Computer Malware and Preventive Recommendations: Botnets
It’s often what we don’t know can hurt us the most…
That is the case when it comes to the effects of malware such as computer viruses, worms and Trojans.
Botnets are one of the fastest growing and the most dangerous threat on the Internet today. “Bot” stands for robot, which is a piece of software with some intelligence to perform a task and the “net” stands for network which is the collection of these individual bots under one controlling person called a bot herder.
The interesting thing is not all bots are bad, for example, intelligent software agents used in Microsoft Word or the ones used by search engine sites like Google are here to help the end user, whereas bots such as the Storm and Kragen botnet collection are here to disrupt end user activities.
The bots are small executable files that are very easy to spread. They can be spread through spam, music files located on file sharing systems, various Microsoft vulnerabilities that are not patched and host on a web site that pushes it to visitors in a technique call “drive-by download” (Very nasty and stealthy).
The thing that makes these bots so dangerous is their exponential growth factor. As more systems are infected, they also begin to scan to look for vulnerable system. Since additional computer systems use their recourses to recruit other systems, the growth can be enormous in a short period of time.
SecurityOrb.com, an information security media company based in the Washington, D.C. metro area recommends the following:
* Use a Mac OS X based system or even a Linux-based system if possible, if not
1. Make sure you have security controls in place (eg. Firewall, Anti-Virus, Anti-Spyware and IDS)
2. Make user they are licensed and updated regularly
3. Make sure you run them frequently or have them run at a time your computer will be on
4. Do not download free miscellaneous software from the Internet (eg. Screensavers and games)
5. Do not open attachments if you do not know from whom it is from or what the attachment is.
6. Just be smart
For more information on botnets, their effects and detailed recommendation to prevent and remove malware, check out https://securityorb.com/
Mac OS X: A Threat is growing…
As a devoted Mac user since 1994, it scares me every time I hear other Mac users say, “ The Mac is so safe, I don’t worry about viruses or apply any security features”.
Even though to date, there have not been any damaging viruses or attacks successfully applied to the Mac OS X operating system, it is increasingly becoming a target for hackers and malware authors.
Security researchers are discovering serious vulnerabilities in the Mac OS X system. Even though we have not seen specific malware to exploit these vulnerabilities, they do exist in the labs and technical papers as proof of concepts.
According to Symantec, as Apple increases its market share–with new low cost products such as the Mac mini–its user base is likely to come under increasing attack.
So we are lead to believe as the popularity of Apple’s new platform continues to grow, so too will the number of attacks directed at it. If that is the case, then vulnerabilities that allow attackers to carry out information disclosure, authentication bypass, code execution, privilege escalation, and DoS attacks will soon be common headaches for Mac OS X users.
Washington DC based SecurityOrb, LLC stated, “Even though none of these events have yet to occur, it is important for Mac OS X users to start changing their mind-set they are immune to the threats that are common with Microsoft Windows users. The Mac OS X has many built in security features as well as some security configuration recommendations on www.securityorb.com that can prevent malicious activities from taking place on your Mac-based system.”
File Sharing Applications: Another way to be a victim of identity theft…
If you are using a peer-to-peer file-sharing program to download music and videos, you may be a prime candidate for Identity Theft. Applications such as Limewire, Edonkey and numerous others on the Internet may also allow individuals to download personal documents from your computer at will. The issue stems from the sharing of the “My Documents” folder as the default folder for sharing media. Most users and file sharing applications will select the “My Documents” folder because that is where most of the media files are located. But think about it… what else do you have in the “My Documents” folder? Family Pictures, Personal Documents and etc…
To date, Washington DC based SecurityOrb.com have read and heard of individuals accessing mortgage applications, loan paper work and even 1040 tax information with the social security numbers of a whole family.
SecurityOrb.com recommends if users insists on using a file-sharing program, they should create a specific folder where the sharing can take place such as “Shared Documents” and do not place any personal information in that folder. In addition, running an anti-virus application and making sure it is up to date is also important.
For more information, visit SecurityOrb.com.
VMware’s 3rd Annual Federal Technical Conference in DC
VMware, Inc. makes virtualization software that runs on Microsoft Windows, Linux and Mac OS X as well as directly on server hardware without requiring an installed operating system call VMware ESX.
