VirusTotal goal is simple: to help keep you safe on the web. And we’ve worked hard to ensure that the services we offer continually improve. But as a small, resource-constrained company, that can sometimes be challenging. So we’re delighted that Google, a long-time partner, has acquired VirusTotal. This is great news for you, and bad news for malware generators, because:
- The quality and power of our malware research tools will keep improving, most likely faster; and
- Google’s infrastructure will ensure that our tools are always ready, right when you need them.
VirusTotal will continue to operate independently, maintaining our partnerships with other antivirus companies and security experts. This is an exciting step forward. Google has a long track record working to keep people safe online and we look forward to fighting the good fight together with them.
Source: VirusTotal Blog
Hello All, On 30 Aug, an out-of-band patch was released by Oracle , which among other things incorporated fixes for the issues exploited by the recent Java SE 7 attack code (ClassFinder / MethodFinder bugs). One of the fixes incorporated in the released update also addressed the exploitation vector with the use of the sun.awt.SunToolkit class. Removing getField and getMethod methods from the implementation of the aforementioned class caused all of our full sandbox bypass Proof of Concept codes  not to work any more (please note, that not all security issues that were reported in Apr 2012 got addressed by the recent Java update). Today we sent a security vulnerability report along with a Proof of Concept code to Oracle. The code successfully demonstrates a complete JVM sandbox bypass in the environment of a latest Java SE software (version 7 Update 7 released on Aug 30, 2012). The reason for it is a new security issue discovered, that made exploitation of some of our not yet addressed bugs possible to exploit again. Thank you. Best Regards, Adam Gowdiak --------------------------------------------- Security Explorations http://www.security-explorations.com "We bring security research to the new level" --------------------------------------------- References:  Oracle Security Alert for CVE-2012-4681 http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html  SE-2012-01 Proof of Concept Codes (technical information) http://www.security-explorations.com/en/SE-2012-01-poc.html
The latest buzz on security and vulnerability these past few days revolves around Java, a software development platform originally created by Sun Microsystems and now owned by Oracle. Websites often run Java programs in them, normally as applets (.jar), in order to “provide interactive features to web applications that cannot be provided by HTML alone”. Initial reports reveal that the exploit used to take advantage of the vulnerability found in Java 7—version 1.7, updates 0 to 6—is an applet called applet.jar (Note that names of malicious files can change in the future).
Our friends at FireEye first uncovered the new 0-day Java Runtime Environment (JRE) vulnerability being exploited in the wild. It is leveraged by online criminals to perform targeted attacks, regardless of the Internet browser used or how updated it is. “The number of these attacks has been relatively low, but it is likely to increase due to the fact that this is a fast and reliable exploit that can be used in drive-by attacks and all kinds of links in emails.” said Andre’ M. DiMino and Mila Parkour of DeepEnd Research in their blog entry. An official patch from Oracle is yet to be released; however, our friends at DeepEnd are distributing a temporary fix, courtesy of Michael Schier, to system administrators only and by request. The said patch allows the execution of the exploit but stops the payload.
Once the vulnerability is successfully exploited, a binary is dropped on the compromised system. Based on initial reports, the binary is hi.exe (MD5: 4a55bf1448262bf71707eef7fc168f7d), whichGFI VIPRE Antivirus already detects as Trojan.Win32.Generic!BT.
Although earlier releases of Java do not have the said JRE vulnerability, security researchers advised against downgrading to versions 1.6 and below as flaws inherent to those versions can still affect users. Instead, users are advised to disable Java on their browser for the time being until an official patch is made available. It is expected in October based on their triannual Java patch release schedule.
Companies looking to provide the best defenses for their email users have a number of choices available out there. While many admins will prefer to implement a solution within their own datacenter, others are finding that hosted email security solutions are a great way to go. If you are looking to reduce your hardware sprawl and take advantage of the power of the cloud, a hosted email security solution may be just what you are looking for. If you are trying to decide if it’s right for you, here are seven reasons why it could be the email security solution that best suits your company needs:
1. Effective Protection
Hosted email security providers focus on one thing; email. They have the processing power to run multiple engines for filtering spam and malware without slowing down the data flow or skipping over anything. The volume of messages they process enables them to quickly identify new spam campaigns and protect their customers from the latest phishing campaigns.
