Tag Archive for Malware

| May 21, 2011
Comments Off on 2/3 K-12 Networks Breached Multiple Times

2/3 K-12 Networks Breached Multiple Times

2 of 3 K-12 Networks Breached Multiple Times a YearPanda Security, a provider of cloud-based security software, recently released a report that says 63 percent of K-12 schools experience malware outbreaks or unauthorized user access at least twice a year.  The report, Kindergarten-12 Education IT Security Report (PDF), had some other interesting infobits.

Personal devices on K-12 networks

The survey reports that eighty-two percent of schools allow students and staff to connect personal computers and laptops to the school network. Panda says schools recognize outside devices introduce external risks, but they struggle to fully integrate security policies for multiple devices. Only 74 percent of districts are monitoring the use of external devices. Fifteen percent fail to take any extra security measures, leaving those school systems more vulnerable to infection.Pamda Laptop chart Most schools have implemented IT security best practices, there is still room for improvement reports Panda. The report says ninety percent of schools install anti-virus and/or anti-malware on computers, but nearly 25 percent fail to use firewalls, block high-risk websites, or employ user authentication. 86% prevented the use of very risky websites; while 89% mandated users install security software on their systems. Further, 15% of respondents acknowledged that there weren’t any extra security measures in their districts if they wanted to use laptops.Panda Best Pratices

Social media threats

Social media is a top concern for schools, but the stringency of school policy varies greatly. Ninety-five percent of schools have a social media policy in place, citing the mitigation of malware-related risks as the main reason for implementation. Twenty-nine percent of schools allow students unlimited access to social media sites, while 32 percent deny students access altogether.

Panda Social MediaSchools lack the funding to be secure. I have always said that schools face attacks from the inside and the outside. Insiders in a K-12 school network range from technically unsavvy to damn good malicious attackers. Despite this, the report says 72% of schools reported that budget limitations were the main obstacle, to better security and 38% reported non-availability of staff, and 29% of the schools, reported their IT staff had to attend to other more important tasks than IT security.  IT administrative staff at 38 percent of schools report removing viruses or malware from IT systems a few times a week, and 21 percent are doing this daily according to Panda.

With malware on the rise and new threats propagated through social media every day, having the right security tools in schools has never been more important. Security issues consume staff time, diverting attention from the business of education. Help Net Security quotes Rick Carlson, president of Panda Security US, who has a great grasp of the obvious, “While the Internet is an invaluable tool for education, it can cause serious interruptions to day-to-day operations if schools fail to properly address security concerns.”

rb-

Just to prove the point, the Oakland Press is reporting that 4 students at Romeo High School in Romeo, Michigan were caught allegedly intercepting 60 staff members’ emails, including the Superintendent after “something goofy” happened to the website. While I have no first-hand knowledge, the news did say the attackers went after people who read their emails on their cellphones. So more than likely it was some kind of Bluesnarfing attack, maybe including a Cain and Able payload to get at passwords.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| April 9, 2011
Comments Off on Cameron Diaz Most Dangerous Celebrity in Cyberspace

Cameron Diaz Most Dangerous Celebrity in Cyberspace

Charlie’s Angels and Shrek actressCameron Diaz Most Dangerous Celebrity in Cyberspace Cameron Diaz is the most dangerous celebrity in cyberspace according to the 4th annual McAfee Most Dangerous Celebrities study. Ms. Diaz has replaced Jessica Biel as the most dangerous celebrity to search for on the Web, according to security company McAfee, Inc. (MCFE).

McAfee logoFor the fourth year in a row, McAfee researched popular culture’s most famous people to reveal the riskiest celebrity athletes, musicians, politicians, comedians, and Hollywood stars on the Web. “Whether you’re surfing the Web from your computer or your phone or clicking on links in Twitter about your favorite celeb, you should surf safely, and make sure you’re using the latest security software.”

