What does 2009 hold in store for malware?

crystal-ballThis time of year brings with it, the inevitable predictions as to what 2009 may hold in store for us. The predictions game is notoriously difficult and prone to the inevitable public gaffes.  My new colleagues at MessageLabs have provided their view as to things to watch out for in 2009, with respect to malware. They reveal some of the new tricks and dangers we need to look out for next year.  The new and really pernicious stuff is web related and focused. IT Pro provide a nice summary of the top-5 things to watch out for, courtesy of MessageLabs.

December 23, 2008 | Filed Under Security | Leave a Comment 

Schooling the next generation of hackers??

hacker3I read with interest the initiative from the International Correspondence School (ICS) to teach students how to become professional computer ‘Ethical’ hackers in the New Year. The security industry has talked about and differentiated between ethical hackers, sometimes known as ‘white hats’ and then the, so called ‘black hats’.  I would like to view the provision of a course, such as this, in a positive light.  I would like to think it will provide professional training for individuals whose work will hopefully, help combat the illegal activities of the many malicious criminal hackers working online often for financial gain.  By  thoroughly understanding the methods they use, graduates will be well placed to prevent cybercrime at the source. It will allow them to better protect themselves, and he applications they go onto develop, from the mainstream or ‘typical’ attacks and pitfalls. As such, it will help make life that bit more difficult for the hacking community. I’m also pleased to see that the school is operating strict rules  about who can apply to the course to ensure they’re not using their skills for criminal gain. From our own research, we’ve seen the underground economy rapidly evolving and developing so there’s always the need for more trained individuals who are operating on the right side of the law, often alongside Internet security companies to work towards a common goal of cyber crime prevention.

December 19, 2008 | Filed Under Security | Leave a Comment 

IE Exploit – headline news

I have a  slide, that I like to use when describing the threat landscape. It contains only the picture of a TV News presenter. The point I make is that news of new viruses and malware used to make the nightly headline news. But times have changed and we no longer see malware making this sort of high-profile news. Wrong! I woke this morning to watch the news, there in front of my eyes was a TV presenter, describing the threat coming from the latest vulnerability in IE.    

It clearly has caught the attention of many people across the world.  The vulnerability was only discovered last week, coming too late to be accommodated within the Microsoft, December patch update cycle.  What really was noteworthy, was the speed with which the vulnerability was then exploited . We noticed and detected this early, but by the end of last week and through the weekend you could see the prevalence of exploits using this vulnerability. It is still out there and being exploited, but with security vendors having released signatures this should start to mark the beginning of the end.

Microsoft themselves are planning that a patch will be issued later today. This is the second time in as many months, that they have had to issue and emergency, or as it is called, an out-of-band update. It is once again, a very public embarrassment for them. This year has been the year of the browser. We have seen new releases and new entrants (Google Chrome). We have seen all the browsers improve upon their security features and all of them come up short in some way with vulnerabilities and exploits. We are seeing security vendors, such as Symantec, continuing to develop and invest in additional browser protection techniques to help shield browsers from attacks. I think we are signing off 2008, with a view, as to what may well be the drumbeat accompaniment of 2009.  Now, I really must go and change the PowerPoint slide…..

December 17, 2008 | Filed Under Identity theft, Security | Leave a Comment 

The trouble with patching

I read with interest the survey released by Secunia pointing out that less than 2% of PCs are fully patched. Malware has evolved and most of the exploits we now see are focused on attacking applications. Given the number of applications that are used day to day, attacking here gives the hackers a much bigger attack vector for them to exploit.  Therein is the issue for us, as users. It is important, imperative even, for us to be using the latest, most up to date versions of our applications to mitigate any potential risk or exposure.

What a survey, such as this, underlines is that it is easier said than done. Secunia provides vulnerability scanning that will allow you to scan your PC and understand if you have the most current versions of your applications. If not, then you will be directed to go and get them. This can be a  laborious task, requiring you to move from vendor to vendor site, downloading and installing software.

It brings to the fore, once again, discussions about the forced updating of applications or coordinated updates. Well, I don’t see much consensus or agreement on this any time soon.  Generic detection, both at the application and networking level, can help protect users and avoid them having to necessarily update their software. That being said, it is a stop-gap. The good news is that we are seeing that security vendors and investing more time and effort to implement techniques such as this.

ZDnet covered the Secunia survey. In their post they then outlined ten free security utilities you could use. All of them came from  ten different vendors and that struck me as strange, if not misguided. If the point of the article was to point out the issues with patching software, where is the sense in breaking down security into 10 components, from separate vendors, which will then require 10 different lots of patching to keep them up to date. Physician heal thyself?

December 8, 2008 | Filed Under Security | Leave a Comment