Security Net Aggregator

Provera linkova

Sun, 23 Nov 2008 11:00:55 +0100

Dok sam koristio AVG antivirus dopalo mi se sto je imao mogucnost skeniranja linkova, odnosno Link scanner. To je ono kad trazite neku adresu preko Googla i kad dobijete rezultat, pored svake adrese se nalazi znak koji pokazuje koliko je sajt bezbedan. To nije losa opcija, pogotovo kad tek ucite o bezbednosti na netu. Posle sam presao na Aviru koja nije imala tu opciju, tako da sam hteo da pronadjem neki program koji ce raditi taj posao. Prvo sam pronasao WOT Web of Trust. To je dodatak za Firefox browser. Cuvace vas od online spywarea, spama, virusa, odnosno posetama zarazenim sajtovima. Koliko sam razumeo sistem rada WOT-a svodi se na to da vi sami ocenjujete neki sajt na koji nailazite surfujuci, da li ima neceg zlonamernog na njemu ili ne. Ti podaci se obracunavaju koristeci statisticke algoritme i davajuci jednu ocenu. Kasnije sam stavio McAfee site advisor, koji po meni stvarno nije los. Obavestavace vas o svim linkovima koji se pojave pa cak i u e-mailu. Ono sto me je podsetilo na AVG antivirus nasao sam u programu LinkScanner Lite . To je u stvari isti onaj dodatak za ovaj antivirus program. Vise iz navike sam ostao na njemu. Ne volim samo sto se ovaj program instalira i ostaje u System Tray. A trudim se da broj ovih ikonica bude sto manji. Ono sto je isto dobro je sto mozete i da ukucate adresu nekog sajta koji vas zanima i da ga date na proveru na svakom od ovih skenera koje sam naveo.

Re: Trojanac otporan na antiviruse...

Sun, 23 Nov 2008 11:00:55 +0100

Uspio sam rijesiti problem skeniranjem HDD-a u safe mode-u.Izgleda da su zarazeni bili i RECYCLE fajlovi na particijama,vjerovatno zbog tog nisam uspijevao da formatiranjem stick-a u normalnom rezimu izbacim virus.U svakom slucaju hvala na pomoci. pozzz svima

LoveCMS 1.6.2 Final (Simple Forum 3.1d) Change Admin Password Exploit

Sun, 23 Nov 2008 06:31:08 +0100

Bogus Wal-Mart Survey Leads to Phishing Page

Sun, 23 Nov 2008 04:00:59 +0100

Email messages supposedly sent by the popular department stores chain Wal-Mart promises recipients a rather large amount of money by simply participating in a survey. The messages also state that the money will be credited to the respondent’s account once the survey has been completed. Here’s what the spammed message contains:

Congratulations!

You have been selected to take part in our quick and easy 9 questions survey
In turn we will credit $90.00 to your account - Just for your time!

The survey has been sent only to a few people from our random generator !

Please spare two minutes of your time and take part in our online survey
so we can improve our services.

Don’t miss this chance to change something.

To participate in this survey, Click Here

With the information collected we can decide to direct a number of changes to improve and expand our online services

Note:
-If you received this message in your SPAM BULK folder, that is because of the restrictions implemented by your ISP
-For security reasons, we will record your ip address, the date and time.
-Deliberate wrong imputs are criminally pursued and indicted

Copyright 2008 Wal-Mart Stores, Inc. All Rights Reserved.

Survey ID

WWLEKFTSYXDYVLUOSDMVCBRJEXCXCIRWTTFHDQ

A link to the “survey” is provided in the message. This is definitely a scam as Wal-Mart has no such survey, and is not paying potential victims of this scam $90 to answer nine questions. Spammers added some notes to make the email message more believable though. Warnings are written at the bottom of the mail such as the recording of the respondent’s IP address “for security reasons” and the more threatening “deliberate wrong inputs are criminally pursued and indicted.” Email messages are also marked High Priority.

Clicking on the link leads users to the phishing site

Scammers again seem to be exploiting the shopping frenzy that comes with the holidays. Christmas and Thanksgiving related Web threats often prey on users’ enthusiasm for purchasing products whether online or not. Several Trend Micro blog entries also document other spamming operations that have similar social engineering techniques:

The Trend Micro Smart Protection Network already blocks this email message, keeping users away from the phishing website. Non-Trend Micro users are advised to not participate in surveys that come from unsolicited messages. Not clicking links in unwanted messages, or those from suspicious senders also keeps systems safe from threats.

Drive Encryption 3.521

Sun, 23 Nov 2008 02:31:01 +0100

DriveEncryption helps you encrypt the disk drives which are using FAT or NTFS File Systems. Drive Encryption supports all kind of Fixed Drive and Removable Storage. For example, Hard Disk, USB Hard...

Harder, Better, Faster, Stronger - The Malware

Sat, 22 Nov 2008 08:01:07 +0100

I am sure that you know this song. Yes, Daft Punk absolute rocks, although this post is about malware not the band.

Anyway, I was going through some blogs today and I stumbled across some articles regarding a malware affecting MacOS. Apparently this piece of malicious software is of a type downloader/installer. All it does is to connect to a remote server, fetch the payload and execute. Nothing special really!

One advantage this malware has over other types of malware is that the payload can be changed over time, which is cool. However, the antivirus folks will continue taking samples of the new payloads and add more signatures to their software. The game is on!

At the end of the day, regardless whether the malware runs for MacOS (the new hype), Windows or Linux, it is composed of pretty much the same routines. If think about it, there is a common pattern among most malware, which means that at some point, once we have better technologies to map any given application behavior, we will be able to insulate potential problematic processes and perhaps even drop them in a sandbox while running. Actually, this is possible today to one degree or another.

