Security firms are well known for spreading fear, uncertainty and danger (FUD) but a press release today on the Conficker worm takes the biscuit.

Security experts are largely agreed that the Conficker update scheduled for tomorrow will not bring about the end of the world as we know it. Instead the malware will probably just update itself. After all, it's not in the malware writer's interest to shut down the network that has been so laboriously built up.

Nevertheless this hasn't stopped endless press releases seeking to grab headlines. This is to be expected but some are 'jumping the shark'. Take IT security company Imerja, which has jumped on the bandwagon and come out with some truly preposterous guff.

"30 per cent of all Window's PCs could be at risk. Organisations that are in danger of being affected include the Houses of Parliament, the Ministry of Defence and a number of UK schools," said Matt Hampton, chief technical officer at Imerja.

The logical problems with this are many. Firstly, no-one knows how many PCs are unpatched in such a way to make them vulnerable to the Conficker malware - 30 per cent is a guestimate at best.

Secondly, even if the PCs are unpatched that's no guarantee that they will become infected. After all, many unpatched PCs will be corporate systems behind strong firewalls, which is why the IT administrators have been slow to patch since they are protected.

Similarly people may be protected by running anti-virus software but haven't bothered to patch their systems. People are now getting much better about running security software but running operating system updates is less common.

It also assumes that Conficker is everywhere and will automatically infect any PC that isn't patched. This is of course complete rubbish.

Some security companies have worked hard to rescue their reputations. Imerja seems to be bucking this trend, and FUD like this makes one wonder how professional they really are.

March 31, 2009 | Permalink | Comments (2)

Less than a quarter of small and medium sized enterprises see IT security as a priority, with many underestimating the increased risks that could result from the worsening economic climate, according to new research released today by network security firm GFI Software.

The firm found that IT security came way down in sixth place on the top ten list of priorities, behind buying new laptops, desktops and peripherals, with 37 per cent saying they see security as an area of minimal investment that could be cut if necessary.

And while many think they are up to speed with security, most of those surveyed displayed a worrying ignorance about emerging internal threats.

"People are fixing the things they know about - anti-virus, anti-spam, firewalls and so on - thinking 'I've done IT security', but ... they are not focusing on what happens internally," said Guy Washer, managing director of Redshift Research, which carried out the report.

"Only 45 per cent have the means to prevent USB network access, for example."

However, that figure could be even lower, according to some. Tony Brown, technical director of IT support firm Phillips Taylor Brown, argued that in his experience the figure is more likely to be five to ten per cent.

He added that it's a constant struggle to get small firms to take security seriously, with most neglecting more than the very basics, unless they are hit with an attack. "If they're not pushed, smaller firms will fight it all the way," he argued.

Less than half of the respondents surveyed said they thought the recession would change the types of threats they'd face.

But Phil Bousfield, vice president of product engineering at GFI, argued that the recession could greatly increase the insider threat, as sacked employees seek to hack their former employers.

"If people are made redundant their attitude to the company changes and they will steal stuff," he warned.

Bousfield added that during a recession there is a greater imperative on small firms to monitor productivity through web filtering technologies.

"Web borne viruses are one thing but the biggest driver is people surfing to undesirable places - it's the work of 20 minutes, all you need is some simple web filtering."

March 31, 2009 | Permalink | Comments (1)

Twitter has become the latest social networking site to be deluged with spam.

Anti-virus firm F-Secure noted on its blog that fake accounts have been bombarding users with unwanted messages which has had the effect of slowing the site down.

By setting up a fake profile, Patrik Runald - chief security advisor at the F-Secure Security Labs - discovered an account belonging to a Kristen Andrews.

One of the Tweets coming from that account read: "My boyfriend emailed me this site that has a $5000 slot tournament on april's fool day and it's free to enter", followed by a URL.

Clicking on the URL took users to a casino site - Goldencasino.com.

"Twitter is aware of the problem and deleted 'follower' Kristen's account within 10 minutes but the problem is that new Twitter scams are popping up left, right and centre," said Runald.

"Tweeple should check who's following them, and be cautious when clicking on URLs and tinyurls."

Another piece of Twitter spam discovered by Runald was more malicious. A tinyurl link takes users to a scamming site promising that users can earn thousands of dollars by becoming a Google Cash advertiser. All they have to do is fill in their card details.