The VMware 3rd annual federal technical conference will be in Washington DC on Tuesday, June 15, 2010 between 8:30am – 4:00pm at the Grand Hyatt. It is the largest federal end-user event where IT and IT Security personnel will learn about the latest VMware solutions and how they support federal enterprises in all areas of government.
Adrian Williams of SecurityOrb.com, which is an Information Security media organization based in the Washington DC Metro area stated, “We have long seen the benefits of VMware’s workstation product in the incident response side of the game. VMware workstation would allow us to run malware or analysis compromised systems in a safe environment.”
Due to limited space, the event is giving priority to government and systems integrator personnel first. Key topics of the event will include Desktop Virtualization with VMware View 4.5, Managing & Automating Virtual Enterprise Infrastructure, Security in a Virtual Environment and Building & Managing Cloud-Ready Applications to name a few.
Sponsoring the event are Dell, Swish Data Corp, Force 3 and Quest Software.
For more detailed information on the VMware 3rd annual federal technical conference go to their website or contact:
Ben Baldi
VMware Government at Carahsoft
703-230-7407 (Direct)
888-6VMWARE (Toll-Free)
ben.baldi@carahsoft.com
The event location has been listed below, and taking the metro is highly recommended.
Grand Hyatt Washington
1000 H Street NW,
Washington, D.C., USA 20001
Tel: +1 202 582 1234 Fax: +1 202 637 4781
By Metro: Take the Blue line to Metro Center stop. There is an entrance to the Grand Hyatt Washington in the station.
IT Security Policy: The First Line of Defense
As a security professional, I am amaze when I find that an organization does not have an IT security policy in place.
An IT security policy is a statement by management to how the organization will protect their resources from unauthorized access, alteration, or destruction. The IT security policy also provides a blueprint of management’s strategy as regards information security.
An IT Security policy usually consist of the following categorizes:
1. Corporate Policy
2. Information Security Policy
3. Personnel Security Policy
4. Physical and environmental security policy
5. Computer & Networks Security Policy
* System Administration
* Network Policy
* Application Development Policy
6. Business Continuity Planning
The Purpose of an IT Security Policy
The purpose of the information security policy is to establish a corporate-wide approach to information security. To also prescribe mechanisms that help identify and prevent the compromise of information security and the misuse of corporate data, applications, networks and computer systems. Lastly, to implement effective controls for responding to incidents and external complaints.
For more information on IT Security Policies and other documents please visit www.securityorb.com
Adobe Zero-Day Attack on DC-Based Organizations
On June 4, 2010, Adobe announced a critical vulnerability with Adobe Flash Player, Adobe Reader and Acrobat that could allow attackers to take control of the affected system. While Adobe is working to release a fix, the vulnerability is being actively exploited in what are known as Zero-Day attacks. 
Since then, a series of Advanced Persistent Threat (APT) attacks have been launched against corporate employees in the form of emails that contain malicious links to sites that use this vulnerability. As of last night, SecurityOrb.com a Washington DC Based Information Security media company has obtained information that a number of corporate employees had received such emails and many of them had clicked on the links causing their machines to be compromised.
SecurityOrb, LLC is asking everyone to take extra caution and validate the sender on all emails before opening them. All externals emails should be scrutinized closely before opening any attachment or clicking any links.
SecurityOrb.com has also obtain information many of these organizations are blocking all Flash downloads from the Internet. This means that users will not be able to view Flash videos/animation in certain web sites they visit. Adrian Williams of SecurityOrb.com stated, “We do not know how long it will take Adobe to come up with a fix, but it is very important for organizations to implement the proper security controls until the matter has been resolved.”
If you have a business critical need to access Flash video in a specific business-related web site, please contact our Service Desk or Internet Service Provider with the site information and business justification and they may be willing to have it white-listed (allowed) for you to access it.
Please continue to be vigilant and never assume you are protected. Visit SecurityOrb.com for additional tips on how you can be secure.
Sources:
http://threatpost.com/en_us/blogs/adobe-warns-flash-pdf-zero-day-attack-060410
http://maximumitblips.dailyradar.com/story/zero-day-attack-targets-adobe-1/
http://community.norton.com/t5/Tech-Outpost/Security-Alert-0-Day-Attack-In-The-Wild-for-Adobe-Flash-Reader/m-p/238417
http://www.pcworld.com/article/159915/adobe_reader_suffers_targeted_zeroday_attacks.html