My point is that once a malware sample is found, it can be quite quickly neutralized. We know that Antivirus software is not perfect but at least antivirus vendors try to solve a quite complicated problem, so you have to give them some credits. The key point which we have to draw from all of this nonsense which I wrote so far, is that we do not know if a particular type of malware exists until we find a sample of it, which brings me to my main point in this post:

What if it is not possible or it is very hard to get a malware sample?

I blogged about these stuff before, but my question still remains. What if the malware does not persist on the system, instead it weakens the security perimeter and than it destroys itself? What if the result of this weakening looks very similar to the environment you will usually find in corporate networks (yes, corporate networks tend to be quite weakened). In this case the antivirus software has no clue whether this weakening was intentional or not? I am not malware researcher so I am not sure if such a beast exists, but if it doesn’t than I find it scary that there is no practicel advice what to do apart from trying not to get infected on first place. I hardly doubt that antivirus software can do much about the situation either.

Ok, I will leave this concept to sink with you. If you have anything to say please do so bellow. Some may say, hey you spreading FUD, but I don’t think that this is FUD. I believe in impossibilities but some stuff are simply impractical for the time being.

---
gnucitizen information security gigs part of the cutting-edge network:

---
recent posts from the gnucitizen cutting-edge network:

Computer chips give new spin on saving energy
IBM, Partners Aim To Build Brain-Like Computer Systems
iphone so easy 2 hack
Britney Spears And The Art of Self-defamation
Cyber-terrorism will be punishable by death

Increase in Exploit Attempts Against MS08-067

Sat, 22 Nov 2008 07:31:05 +0100

Microsoft Security bulletin MS08-067 was an out-of-band security update that was released on October 23, 2008, to address a critical remotely exploitable vulnerability that was being exploited in the wild. The Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability that was addressed

Script Fragmentation Attack Could Allow Hackers to Dodge Anti-virus Detection

Sat, 22 Nov 2008 05:01:07 +0100

Stephan Chenette of Websense describes a new Internet attack vector that could allow hackers to bypass anti-virus protection at both the gateway and the desktop. The technique, called script fragmentation, involves breaking down malware into smaller pieces in order to beat malware analysis engines. Web 2.0 requires new ways of thinking about browser security.
- Security researcher Stephan Chenette opened up to eWEEK about a new Web attack vector that could potentially render desktop and gateway anti-virus products useless. Chenette, manager of security research at Websense, calls the attack script fragmentation. Similar to TCP fragmentation attacks, i...

New Mac OS X malware - OSX_LAMZEV.A

Fri, 21 Nov 2008 09:01:05 +0100

Filed under: Software, Security

Computer security company Trend Micro is reporting that a new Mac OS X malware application is making the rounds. The application, called OSX_LAMZEV.A, gives hackers a way to take control of infected Macs. This is the second report of Mac OS X malware this week.

This is not a virus, and users must actually launch the app for it to install its payload. Once running, the app also asks which firewall port it can use. Trend Micro reports that "Mac users may be infected when they access remote websites hosting this backdoor. The backdoor may also be disguised as a legitimate application and may be installed and executed on systems."

Many Mac OS X-based malware seems to be similar in nature, requiring users to actually launch the installer and give it permission to install the payload. Unlike Windows-based malware, you shouldn't need to install any anti-malware apps to annoy you and slow down your Mac. Just make sure to follow the basic rules of Internet safety -- don't install applications that aren't legitimate or visit Web sites that you don't trust.

For more details, be sure to visit the Trend Micro Virus Encyclopedia.

New Mac OS X malware - OSX_LAMZEV.A originally appeared on The Unofficial Apple Weblog (TUAW) on Fri, 21 Nov 2008 14:30:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Kako nezavisni istraživački centri mogu da uspešno učestvuju u bezbednosnoj politici?

Thu, 20 Nov 2008 02:31:12 +0100

Centar za civilno-vojne odnose organizuje međunarodnu konferenciju "Kako nezavisni istraživački centri (think-tank-ovi) mogu uspešno učestvovati u bezbednosnoj politici" 4 i 5. decembra 2008. u Beogradu.

Personal magazin: Blokada za Backscatter spam

Thu, 20 Nov 2008 01:31:16 +0100

Kompanija Sophos obaveštava sve korisnike Sophos Email Security and Control rešenja da će u narednom periodu automatski biti primenjena nadogradnja novih funkcionalnosti. Ova automatska nadogradnja je apsolutno besplatna za sve korisnike Email Security uređaja i počinje zvanično od 19. novembra. Ova nadogradnja uključuje i nove mogućnosti zaštite vaše organizacije od vrste spama koji se zove Backscatter. Šta je Backscatter spam? Da li ste [...]
Vaš komentar

A Proactive Approach to Building a Successful Security Development Lifecycle Program

Thu, 20 Nov 2008 05:01:17 +0100

At this point most of you have heard about the Microsoft SDL and some of activities and deliverables associated with it.

However, I still receive a number of questions, specifically, how and where development organizations can start deploying SDL.

Good news!

One of the new Microsoft SDL Pro Network members, Security Innovation, has invited me to address this and other SDL questions at an upcoming webcast titled “A Proactive Approach to Building a Successful Security Development Lifecycle Program.”

SI also invited Jon Oltsik, an analyst from the Enterprise Strategy Group, to present his point of view on the value of the SDL to development organizations. It should be an interesting event, and will hopefully answer many of the questions I have received from the field. If we don’t address your questions during our presentations, there is going to be Q&A at the end …

If you are interested in attending this live web event, it is going to take place TOMORROW Thursday, November 20th, at 1:00pm ET, and you can register for it here.

Hope you can make it!