, where possible.

February 3, 2010 | Permalink | Comments (0)

Microsoft has been doing some desperate fire fighting since a flaw in its Internet Explorer browser was found to have been the vector by which Chinese hackers attempted to infiltrate Google's systems.

Since then, both the French and German authorities have urged their citizens to use another browser until the flaw is patched.

But Microsoft UK's chief security officer Cliff Evans was keen to stress to V3.co.uk yesterday that although the vulnerability technically affects IE6, IE7 and IE8, "the exploits we're seeing out there at the moment only affect IE6", which is the smallest group of IE users in the UK.

The message was loud and clear - upgrade to IE8, whose advanced security features which include the SmartScreen filter and Data Execution Protection, will make it extremely difficult for hackers to implement the exploit code effectively on this browser.

As to whether Redmond will implement a security fix as part of the next scheduled patch Tuesday or an out-of-band release, Evans argued the team will need to take a considered view.

"The actual risk is minimal - you'd need to be using IE6 on XP and to visit these [malicious] sites," he added. "We'll have to balance the perceived risk with getting people to roll out yet another update."

January 19, 2010 | Permalink | Comments (1)

It didn't take long. As with all global and media-saturated events these days, the tragedy in Haiti has been exploited by cyber criminals for all its worth.

First the 419 scammers. According to a new blog posting by Symantec Hosted Service, aka MessageLabs, the classic advance fee fraud scammers are exploiting the news to part well-meaners with their cash, sending emails purporting to be from charities such as the British Red Cross, requesting donations.

"Exploiting tragic world events for personal gain unfortunately seems perfectly acceptable for some cyber criminals, and the Haiti Earthquake 419 advance fee fraud example highlights that there are no boundaries on what they'll attempt to profit from," wrote malware data analyst, Matt Nisbet.

"The public needs to be aware of such scams so that they can be more vigilant when visiting donation websites, ensuring vital donations arrive at the intended locations, rather than lining the scammers pockets."

The other main strategy taken by the cyber-criminals has been blackhat SEO-ing, or SEO poisoning. This is when the crims piggy-back upon a news story of widespread interest to promote their own malicious sites into the top of the search rankings, by cramming the sites full of keywords. F-Secure and Websense both warned users to ensure their AV tools are kept up-to-date and they have real-time content scanning capabilities.

"Websense Security Labs ThreatSeeker Network has discovered that searches on terms related to the recent earthquake in Haiti return results leading to a rogue antivirus program," read a posting on the Websense Security Labs blog.

"Unfortunately, the bad guys use major crises and events like this to spread their malicious code."

January 14, 2010 | Permalink | Comments (1)