Hackers have created a new technique for compromising computers that totally evade signature-based anti-virus detectors.
http://www.infoworld.com/article/07/08/03/Malignant-Javascript-mutates_1.html
[Editor's Note (Valle): As hackers find more and more ways to outsmart signature-based A/V technologies, behavioral-based A/V technologies like CSA are no long "nice to have" as an extra layer of defense. The are a "must have".]
Analysts at RSA security have discovered a phishing tool that can create a phishing site on a compromised server in about two minutes.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026709&source=rss_topic17[Editor's Note (Valle): The best way to not fall victim to a phishing attack is to never click on links within an email but rather to type the URL into a browser to make sure you are going to the right website. If you do end up at a compromised server and it tries to download malicious code, having CSA would stop it from executing.
Pfizer lost social security numbers and other personal information on 15,700 of its employees because of one’s person P2P software.
http://www2.csoonline.com/blog_view.html?CID=33004
[Editor's Note (Valle): Many people don't realize that they can be sharing their whole harddrive when they enable P2P software on their computers. Cisco MARS is very good at tracking employees that are participating in P2P networks and has default reports that can be easily generated. CSA could have prevented the files from being copied and shared on a P2P network as well as kept the employee from installing the P2P client in the first place]
Once these corporate computers become infected they will be turned into “bots” that can be used for spam campaigns and DDOS attacks.
http://www.networkworld.com/columnists/2007/060707
edit.html?page=1
Editor’s note (Valle): The legal issues that corporations have to face if they are infected by bots are multifaceted. The bots can steal personal data from employees and customers and intellectual property from the company as well as cause disruption to others as part of a DDOS attack or spam campaign.
MARS would be able to easily find infected computers from their network behavior and as Steve Davies from IronPort mentions in the comment section of my June 7th post “Computer hackers steal Carson funds” the IronPort S series appliance monitors all out-bound traffic and can catch a bot calling home.]
Cyber-criminals are developing a new genre of highly sophisticated and evasive attacks designed to bypass signature-based and database-reliant security technology…Compromised web servers are keeping track of IP addresses of visitors so that they can hide malicious pages when anti-malware crawlers used by URL filtering, reputation services and search engines come for a visit and therefore look like a “clean” site
.
http://www.vnunet.com/vnunet/news/2191298/
hackers-turn-genre-evasive
[Editors note (Valle): In this escalating cat and mouse game I'm sure we'll start seeing anti-malware companies start to dynamically change the IP addresses of their web crawlers in order to fool these compromised web servers.
CSA and the IronPort C appliance would be good defenses against malware coming over HTTP (port 80)]
A real-life story of the damage a key stroke logger can do on the right (or should I say wrong) computer.
http://www.latimes.com/news/local/la-me-hackers1jun01,0,2083352.story?coll=la-home-local
[Editor's note (Valle) It will be interesting to find out how the key stoke logger got on the Treasurer's computer. The most common vector for this type of attack is opening an email that has the key logger within the email or by following a link in an email to a website that will deposit the key logger through a vulnerability in the user's browser.
Also relevent to this post was the news that a new variant of the Gozi virus (which had a key stoke logger included) was found last week by a security researcher. Most of the A/V vendors at the time could not recognize this new variant so we really do not know how many computers were infected by it.
CSA would have stopped these key stroke loggers from executing and IronPort appliances would have added an additional layer of defense by filtering email (C series appliance) and web traffic (S series appliance) for malicous traffic.]
Google has found that almost 1 in 10 websites has some sort of malicious code..
http://www2.csoonline.com/blog_view.html?CID=32927
[Editor's Note (Valle) Google has confirmed what many security companies having been saying for a while: Many websites are now compromised and making bot nets out of their victims. This study also validated new malware trends:
1) Hackers are using scripting languages to determine how a computer is vulnerable and then requesting an appropriate exploit from a centeral server.
2) Hackers are changing binaries to get by AV programs.
As per the previous post, the IronPort C series appliance would help enterprises stop trojans and malware from being downloaded and as another layer of defense CSA could be recommended as well
Panda labs is the latest security lab that has acknowledged that they are overwhelmed with the increase of malware
http://www.net-security.org/secworld.php?id=5110
[Editor's note (Valle) Article reinforces the idea that traditional signature-based defenses are now almost useless against zero-day threats. It also touches on the trend of malware becoming stealthier which gives people a false sense of security that their computers are not infected when they really are.
Nearly half of professionals from across a wide range of industries admit they have taken data with them — everything from documents and lists to sales proposals and contracts — when they’ve changed jobs.
http://www.informationweek.com/news/showArticle.jhtml
;jsessionid=XUXSHKNUY13P2QSNDLPCKH0CJUNN2JVN?articleID=199500629
[Editor's Note (Valle) With CSA IT managers can create policies for certain files on a computer so an employee will not be able to copy, paste, transfer, or print the information]
This article talks about a study that shows that thumb drives have become a top concern amongst IT managers.
http://www.informationweek.com/news/showArticle.jhtml?articleID=199300021
[Editor's note (Valle) With CSA a can create an acceptable use policy for thumb drives and enforce compliance]