2. Bandwidth Savings
If you look closely at how much bandwidth you use on processing mail and compare it to how much legitimate mail gets to your users’ inboxes, you may be amazed by just how much of your limited bandwidth is used up moving spam. Hosted email security filters out all the junk before it ever hits your network, saving tons of bandwidth for more important things.
3. Lower Your Costs
Hosted email security is a very cost effective way to protect your users. Many services offer varying payment terms, keeping your costs low and letting you pay only for what you need.
4. Better defense against attacks
Hosted email security providers have the bandwidth and capacity to handle even the largest spikes in volume from the latest bot-net attacks that could take smaller networks down from the sheer volume of spam. With a hosted email security system in place, your network won’t even notice the spam storms that can strike without warning.
5. Extend the useful life of your existing systems
What could you do if each of your mail servers was suddenly twice as powerful as it is now? Could you handle more or your current users with fewer servers? Hosted email security breathes new life into your server by greatly reducing their workload. It’s like an instant hardware upgrade.
6. Added Fault Tolerance
Hosted email security providers have redundant Internet connections, datacenters, and servers, but that’s not the only fault tolerance they provide. If your servers or Internet circuit is down, they can store mail for delivery to you once your system is back online, and some even offer a web portal your users can access to send and receive email, even when your systems are offline.
Archiving is becoming a major requirement for many companies, either from a compliance requirement or just to preserve intellectual property. Hosted email security solutions already process all your email, so it is a natural fit to add email archiving into the service offering.
So if you are planning to add email filtering to your messaging system, consider these seven reasons to go for a hosted email security solution and see whether it better fits your company budget and needs..
This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the benefits of using hosted email security.
All product and company names herein may be trademarks of their respective owners.
About this project:
This project was registered on SourceForge.net on Jun 28, 2011, and is described by the project team as follows:
CloseTheDoor indentifies all the listening ports TCP/UDP over IPv4/v6 and the associated program files. This will help you to detect security holes and close backdoors when you want to prevent remote attacks.
- Enumerate all listening ports for IPv4/IPv6
- Gather informations about the listening ports
- Ability to disable potentially dangerous ports
Spam may not be the headline-grabbing topic it once was, but as our research friends in the GFI Labs continue to point out, spam and phishing attacks are still a preferred tactic of cybercriminals.
To get a better sense of how businesses are coping with spam, we conducted a survey this month of 200 US and 200 UK IT decision makers at businesses with between five and 1,000 employees. While we assumed businesses continue to struggle with spam, we were surprised to learn how many businesses are not taking advantage of the latest technology available to them to combat these threats and better defend their networks.
An overwhelming majority of survey respondents—72% in the US and 75% in the UK—state they receive too much spam. Not a terribly surprising stat, but when asked about the volume of spam they were dealing with over the last year, more than 80% of respondents in both regions reported no decrease in the amount of spam plaguing their networks. In fact, 53% of US respondents and 61% of UK respondents report that spam volumes actually increased during the last year. Only about 15% of respondents saw a decrease in spam.
Seeing those numbers, it’s no surprise that 70% of respondents rate their anti-spam solution as either marginally effective or not effective at all. So what solutions are these businesses using to defend their networks? Here’s a breakdown:
|Rely on anti-spam capabilities of an antivirus suite|
|Rely on an anti-spam software solution|
|Rely on a cloud-based solution|
|Rely on an anti-spam gateway appliance|
|Do not use an anti-spam solution|
There are some interesting findings revealed here.
First, while the heavy reliance on the anti-spam capabilities of an antivirus security suite is nearly identical in both regions, it is not among the smallest businesses where that is most prevalent. The highest percentage of businesses (about 65%) in the US and UK saying they rely on their antivirus suite for spam protection was among businesses with 50 – 99 employees. It was not among businesses with fewer than 50 employees, where one would expect less robust IT security awareness and expertise.