"So this is what it's really about," wrote Runald in his blog. "They want my credit card info and my personal details. Stay away from it."

March 25, 2009 | Permalink | Comments (3)

On Monday, Russian anti-malware vendor Kaspersky Lab will officially announce a new web site designed to provide visitors with independent news and commentary on a range of security topics.

Threatpost includes both original and aggregated content from a range of sources including news sites and blogs. The site has its own original blogs too, and will also feature punditry from "a handpicked group of computer security researchers, executives and analysts".

Room has also been made on the site to cram in podcasts, slideshows and videos of security-related items.

Although Kaspersky Lab has put its name to the site as official "sponsor", the idea seems to be more to create a place where consumers and business professionals can go to find the top security stories from across the globe.

As such, it's a smart move by Kaspersky Lab, which will surely see its stock rise by association. It may have stolen a significant march on its rivals by tapping the power of social media in this way, but its success will depend on the quality and neutrality of the content written especially for the site.

Too much sponsored content such as the white papers which are creeping in on the home page already, and visitors may wonder about the value of visiting. Kaspersky must keep it neutral, which may be hard to do if a rival vendor is being bigged up in its pages, or if the vendor itself happens to come in for criticism in any articles appearing on the site.

Kaspersky Lab, for example had its US portal hacked a short while ago via an SQL Injection attack, raising questions about the security of the vendor's own systems. Will this kind of content appear on the Threatpost web site in future? We shall see.

March 21, 2009 | Permalink | Comments (0)

Founder of the world wide web Tim Berners-Lee used the twentieth anniversary of the web to criticise governments and firms which monitor users' online behaviour, according to a Reuters report.

Speaking at Cern, the European organisation for nuclear research, Berners-Lee said that organisatsions can build up a tremendously accurate picture of users and their habits simply by tracking their web history. "That form of snooping I think is really important to avoid," he is reported as saying.

Berners-Lee is credited with inventing the web when, as a scientist at Cern in the late 80s, he wrote a document entitled Information Managemen: a proposal, which contained many of the ideas which would later be developed to construct the basis of the web we know today.

This isn't the first time he's openly criticised the monitoring of web behaviour. On Wednesday Berners-Lee voiced similar concerns at a Westminster event hosted by the Liberal Democrats to discuss internet privacy. He argued that information of this sort should not be collected at all, and clashed with Kent Ertugrul, chief executive of controversial firm Phorm.

Phorm has come in for frequent criticism in the past for the targeted behavioural marketing service it is developing, which uses web monitoring technology to better understand user habits.

Also at the Cern event, Berners-Lee was reported as discussing the future of the web, which he said would increasingly be accessed from mobile devices. He spoke too about the semantic web - his vision of a web of linked data which will make it easier for machines to read and understand the meaning of web pages than it is at present.

March 14, 2009 | Permalink | Comments (0)

Twitter users once again experienced the unpleasant side of Web 2.0 over the weekend as the popular microblogging site was hacked and messages were sent out over users' feeds encouraging visitors to follow a potentially malicious link.

Over 700 accounts were compromised, allowing the hacker to post the following message and related link in their feeds: "hey! 23/Female. Come chat with me on my webcam thingy here".

According to Rik Ferguson, solutions architect at security vendor Trend Micro, the link takes users to a porn webcam portal which "looks to have been designed with credit card harvesting in mind".

In a posting on the Twitter blog, the firm said it had reset the passwords of any compromised accounts and "removed the spammy updates". It advised users to always choose strong passwords and to avoid sharing passwords with untrustworthy sites.

It's still unclear how the user accounts were hacked in the first place, although some commentators have pointed to a similar attack about a month ago.

"You don't have to be Albert Einstein to put two and two together, and deduce that these attacks must be related," wrote Sophos senior technology consultant Graham Cluley in his blog.

"We're seeing more and more attacks from spammers, phishers, malware authors, scammers and identity thieves against the users of social networks like Twitter and Facebook. These aren't just proof-of-concept attacks in controlled conditions - they're full-blooded assaults seen in the wild every day, making money out of real people."

March 9, 2009 | Permalink | Comments (2)