Security Protection – Harry Waldron MVP Rotating Header Image

October, 2011:

Facebook – Avoid ChatSend application

Sunbelt security has issued a warning for the ChatSend application.  It installs toolbars for all popular browsers and changes the user’s home page.  It then generates spammed messages extensively within Facebook.  It is difficult to remove once installed and should be avoided if offered by any of your Facebook contacts.

Facebook – Avoid ChatSend application http://sunbeltblog.blogspot.com/2011/10/little-too-chatty.html

QUOTE: There’s a program called ChatSend currently doing the rounds on Facebook, and at time of writing just over 114,000 people have hit the “Like” button which no doubt means a high proportion of that tally have downloaded and installed it. The link directs to the Facebook page of ChatSend where one can readily download the app. Upon execution, it shows a GUI containing its Terms of Service and Privacy Policy. The pre-ticked boxes will install the toolbar in all browsers, set web search as default and change the homepage.

Corporate Security Awareness – It is worth the effort and cost?

This SecuriTeam post debates some of the pros/cons of corporate security awareness.  Some firms rely solely on technology controls while others have a robust user awareness program.  Somewhere in the middle is a good balance as both technology and the user play an important role in safeguarding the company’s information resources.   I would personally vote “YES” having seen direct and measurable benefits from past security awareness campaigns

Corporate Security Awareness – It is worth the effort and cost? http://blogs.securiteam.com/index.php/archives/1555

QUOTE: Is security awareness “worth it”?  Is security awareness “cost effective”?  Well, we’ve been spending quite a lot on security technologies (sometimes just piecemeal, unmanaged security technologies), and we haven’t got good security.  Three arguments in favour of at least trying security awareness spending:

1)  When you’ve got two areas of benefit, and you are reaching the limits of “diminishing returns” in one area, the place to put your further money is on the one you haven’t stressed.

2)  Security awareness is mostly about risk management.  Business management is mostly about risk management.  Security awareness can give you advantages in more than just security.

3)  Remember that the definition of insanity is trying the same thing over and over again, and expecting a different result.

Windows 2008 R2 Hyper-V security Hardening Guide

Securiteam blogs has published an excellent security guide for hardening Microsoft’s Hyper-V virtual environment

Windows 2008 R2 Hyper-V security Hardening Guide http://blogs.securiteam.com/index.php/archives/1561

QUOTE: Virtual Machine Servicing Tool 3.0 helps to update offline virtual machines, templates, and virtual hard disks with the latest operating system and application patches. Authorization Manager provides a flexible framework for integrating role-based access control into applications. It enables administrators who use those applications to provide access through assigned user roles that relate to job functions.

Halloween 2011 – More online Tricks are circulating than Treats

Please be careful with email, weblinks and Facebook as malicious threats are circulating. Several security firms are warning of online dangers:

Halloween 2011 – More online Tricks are circulating than treats http://blog.trendmicro.com/tricks-and-threats-infographic/
http://blog.eset.com/2011/10/27/scary-halloween-cyber-pranks
http://nakedsecurity.sophos.com/2011/10/31/halloween-kill-some-zombies/

QUOTE: Halloween is fast approaching and it’s that time of the year when scaring people is the most popular form of entertainment. However, not all spooks this season may end up in good-natured merriment. Cybercriminals may take this opportunity to scare users with their tricks, which include spammed messages, poisoned search results, spammed tweets with dubious links and Facebook clickjacking attacks. If not wary of these schemes, users may end up becoming victims of information theft, system infection, and even financial loss.

VMware – Security Blog and Key Resources

Below are key security resources for VMware found during recent research:

VMware – Security Blog http://blogs.vmware.com/security/

VMware – Security Center http://www.vmware.com/technical-resources/security/index.html

QUOTE: VMware offers secure and robust virtualization solutions for virtual data centers and cloud infrastructures, and has both the technology and the processes to ensure that this high standard is maintained in all current and future products. VMware virtualization gives you:
  • Secure architecture and design: Based on its streamlined and purpose-built architecture, vSphere is considered by experts to be the most secure virtualization platform.
  • Third-party validation of security standards: VMware has validated the security of our software against standards set by Common Criteria, NIST and other organizations.
  • Proven technology: More than 250,000 customers—including all of the Fortune 100 as well as military and government installations—trust VMware to virtualize their mission-critical applications.