Second, it appears that US businesses have been quicker than their UK counterparts to adopt cloud-based solutions to battle spam and phishing attacks before they reach their network. More than 14% of US businesses are already using a cloud-based solution to combat spam compared to only 8% of businesses in the UK.
GFI Software is a strong proponent of a multi-layered approach to mail security. A comprehensive anti-spam solution incorporates a combination of defenses located on premise and in the cloud, which GFI Software provides through its GFI MailEssentials™, GFI MailSecurity™and GFI MailEssentials Complete Online™ product offerings. GFI MailEssentials Complete Online is the latest addition to GFI Software’s mail defense suite. This cloud-based service delivers fast, accurate response against inbound and outbound spam attacks and full defense against viruses, Trojans, spyware, worms, bots, rootkits, zero-hour exploits and other threats.
Businesses Know The Dangers of Spam
When asked about their top concerns about spam, security clearly topped the list. In the US, 29% of respondents say their top concern was malicious links and files often harbored in spam, while 22% cite how spam leaves their company and employees vulnerable to phishing attacks. In the UK, 23% and 22% of respondents cite malicious links and files, and potential phishing attacks, respectively, as their top concerns. Additionally, 20% of UK IT decision makers say spam’s impact on the responsiveness of their mail servers was their top concern.
Finally, nearly 90% of all respondents in both regions say they regularly educate employees about the risks of opening spam that arrives in their inbox. But are they doing enough? 40% of businesses in the UK and 44% of businesses in the US say their networks have been compromised as a result of employees opening malicious links or by responding to information requests contained within spam. Until businesses take full advantage of the latest technologies available to them to better block spam, they’re going to have to rely heavily on a well-educated employee base. We can probably all agree that is not enough.
How do you combat spam? Do any of these findings surprise you?
Here’s our infographic visualizing the survey’s US data:
The independent blind survey of 200 US and 200 UK IT decision makers organizations with between five and 1,000 employees was conducted by Opinion Matters on behalf of GFI Software. Download the full survey results.
By Jarred LeFebvre @ www.gfi.com/blog/
How safe is your PC really?
To put it succinctly: Why signature-based security software is not enough
Normal security software recognizes Malware using Signatures, a type of digital fingerprint. What is problem with this? No fingerprint means no recognition. This means that the Malware must first be known to the manufacturer of the security software before it is possible to create a fingerprint allowing it to be recognized. The fingerprint database on your PC is then updated online on a daily basis. Only then can the Malware be recognized.
You are probably now thinking: “What about new Malware that manufacturer of the security software has never seen? They have no way of making a fingerprint of this…”. Exactly!
This is where the behavior-based Malware defense of Mamutu comes into play. It does not use a fingerprint to recognize dangerous software but rather on the basis of the behavior of the software. This allows Mamutu to recognize new Malware long before the signature databases have been updated. These types of Malware attacks are known as Zero-Day attacks. In addition to this, behavior-based Malware recognition is the only efficient way of recognizing Malware that has been built for a single specific attack, e.g. for industrial espionage.
Mamutu – Protects against completely new pests in seconds!
The Mamutu Background Guard is clever. It recognizes and blocks all potentially dangerous programs before they can cause any damage. The new Malware Intrusion Detection System (Malware-IDS) is unique worldwide and immediately warns you when a program attempts to perform a potentially dangerous or suspicious operation.
Suggested reading: Signature recognition or behavioral analysis – Which is better?
The advantages to you:
New behavior-based protection technology
Mamutu permanently monitors all active programs on your PC. As soon as suspicious behavior of a process is detected you receive a warning message and can react accordingly. Block Malware before it can cause any damage, by using the unique Emsisoft behavior analysis technology that has been tried and tested for years.