Cyber-criminals use celebrity as lure

Cyber-criminals often use the names of popular celebrities to lure people to sites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of just trendy content. “Cyber-criminals follow the same hot topics as consumers, and create traps based on the latest trends,” Dave Marcus, security researcher for McAfee Labs said, “Whether you’re surfing the Web from your computer or your phone or clicking on links in Twitter about your favorite celeb, you should surf safely, and make sure you’re using the latest security software.

Cameron Diaz Most Dangerous Celebrity in CyberspaceMcAfee research found that searching for the latest Cameron Diaz pictures and downloads yields a ten percent chance of landing on a website that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses, and other malware. These fans are at risk of running into online threats designed to steal personal information. Clicking on these risky sites and downloading files like photos, videos, or screen savers exposes surfers or consumers to the risk of downloading viruses and malware.

Mr. Marcus continues, “ … consumers are getting smarter about searching online, yet cybercriminals are getting sneakier in their techniques. Now they’re hiding malicious content in ‘tiny’ places like shortened URLs that can spread virally in social networking sites and Twitter, instead of on websites and downloads.

The study uses SiteAdvisor site ratings, which indicates which sites are risky to search for celebrity names on the Web and calculate an overall risk percentage.

 

1Cameron DiazSearching for Ms. Diaz results in a one in ten chance of landing on a risky site. She has most recently been in the spotlight with blockbuster movies, “Knight and Day” and “Shrek Forever After.” When “Cameron Diaz and screensavers” was searched, 19% of the sites were identified as containing malicious downloads
2Julia Roberts The Academy Award-winning actress is one of America’s sweethearts, and was recently in the spotlight with her upcoming release of “Eat, Pray, Love.” The overall risk of searching for Roberts is 9%, yet searching for “Julia Roberts and downloads” results in a 20% chance of downloading a photo, wallpaper or other file laden with malware.
3Jessica BielLast year’s Most Dangerous Celebrity fell 2 spots with searches resulting in fewer risky sites this year. Her on-again, off-again relationship with Justin Timberlake, keeps M. Biel iin the spotlight along with her 2010 appearance in “The A-Team.". While her overall search risk is 9%, searching for “Jessica Biel and screensavers” results in a 17% chance of landing on a risky site.
4Gisele Bündchen The world’s highest-paid supermodel moved up 2 spots since last year. Searching for “Gisele Bündchen and screensavers” can prove risky, 15% of the search results for this beauty can put spyware, malware or viruses on your computer.
5Brad Pitt Mr. Pitt is often in the spotlight with news of his movies and his personal life. It’s no wonder why this leading man has been in the top ten for the past 3 years. He moved up in rank 5 spots this year. Downloading photos, screensavers, or other files of the actor can potentially put adware or spyware in your computer.
6Adriana LimaSearching for downloads of this Brazilian beauty can direct users to red-ranked sites. Ms. Ms. Lima is best known for being a Victoria’s Secret Angel since 2000.
7Tie- Jennifer Love Hewitt and Nicole Kidman Searching for these Hollywood starlets resulted in an equal number of risky download websites.
8 Tom Cruise With recent buzz around his MTV Awards performance as well as his movie, “Knight and Day,” Mr. Cruise rises to the top ten.
9Tie - Heidi Klum and Penelope Cruz Both of these women are consistently in the spotlight, and share the #9 spot. Cybercriminals use their names to lure people to risky sites. Ms. Klum hosts “Project Runway” and Ms. Cruz has been in the spotlight recently for her role in the “Sex and the City 2” movie and is expected to star in the fourth film of the “Pirates of the Caribbean” series.
10Anna PaquinThis “True Blood” star is as dangerous on the Web as she is on the screen. Searching for screensavers of Ms, Paquin can lead you to downloads filled with malware.
49President Barack ObamaSearchs for Mr.Oboma is not that risky.His rank of 49 places him in the bottom of this year’s results, moving even lower on the list compared to last year.

rb-

McAfee released this celebrity list just minutes before it announced Intel was buying the company for nearly $8 billion.

