Symantec: Web Threats 2010

Came across this great report on the state of Web Threats this year. One of the key lessons from this report shows how cybercriminals are now focused on compromising existing web servers rather than bringing their own online. In fact, they found 90% of malicious websites are compromised sites.

Key reason for this, as explained by Symantec analyst Dan Bleaken:
The attraction of knowing that legitimate sites often come fully furnished with regular users and a good level of traffic in general, providing a ready pool of instant victims and eliminating the need to stimulate from scratch a flow of visitors to a newly established domain.

Another key stat: Only 6.9% of  compromised malicious sites had their infection removed within 7 days. Yes, 6.9%...meaning that 93% of these sites are online longer than a week.

You can find the full report at the URL below.

http://downloads.messagelabs.com/dotcom/Whitepaper_web_threats_2010_EMEA_UK_June10.pdf
Read rest of entry

News Storm

Here's some key stories that unfolded this week in security:

YouTube Victim of XSS Attack

On Sunday YouTube fell victim to a XSS attack redirecting users to different sites from fake anti-virus pages to porn to Canadian pharmacy. Google patched up the problem relatively quickly but the backlash on Twitter was tremendous. Here's some great posts by SecTechnoThe Register, and the SunBelt Blog.


Adobe Launch Function Still Vulnerable

Adobe fixed the Launch function vulnerability...or did they? Turns out this can still be exploited pretty easily. Check out our blog post on the topic, and also check out the Didier Stevens post to prevent the vulnerability.

Movie Sites Hosting Malware


The Secure Home Networks blog reports on 425 domains leading to malware, all related to illegal movie downloads. While it's risky to download movies illegally anyway, for any number of reasons, it's nice to know the bad guys are still setup in this zone as well.

Other Interesting Posts

Targeted Attacks with Excel Files
Redirect on Event
New SQL Injection Making Rounds?
Read rest of entry

Global Spam Rate 89.3% According to Latest Symantec Report

Symantec recently released their Message Labs Intelligence report, highlighting some key stats in email and web based threats. According to the report the global spam rate is now 89.3%, with 80% of these being pharmaceutical spam. The report also goes into depth on the rash of World Cup threats that amassed in the months before the start of the World Cup.

Check out the full report below...

http://www.messagelabs.com/mlireport/MLI_2010_06_June_FINAL.pdf
Read rest of entry

Firefox 4 Beta 1 Released!

The long awaited Firefox 4 Beta 1 has been released. This includes tons of changes, including tab placement and other enhancements for CSS and HTML5. Download link and release notes are linked below...check it out!

http://www.mozilla.com/en-US/firefox/all-beta.html
http://www.mozilla.com/en-US/firefox/4.0b1/releasenotes/
Read rest of entry

Launch Action Still Vulnerable

Adobe release a patch last week to finally patch to limit the vulnerable Launch action that could be used to run script from Adobe Reader. Turns out the patch is not really complete and the Bkis Blog has found ways around this. 

It took Adobe 3 months to issue a patch for this to begin with, are we going to have to wait another 3 months?

In the meantime Didier Stevens, who originally found the problem has done some research and found why this is taking place. Apparently, Adobe has used a blacklist type method to allow or deny the Launch action. 

Stevens has provided a workaround in his blog, allowing users to go into the registry and add to the "blacklist" of non-allowed commands. Check out his post below for more info on how to do this from the Windows Registry. For those not comfortable fooling around in there, let's hope Adobe is quicker to get a better working patch out this time.


Read rest of entry

Adding Twitter Updates with Style

Getting back into things, some things just weren't lining up in the blog template any longer, so we decided to scrap the whole thing and rebuild using the same template. Strangely enough though, the Twitter widget provided by Blogger doesn't allow any styling, which made the Twitter updates almost impossible to read.

After a while of tinkering with the widgets and trying to find the right one to let me do this I finally found the answer at the post below. This shows exactly the code you need to just add a HTML/JS widget and copy the code in - exactly what I was looking for!

http://www.bloggerbuster.com/2008/04/add-customized-twitter-widget-to-your.html

Now you can style your Twitter updates as you wish, instead of relying on the lame widget to do so. Thanks BloggerBuster!
Read rest of entry

We're Back!