The Malware-IDS in detail
Lower resource consumption
Mamutu has been conceived to require the smallest possible amount of your computer power. This makes it ideal for users who require high computing performance, e.g. graphics or video applications and especially games.
Quarantine in case of emergency
Always place a suspicious program in quarantine before finally deleting it. Suspicious behavior can also be exhibited by usually benign applications. Mamutu helps you to decide what do do with a suspicious program.
Stay protected – it is easier than you think
Regardless of whether you are a computer expert or a beginner, you will quickly come to grips with Mamutu. You do not have to be a specialist to free yourself from Malware.
The perfect security enhancement
Mamutu recognizes and reports the following types of behavior:
- Backdoor related behavior
- Spyware related behavior
- HiJacker related behavior
- Worm related behavior
- Dialer related behavior
- Keylogger related behavior
- Trojan Downloader related behavior
- Injection of code into other programs
- Manipulation of programs (patching)
- Invisible installations of software
- Invisible Rootkit processes
- Installation of services and drivers
- Creation of Autostart entries
- Manipulation of the Hosts file
- Changes of the browser settings
- Installation of debuggers on the system
- Simulated mouse and keyboard activity
- Direct disk sector access on harddisk
- Changes of the system group policies [NEW!]
Full control over internal system activities
You can now decide for yourself what programs are allowed to start on your PC and what actions may be performed. Detailed application rules are now available, allowing you to individually specify the permitted behavior of every application:
- Monitor application, but allow specific activities
Select this option to always allow particular specific behavior of a program. In certain situations a benign program can contain a function that is very similar to a damaging function and is thus reported. If you are sure that this action is actually not dangerous then you can allow it. All other types of dangerous behavior are still reported.
- Always block this application
Select this option to permanently block a particular program. You can also use this feature to provide child protection by preventing other PC users from starting a particular application.
- Exclude from protection
Select this option to completely exclude an application from the monitoring process. Use this when you always trust an application and are sure that it does not execute any damaging actions.
Bonus feature: Application protection
You can use the application rules to protect specific programs from third-party manipulation. For example, this feature is used to prevent Mamutu from being terminated by Malware in order to disable the protection. You can also make use of this feature. You can protect your Browser and other important programs from being illegally terminated.
The program is available for $27.00 (1-year subscription), but it will be free for a limited-time offer by giveawayoftheday.com.
In today’s business world, internet usage has become a necessity for doing business. Unfortunately, a company’s use of the internet comes with considerable risk to its network and business information.
Web security threats include phishing attacks, malware, scareware, rootkits, keyloggers, viruses and spam. While many attacks occur when information is downloaded from a website, others are now possible through drive-by attacks where simply visiting a website can infect a computer. These attacks usually result in data and information leakage, loss in productivity, loss of network bandwidth and, depending on the circumstances, even liability issues for the company. In addition to all this, cleanup from malware and other types of attacks on a company’s network are usually costly from both the dollar aspect as well as the time spent recovering from these web security threats.
Fortunately, there are steps a company can take to protect itself from these web security threats. Some are more effective than others, but the following suggestions should help narrow down the choices.
Employee internet usage policy
The first and probably the least expensive solution would be to develop and implement an employee internet usage policy. This policy should clearly define what an employee can and cannot do when using the internet. It should also address personal usage of the internet on the business computer. The policy should identify the type of websites that can be accessed by the employee for business purposes and what, if any, type of material can be downloaded from the internet. Always make sure the information contained in the policy fits your unique business needs and environment.
Train your employees to recognize web security threats and how to lower the risk of infection. In today’s business environment, laptops, smartphones, iPads, and other similar devices are not only used for business purposes, but also for personal and home use. When devices are used at home, the risk of an infection on that device is high and malware could easily be transferred to the business network. This is why employee education is so important.