Just pointing out the timing, maybe marketing is why McAfee was able to get $8 billion from Intel for the company.

What do you think?

Cameron Diaz? Really?

Is the anti-virus industry based on marketing?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| March 9, 2011
2 comments

Digital Ants May Secure Networks

Researchers have developed “digital” ants to defend networks from worms and other malware. According to DarkReading scientists from Wake Forest University and the Department of Energy’s Pacific Northwest National Laboratory in Washington state have worked together on the project that mimics the defensive behavior of ants. The researchers developed thousands of different types of digital ants that move through a computer network and search for evidence of a malicious threat.

Digital antsWhen a digital and detects a threat it leaves behind a “scent” or marker to attract other ants, like real ants. Other ants then follow the trail to swarm a potential infection with “swarm intelligence. TechRepublic explains that digital Swarm Intelligence consists of three components:

  • Digital ant: Software designed to crawl through computer code, looking for evidence of malware. There will be 3000 different types of Digital Ants employed.
  • Sentinel is the autonomic manager of digital ants congregated on an individual computer. It receives information from the ants, determines the state of the localhost, and if any further action is required. It also reports to the Sergeant.
  • Sergeant is an autonomic manager of multiple sentinels and is the interface with human supervisors. The size of the network determines the number of Sergeants required.

Like their biological counterparts, each individual ant is not very bright. “We are using the ants to sense something very basic, like a connection rate,” said Errin Fulp, a professor of computer science at Wake Forest. There are about 60 technical details the digital ants can detect and leave a tiny digital trail that says something unusual is going on here, and that other ants should check it out .”Then we collect that evidence which points us to a particular infection or security threat,” said Mr. Fulp.

The swarm intelligence approach to finding specific threats is intended to provide better and quicker detection of threats than current anti-malware software can perform. The researchers developed software capable of running multiple security scans contiguously, with each scan targeting a different threat according to the article. It’s also better able to handle morphed versions of malware, according to the research.

“In nature, we know that ants defend against threats very successfully,” Mr. Fulp, says in DarkReading. “They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We were trying to achieve that same framework in a computer system.”

In a test of the technology, the digital ants were able to discover a real computer worm planted by Wake Forest on a network of 64 computers in the lab.

Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat,” Fulp says. “As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.

The researchers say the digital ant method works best for big networks with a large number of identical machines. And digital ants can’t take over your machine, either: they have to report back to the humans who control their “colony.”

rb-

aardvark chasing antSoooo, computers are going to go from having a bad case of worms to having a case of ants in their pants? Will the ants fall victim to Ant eater malware?

The research seems like a remake of the “good viruses” or “anti-virus viruses” idea that people outside the anti-virus industry mainstream bring out from time to time.

If this idea is commercially viable, they have some obvious advantages, compared to static anti-virus programs:

Digital ants do not consume large amounts of computer resources,

Digital ants do not need lengthy, process-hogging scans.

There’s no need to constantly update digital ants because they adapt to malicious code variants

What do you think?

Are the mainstream anti-malware firms creative enough?

Will digital ants work?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| November 21, 2010
Comments Off on Facebook is Biggest Social Networking Risk

Facebook is Biggest Social Networking Risk

Facebook is Biggest Social Networking Risk Data from anti-malware vendor Sophos2010 Security Threat Report (PDF) says Facebook is the leader in privacy risks, spam, and other malicious activity. 60 percent of the respondents to a Sophos survey identified Facebook as the biggest security risk in social networking, followed by MySpace (18%), Twitter (17%), and LinkedIn (4%).

It is not surprising that users regard Facebook as the top risk. Facebook’s over 500 million users, offer criminals a cornucopia of personal data to exploit. “Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made,” said Graham Cluley, senior technology consultant for Sophos.