Green Cloud Security is back after a long layoff, mostly working on other projects. It's exciting to dig back into the site, and security in general. You can expect more of the same posts, coverage on the latest threats, threat reports, security tips and more. 

Have a great day everyone!
Read rest of entry

Banking and Virus Scanning with a Live CD

Last week, Brian Krebs of the Washington Post blogged here advising business owners to perform online banking using a live CD. This excellent advice (IMHO) created quite a stir over the last week.

Essentially, banking on a live CD prevents you from becoming susceptible to Windows viruses, while at the same time loading a fresh, non-compromised OS each time. This can almost guarantee that you online banking sessions will be secure - so long as you go directly to the bank site and don't click on a dangerous links in delivered via email, etc. It's also a no-cost option which is great for SMBs.

Mr. Krebs took the time to respond to some of the publicity surrounding his article with a follow up earlier today. He responds to some reader suggestions like using limited user accounts, and dedicated computers for online banking. These practices are well-recommended but don't necessarily work against the most popular banking trojans today - Zeus and Clampi.

As noted by Krebs, "a number of today's more advanced threats - including the Zeus Trojan, a sophisticated family of malware most commonly associated with these attacks against small businesses -- will just as happily run on a limited user account as an administrator account in Windows." He also noted that Clampi can easily propogate over a Windows network.

What I found most interesting was the discussion about the Genlabs breach which netted criminals $437,000 dollars. This was done using the Zeus (Zbot) family of malware and the forensic report done after the fact highlighted a major problem with Windows based anti-virus scanning.

"Using a Windows-based scanning tool, the drive showed no infections. However, several directory trees and files could not be accessed indicating that the tools were not able to complete a 100% analysis.
...
We built a Linux-based system to repeat selected scans and analysis on the theory that Linux would bypass possible Windows-based protocols to protect and/or hide files."

The compromised system contained two variants of the Zeus trojan, the trojan that just cost them $473,000 dollars!!!

However, this got me thinking about something I hadn't ever done before. Why not boot into Ubuntu (which I currently dual-boot, any other OS besides Windows would work) and run scans from there?


Testing this was incredibly easy. First, I went to the Avast! website and downloaded the newest .deb package from the Linux download page. After installing it was as simple as picking out my Windows partitions, which are easily accessible in Ubuntu, and running scans on them.

Luckily, nothing was infected. This type of scan could also easily be run from a Live CD to check for any type of bot, virus or infection.

For those of you that have read this far, apologies for the long winded article. I had wanted to comment on the use of a live CD last week and ever got a chance until now. This cheap and quick alternative could certainly save a number of small and medium size companies from huge losses at the hands of criminals.
Read rest of entry

Obama Stresses Cybersecurity Awareness

"The lesson is clear, this cyberthreat is one of the most serious economic and national security challenges we face as a nation" (Obama).

This is the message that Obama recently declared in a short video on the White House website. He makes it very clear, in the midst of cybersecurity awareness month, that all Americans need to be aware and secure in their online activities.

"As consumers we use the internet to pay our bills, to shop, to file our taxes, but millions of Americans have been victimized; their privacy violated, their money and identity stolen, their lives turned upside down" (Obama).

It's great that the President is getting involved and placing some awareness from the top down on "cybersecurity". He stresses that everyone needs to do their part; from individuals to corporations. Obama, and the White House provide the following recommendations:
  • Keep security software up to date
  • Beware of suspicious emails
  • Always know who you're dealing with
  • Never give out your personal or financial information unless you've verified the recipient is legitimate
In addition, White House Assistant John Brennan stresses to "learn what to do if something goes wrong".

Check out the YouTube Video:



The White House cybersecurity awareness blogs:
National Cybersecurity Awareness Month
National Cybersecurity Awareness Month II
National Cybersecurity Awareness Month III
Read rest of entry

New Zeus Scam Emails and Download Domains

There are some new Zeus emails going around that folks should be aware of. These emails, as reported by the Securosis blog, pretend to be from a system administrator. The administrator asks them to "run SSl updates procedure" as below.
Read rest of entry
 

Green Cloud Security

Web security and converged threats are among the biggest issues in network security. Green Cloud Security provides the latest information on these threats.

Follow us on Twitter and RSS!

twitter / greencloudsec



Term of Use

My Blog List

SANS ISC SecNewsFeed

Security Bloggers Network