On the Horizon

Keeping the topic on viruses and malware, an Internet service known as VirusTotal allows you to upload files you think may be suspicious and the service will scan them using a variety of different anti virus engines and report on the results.

There are currently over 20 engines from the major anti virus companies used by this free service, so you will get very good coverage. Other forms of malware like Spyware would also be covered since many of them are supporting that in their mainstream products. So, if one engine doesn't know about the suspicious file, the others just might.

Posted by Mark Rogowski at 9:41 AM | Permalink

Supporters of the popular Common Vulnerabilities and Exposures database (CVE) have expanded to include organizing the many different faces of viruses and malware. In conjunction with US-CERT, Mitre has formed the Common Malware Enumeration Initiative (CME), who will organize the indentifiations each anti-virus manufacturer places on viruses and malware. CME will designate a number to each piece of identified malware and cross-reference it between those anti-virus companies who participate in the initiative.

This will be an excellent reference point for consumers and professionals alike who need to cross-reference virus names between anti-virus vendors. For example, one of the many varients of the Zotob worm that takes advantage of a Microsoft Windows Plug and Play vulnerability is listed as "WORM_ZOTOB.F" by Trend Micro. Yet, McAfee lists the same varient as "W32/Bozori.worm.b"; Symantec as "W32.Zotob.F", and Computer Associates as "Win32/Zotob.F!Wor".

CME will lump all these disparate names together and provide a cataloged number, like CME-15.

So, you can see the advantages of doing such a thing. I tip my hat to Mitre for making this happen!

Posted by Mark Rogowski at 9:02 AM | Permalink

Thought I would take advantage of this service to post some non work related stuff on the off-chance it might be of interest to someone. Posts in this area will appear during breaks through the working day.

Posted by Mark Rogowski at 3:20 PM | Permalink

Microsoft has released its monthly patches yesterday. They include a cumulative update for Internet Explorer and one pertaining to the operating system kernel. You can go to the TSC IT Security web site to view more information.

Here on campus, Microsoft patches are released through the local Software Update Services (SUS). Those with UWin Project systems that have been deployed by TSC should already be configured to receive them. To get more information on how SUS works follow this link. Please note that we wait at least one week before deploying patches through SUS - sometimes longer.

For those running Windows at home, it is strongly recommended that you update your systems. Here is a link that will tell you how.

Posted by Mark Rogowski at 11:27 AM | Permalink

Back in November, I posted to the local noticeboards a short article regarding Sony, Digital Rights Management (DRM) and stealth-like software the company decided to incorporate into some of their CD products. It seemed to spark the interest of many, and a few even responded to me off-line (thanks for reading by the way).

Much has happened since my initial post that I thought would be of interest to you. But first, a quick rundown:

Stealth-like software otherwise known as a 'rootkit' was identified by a security expert when he decided to play a Sony/BMG labeled CD on his computer. This rootkit installed itself on his system once he acknowledged a 2000+ word End User License Agreement (EULA). On discovering the rootkit, he found it was nearly impossible to remove without breaking portions of the operating system.

He reported it in his blog, and it literally exploded from there. Sony faced pressure from a very wide audience on different fronts including class-action lawsuits being filed in California and Texas. On top of this, virus writers took advantage of the rootkit's stealth-like ability and created malware to circumvent Anti Virus software products.

Since then, Sony has done some major back-peddling, including stopping the shipment of rootkit-embedded CD's, pull existing product off shelves, and even release a patch to fix systems already infected with the rootkit. Unfortunately for most, this patch was found to introduce more vulnerabilities than it tries to close. Had Sony responded to this issue when they were initally told by security company F-Secure, all this may have been avoided.

The good news (if there actually is good news in this mess) is that Intel is working on technology that would identify hostile code such as rootkits trying to install themselves and report it to the user. It's possible that said technology could be incorporated at the hardware level, bypassing the software layer entirely. Certainly sounds Interesting, but does this open up a new can of worms for the average computer user?

Posted by Mark Rogowski at 1:33 PM | Permalink | Comments (2)

It's the beginning of the Christmas shopping season, and many of you may be considering doing some of your shopping on-line. While this in itself is nothing out of the ordinary, we must take extra precautions with regards to who it is we are dealing with and how we deal with them. Bankrate has an article outlining tips on how you can ensure your on-line purchases are the 'right' ones. In short:

* Deal with sites you know
* Confirm on-line companies are legitimate by calling them
* Ensure your web transactions are using secure communications - ones that you can verify
* Perform on-line transactions using systems you know and trust to be clean of viruses and malware
* Use a credit card or an escrow service when doing on-line transactions
* Trust nothing you hear and only half of what you see!

Posted by Mark Rogowski at 4:57 PM | Permalink

In the past, I have posted information relating to a social engineering tactic called 'Phishing'. Many of us have seen examples of Phishing attempts through our E-Mail system. I posted an example of one such E-Mail here.

Security experts are now beginning to lean on a less known but more effective attack vector loosely referred to as 'Spear Phishing'. Spear Phishing takes the standard mass-mailing, mass-user capturing of normal Phishing techniques and makes it "personalized". This means that E-Mail coming into your mailbox or through a messenger service could be customized with logos you recognize and calling you by your formal name.

The New York TImes has a very interesting article describing Spear Phishing and tells the tale of a person in Israel who fell victim to a very elaborate scam.

Posted by Mark Rogowski at 4:39 PM | Permalink

The mother of all security resources, the SANS Institute, has released the latest top 20 vulnerabilities for 2005. In a bit of a twist, they expanded things to include major applications like browsers and Anti virus programs, rather than focusing just at the operating system level.

The web page provides references to the Common Vulnerabilities and Exposures (CVE) database with recommendations on how to close these vulnerabilties. An excellent reference for all system and network administrators to view.

Posted by Mark Rogowski at 3:33 PM | Permalink