While the Oak Ridge National Laboratory’s may be famous for its role in the Mahanttan Project, recent cyber attacks have brought the Department of Energy’s research center back into the news again. According to Barbara Penland, a spokesperson for the lab, Internet service and access to external email was brought down by the lab as part of preventative measures to secure the network’s sensitive data against a spear phishing attack launched against the lab on April 7^th.

The attack targeted lab employees disguised as a message sent by the Human Resources Department that contained a link exploiting a vulnerability in Internet Explorer. Microsoft has claimed that this vulnerability was fixed on April 12^th, one day after Oak Ridge noticed the attack against them.

Continue reading What we can Learn from the Oak Ridge Attack

Malware

According to Secure List malicious files were found in 3.18% of all emails sent during the month of February showing a rise in .43% when compared to January’s numbers of this year. While this may look insignificant, the Radicati Group estimates that 294 billion emails are sent every day so that equates to almost 10 billion malicious emails sent on a daily basis.

While this doesn’t represent the numbers seen in the early days of commercial email when email messages were the primary methods used to spread malware, it does show that this trend is rising again. And if there is an increase over time then it can only mean that this method of spreading malware must be working on a significant enough level for attackers to use it in such numbers.

Continue reading 10 Most Common Malicious Programs Sent By Email

The issue of “ethical malware” has raised its ugly head this week in the blogosphere, sparking heated discussions and soapbox speeches everywhere. As reported this week in LinuxInsider, a lengthy Slashdot discussion was sparked when a participant wrote, “I was fed up with the general consensus that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects.”

The writer, Johannes, is of course correct. Unix/Linux can indeed be vulnerable to malware. We must remember that absolutely no operating system is completely bulletproof. We may like its features, it may have good security, and the OS may be perceived as being “cool”, but it’s not magic. Like any other OS, it’s just lines of code. Armchair computer users that aren’t in the industry may have the incorrect notion of absolute security, but nobody in the business can seriously make that claim with a straight face.

The larger question that is raging on the Slashdot discussion thread is whether Johannes was within his rights to release malware on Linux for the purpose of illustrating his point.

Most people would agree that malware is a scourge on society, and in most cases is illegal. But, Johannes’ malware wasn’t malicious, so was he within the scope of ethical computing to release it? On one hand, the logic is indisputable that by releasing the malware, he was able to highlight a flaw in the OS. And especially when an OS is written the way Linux is written, it’s very likely that any flaw that is brought to public knowledge will be repaired soon enough.

On the other hand, there is naturally a window of vulnerability between when the flaw is made public, and the flaw is fixed, giving the real evil-doers a short but realistic opportunity to exploit it. Would we think it okay for example, if somebody broke into a bank vault one evening, but didn’t take the money, just to show the bank that it could be done? I don’t think there would be any debate about it, the perpetrator would go straight to prison. “White-hat” hacking of this nature may have good intentions, but the writer is taking a risk here that an aggressive prosecutor may decide to pursue the matter in court.

Sometimes spam, viruses, and other malware filtering at your email gateway isn’t enough. It’s important to keep your host anti-virus signatures up to date, and if you don’t have anti-virus protection at your firewall or on your network at the Internet gateway you should seriously consider it.

Here’s why these items are critical. Some recent malware attacks have used malware embedded in video and audio streams as a transfer. They can gain an initial foothold, so to speak, by managing to get a link to your users in a spam email. If your spam filter doesn’t block the message, a link in the email appears to be a video or audio link, but in fact the destination contains a trojan that is embedded in the content stream.

This method of attack isn’t exactly new. For example, the ZLOB Trojan began making rounds in 2005, and began gaining traction in 2006. Some attacks with it simply involved downloading other viruses or malware. Using a video link, however, for users that have their ActiveX controls set to download codecs automatically means that those users with poor virus protection would automatically download the virus and become infected.

Continue reading Malware Threats from Unexpected Sources: Trojans Embedded in Streaming Video Links

We can all generally agree that encryption is good, and that implementing regularly updated anti-malware software is also good. But the two have never been compatible. The only way that encrypted email traffic can be scanned for malware is to decrypt it before scanning, then recrypt it afterwards before sending it on the rest of its journey to the email server. It’s certainly possible to do so, but it’s tricky and can introduce delay into the equation. So why can’t we just scan the encrypted email traffic for viruses?

As reported in Forbes this week, an IBM researcher has made some progress towards solving that dilemma. Although there is no current commercial implementation of the solution, the researcher, Craig Gentry, has effectively set the wheels in motion. Gentry has solved the problem of fully homomorphic encryption, which allows the anti-malware analysis, as well as other processes, to be performed directly on encrypted data, without having to decrypt it first. No software is currently able to do that, and in reality, it may be several years before it is commercially available–but it’s nonetheless a big breakthrough in security.

Microsoft is changing the AutoPlay feature of Windows 7, so that it will not be able to enable AutoRun for USB devices. The change was necessary, since some malware (including Conficker), uses the AutoRun feature to spread. Malware isn’t just an email-borne problem any more–specifically, malware writers recognize that email security has been improving overall, and are looking for new attack vectors. Removable media, such as USB devices, make a perfect attack vector for them.

Although Conficker is the most well-known piece of malware that uses the default AutoRun settings to propagate itself, others have also used this feature in the past and continue to do so now. Spreading malware via USB devices started to become prevalent last year.

There will no doubt be some outcry about Windows 7 hampering usability, but the move makes sense. With this update, the AutoRun task will continue to work for removable media such as CDs and DVDs, but it will not be enabled for other devices, such as USB drives. In addition to being incorporated in Windows 7, the change will also be reflected in future updates of Vista and XP.

April Fool’s Day has always been a favorite of Internet “pranksters”, hackers and disseminators of online evil. Reports are floating around that the Conficker worm’s latest variant will become active on April 1. Conficker malware is designed to spread the malware and grow a massive botnet, and the latest version, W32.Downadup.C, will strengthen the purposes of the worm’s creators. This latest version deactivates security processes on the victim’s PC, preventing some security products from running. It also prevents computers from connecting to some security Web sites. Security software commonly “phones home” to update blacklists and other up-to-date anti-malware information. The latest version also generates thousands of domain names, which are used by the zombified PCs to check in for further instructions.

Continue reading April 1st – A good day to leave the computer off

The most annoying pieces of malware are the fake security programs which pop up on your screen, informing you that they have detected malicious files on your computer. The program, which often disguises itself to look like it’s part of the Microsoft operating system, is very persistent. If I get one of these on my screen and try to press the “cancel” button, it won’t cancel. Usually the only way to cancel the popup is to click on the “X” button in the upper-right hand corner of the box, or go directly to the program manager with a “Control-Alt-Delete” and do it there. The little devils do everything they can to stay on the screen, even though I know very well they are not who they claim to be.

These fake security programs usually do very little if anything to protect your security, and are designed to either just take your money, steal your personal information, or implant malware or adware onto your computer. In some cases, devious bad guys infect computers with popups and adware, and in the same infection, will also implant the bogus security popup at the same time, to make it seem like it’s all the more needed. Don’t fall for it!

Continue reading Knowing when it’s the Real McCoy

Let me make one thing clear. There is a perception that the Apple Mac cannot have malware. This is incorrect.

Apple Computer posted a note on its support site late last month, and removed it this week, which encouraged people to use anti-virus software. The presence of the note has caused much consternation among the media, the blogosphere and the Apple faithful, the latter of which have long proclaimed that Apple does not need anti-virus software. The notice read, “Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.”

Continue reading Mine’s a Mac; Mine’s a PC – both need anti virus