Criminals have focused their efforts on social media

Sophos’ research shows that criminals have focused their efforts on social networking users in the last 12 months creating an “explosion” in social networking spam and malware complaints. Sophos found that 57% of social network users were spammed on one of the sites, an increase of 70 percent compared to last year.  They also found 36%  of social network users reported being sent malware, a 70% increase over last year. “The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks,” Sophos’ Cluley added.

Three things working against Facebook users

There are three things working against Facebook users, themselves, malware, and Facebook. Facebook users typically give away more private information to Facebook than other sites. Though most people’s profiles it is possible to find out their first, last, and maiden names, where they live, where they went to school, and even worse, historical information like where they lived in the past. A lot of this private information is required on many online credit checks, providing a boom for criminals looking to exploit a user’s credit history or steal their identity.

The most common malware used on social networks is Koobface. Koobface can target all the popular social portals, including Facebook, MySpace, Bebo, Friendster, Tagged, and Twitter. According to the report, Koobface is capable of, “... registering a Facebook account, activating the account by confirming an email sent to a Gmail address, befriending random strangers on the site, joining random Facebook groups, and posting messages on the walls of Facebook friends. Furthermore, it includes code to avoid drawing attention to itself by restricting how many new Facebook friends it makes each day.

Another threat is Facebook applications. Criminals can create malicious Facebook applications designed to steal information and they can find holes in pre-existing applications and exploit them. Legitimate Facebook apps will give away your information if you allow them to (as I have written about here and here). Once an app has permission it can harvest all the information in a Facebook profile and send it to criminals. Before users grant an application access to all of their information, they should Google the publisher to see if they are legitimate or not. Any application that starts doing anything strange or suspicious should be removed immediately.

Facebook has tried to address these risks by issuing a new privacy policy. However, Sophos’ Cluley called it a step backward, because the new settings are “encouraging many users to share their information with everybody on the internet.” According to Facebook only 35% of their users actually customized their settings leaving 65% who presumably didn’t change their settings and continue to share valuable data, which is then used to propagate spam and malware.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , , , , ,
| November 19, 2010
Comments Off on Do You Know Where Your IPv6 Is?

Do You Know Where Your IPv6 Is?

Do You Know Where Your IPv6 Is?Earlier, I covered the iSuppli announcement that nearly 3 out of every 4 people on Earth will soon own a mobile phone. Now, this factoid has some consequences. Johannes Ullrich, PhD, chief research officer for the SANS Institute is predicting that the arrival of new and upgraded IPv6-enabled operating systems, can open new and unrecognized security weaknesses in otherwise secure environments.

SANS Institute logo

Dr. Ullrich told Net Security, “One of the problems is the accidental implementation of IPv6. You may already have IPv6 on your network without knowing about or configuring it.” He continues, “Windows 7, OS X, and Linux enable it by default. In the last round of operating system updates, it has tended to be turned on by default.” Dr. Ullrich, who is currently responsible for the SANS Internet Storm Center (ISC), also highlights devices running Apple’s IOS such as iPhone as well as some Google Android devices come with IPv6 enabled by default.

Dr. Ullrich says that the growth of mixed IPv4 and IPv6 networks, sometimes without the knowledge of IT security teams, can introduce a variety of potential security risks. Attacks designed to exploit IPv6-enabled devices could also be missed by security teams not looking for  IPv6 traffic, “Many organizations will look at their own networks and not see a big problem staying on IPv4,” he explains.

According to Net Security, Ullrich believes that organizations have failed to grasp the full impact of a move to IPv6 or the amount of time needed to plan, test, and secure any migration strategy. Ullrich believes that it will take at least about a year for larger organizations to move over to IPv6. Although most modern routers and switches are capable, supporting SIEM, IDS, IPS, and monitoring tools will need reconfiguration. The application layer is more problematic according to the SANS Institute expert  “It is comparable to the Y2K problem, and there may well be many complex or custom applications that are affected by switching over that need to be tested.”

This gadget has been developed by Takashi Arano, Intec NetCore

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
« Older Entries   Recent Entries »