OpFake.A – New Mobile attack disguised as Opera Mini Updater

A new mobile malware threat has surfaced and disguises itself as a legitimate software offering from Opera.  It is important to carefully check the authenticity of any software apps installed

F-Secure Trojan:SymbOS/OpFake.A http://www.f-secure.com/weblog/archives/00002261.html

Here’s the technical analysis related to yesterday’s post on Trojan:SymbOS/OpFake.A.  OpFake.A arrives as a supposed Opera Mini updater using file names such as OperaUpdater.sisx and Update6.1.sisx. The malware installer adds an Opera icon to the application menu. When run, it will show a menu and a fake download progress bar. The malware also has a “license” which can be displayed. When the trojan is started, and before the victim advances through any of the menus, the trojan is already sending text messages to Russian premium rate numbers. The numbers and the content of the messages come from an encrypted configuration file (sms.xml).

The Symbian version of OpFake.A will also monitor SMS messages for the short while it is active and deletes incoming messages and messages moved to the sent messages folder based on the phone numbers and content of the messages. The code that handles the interception of incoming SMS messages is largely identical to that in Trojan:SymbOS/Spitmo.A. That part of OpFAke.A clearly shares source code with Spitmo.A.

Malicious Spam uses fake Gadhafi Video

Please always be careful of email message links or attachments that may be used to infect your system

Trend Labs – Video of Gadhafi’s Death Being Used for Spam http://blog.trendmicro.com/video-of-gadhafis-death-being-used-for-spam/

QUOTE: We’ve been seeing a particular social engineering lure in spam runs in the past, where spammers leverage the death of a known celebrity or political figure. Recent examples of this include the death of Steve Jobs, and Amy Winehouse. In this spam run using Gadhafi’s death, however, a more compelling lure is being used to trick users into downloading malicious files.  We found several spammed messages that claim to lead to videos of Gadhafi’s death. It is important to note that videos of Gadhafi’s death do exist, and legitimate news sites like Reuters and The Washington Post tell of the graphic content in the video and even host the said videos on their websites. This existence of real videos of Gadhafi’s death relatively makes it a more compelling lure.

Spam attack promotes false Charity Fund for Steve Jobs

Major news events are often crafted into spam or malicious attacks as noted below:

Spam attack promotes false Charity Fund for Steve Jobs http://blog.trendmicro.com/spammers-promote-steve-jobs-bogus-charity-fund/

QUOTE: Even after a few weeks following Steve Jobs’ death, spammers are still taking advantage of his demise. We have previously reported about this in the following blog entries:

This time, we received sample spammed messages promoting a supposed charity fund for young and gifted programmers and Web coders in honor of the late Apple co-founder.

Malware Return-Oriented Programming – Detection Method discovered

This recent discovery by researchers could benefit future operating systems and security protection products in future

PC Magazine – New Technique Detects Hidden Exploits http://securitywatch.pcmag.com/malware/289607-new-technique-detects-hidden-exploits

QUOTE: Modern operating systems don’t make life easy for malware coders. Features like Data Execution Prevention and non-executable memory pages ruin schemes that involve injecting malicious code disguised as data. Modern malefactors have turned to a technique called Return-Oriented Programming (ROP) to get around these restrictions. However, researchers Michalis Polychronakis and Angelos D. Keromytis from Columbia University have invented a way to detect this sneaky technique.

Instead of trying to inject malicious code into the system, the malware writers find the CPU instructions they want in existing processes, typically always-loaded Windows processes. They slip in a list that contains the in-memory addresses of these code chunks, called “gadgets“. By forcing execution of the gadgets in a specific order, they build an exploit without ever placing executable code on the system.

Android 4.0 – Five Features for new mobile O/S

This article documents some of the key new features designed into Android version 4.0:

Android 4.0 – Five Features for new mobile O/S http://www.zdnet.com/blog/open-source/android-40s-five-best-new-features-for-users/9781

QUOTE:  Android 4.0, Ice Cream Sandwich (ICS), is perhaps the most important Android release to date. With this release, Google has brought its tablet Android fork, 3.x, back into sync with its smartphone trunk, 2.x. In addition, all of ICS will soon, as I understand it, be made open source.  What that means for you is that independent software vendors (ISV)s can stop wasting time in developing two different versions of programs and focus their energies on making the best possible Android applications. Since, at the end of the day, the success of any operating system is all about its applications, this bodes well for Android.  Key categories of improvement include:

1) Better, more universal, interface 2) Better applications. 3) Speech transcription. 4) Better and faster Web browsing 5) Data use monitoring

Put it all together and what do you get? I think you get not just the best Android ever, I think you get the best mobile operating system of them all to date.