Good patch management practices should also be in place and implemented using a clearly-defined patch management policy. Operating systems and applications, including browsers, should be updated regularly with the latest available security patches. The browser, whether a mobile version used on a smartphone or a full version used on a computer, is a primary vector for malware attacks and merits particular attention. Using the latest version of a browser is a must as known vulnerabilities would have been addressed
Internet monitoring software
Lastly, I would mention the use of internet monitoring software. Internet monitoring software should be able to protect the network against malware, scareware, viruses, phishing attacks and other malicious software. A robust internet monitoring software solution will help to enforce your company’s internet usage policy by blocking connections to unacceptable websites, by monitoring downloads, and by monitoring encrypted web traffic going into and out of the network.
There is no single method that can guarantee 100% web security protection, however a well thought-out strategy is one huge step towards minimizing risk that the network could be targeted by the bad guys.
This guest post was provided by Sean McCreary on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI web security software.
All product and company names herein may be trademarks of their respective owners.
In the past hour a new application has begun spreading on Facebook which has found an exploit in the existing sharing system. Whatever you do, don’t click the link described below.
The system is pretty straight forward. It suggests that you click “VERIFY MY ACCOUNT” within a link which ultimately results in the user posting the same message to all their friends’ walls. The message typically resembles the following one:
In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process…
The result is that thousands of users have seen the message spreading to their profiles in the past hour or so. Our guess is that this message could reach hundreds of thousands of users before it’s shut down (unless Facebook’s security team is up right now). The bottom line is this: don’t click any of the links resembling the ones pictured below. Have you seen this spreading on your profile?
With a high percentage of emails directed at your inbox being spam, a good anti-spam filter is an absolutely vital piece of your email infrastructure. Knowing what to look for can help make the difference between a well-tuned email system, and a crawling mess of spam messages using up storage space and wasting users’ time. Before you go out and install the first anti-spam filter you find, here are some of the key things to consider.
Cloud-based or on-premise
There are hosted anti-spam filtering solutions that offer greater economies of scale, making them more affordable than in-house solutions. These can combine anti-spam with anti-malware, and filter out spam and other nasty stuff before it uses up your bandwidth or impacts your server’s storage and performance. The only downsides are that they represent a subscription service with monthly costs, and as an outsourced solution, some admins miss having the on-site control.
On-premise solutions are purchased (though they may have monthly or annual subscription costs for updates) so they can be capitalized, and by being in-house, the admins can have total control whenever they want.
Choose the solution that works best with your administrative style and costing strategy. If you choose an on-premise solution, make sure you select one that is server based, not client based. The administrative overhead of managing a server at your edge is much lower than trying to administer an agent installed on every client, and the licensing costs will likely be far less as well. Centralizing the anti-spam filter will make it easier to maintain, and will prevent spam messages from taking up space on users inboxes, and on your mailbox servers.
Spam detection methods
There are a variety of ways to detect and block spam. No single way is fully effective; you need a product that combines methods for a defense-in-depth approach. Bayesian filtering is a very effective way to detect spam, but it must be ‘trained’ to your environment. Whitelists need to be in place to minimize false positives that could block critical business communications. Keyword lists should also be an option for companies whose business might include words that others would consider spam. Other approaches include SMTP header analysis, blacklists, using SPF records to reduce spoofing, and reputation services. By combining the analysis of these multiple methods you ensure the maximum effectiveness of your anti-spam filter, while minimizing false positives.
Whitelisting business partners and customers, and checking the quarantine folder for blocked messages, can both become major tasks for the helpdesk. Look for anti-spam filter solutions that offer user self-service, both for adding senders to the whitelist, and for enabling users to release quarantined messages themselves, or by delivering spam to the user’s junk mail folder.
Today’s management is all about the metrics. Look for an anti-spam filter that includes robust reporting and that includes the ability to use this information in dashboards or for computing SLAs. Spam is one of those problems that no one notices as long as your anti-spam filter is doing a good job, but that becomes a major issue if a spam message slips through.
Remember, whether cloud-based or on-premise, a good anti-spam filter offers you defense in depth, economical licensing, reduces the administrative overhead, and supports users for routine tasks.
This guest post was provided by Ed Fisher on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI email archiving.
All product and company names herein may be trademarks of their respective owners.