Twilight

Our friends at Avast have unearthed a recent attack on the author’s website not so long ago: www.stepheniemeyer.com had been hosting Crimepack, an exploit kit that takes advantage of known vulnerabilities of various Web browsers and the Windows OS to install malware. Brian Krebs of KrebsOnSecurity.com took a closer look at this particular exploit pack back in 2010, and it is indeed a nasty one. Not only is it capable of targeting holes of software installed on your system, it also “lets customers [buyers of this Crimepack exploit kit] test various Web reputation services to discover whether any include their exploit sites.” Computers successfully exploited by the Crimepack exploit kit are eventually turned into zombies, which online criminals use to do malicious tasks, such as spamming and launching denial of service (DoS) attacks.

www.stepheniemeyer.com is now free from malicious codes.

Once again, we implore our readers to make it a point to regularly update their operating system and security software.

Stay safe!

Jovi Umawing

Click to Enlarge

As with many of the malicious spam campaigns doing the rounds at the moment, this one will use the Blackhole exploit kit to serve up zbot from multiple compromised domains. Worse, a Sakura kit (typical example here) will download Sirefef / ZeroAccess , which as we’ve seen elsewhere is not a good thing to have on your system.

One of the more unpleasant spam campaigns we’ve seen recently.

Christopher Boyd (Thanks Robert, Matthew)

“Each Party shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors, performers or producers of phonograms in connection with exercise of their rights in and that restrict acts in respect of, their works, performances and phonograms, which are not authorized by the authors, the performers or the producers of phonograms concerned or permitted by law”.

 

Do you recognize it? If you’ve been following the recent ACTA (Anti-Counterfeiting Trade Agreement) news, and went through the agreement, you’d know that this is taken from Section 5, article 27, paragraph 5. So how does this concern you?

At a first glance, this paragraph seems to be targeted at the music industry, however the proposed agreement does not define “authors” anywhere in the document. An individual who writes software is an author, and I am therefore concerned that this might also apply to us who work in security – and if this is the case, it can actually cause a lot of problems. If the clause does exclude legal usage, meaning that reverse engineering malware – which is using obfuscation techniques might not in itself be illegal – can the same be said for the tools we depend on to do our job?

Point six states that any tool designed for the purpose of circumventing an effective technological measure, or has only a limited commercial significant purpose other than circumventing an effective technological measure, should be deemed illegal. This also appears to cover disassemblers and other similar analytical tools that are essential for the reverse engineering of malware.

I may be wrong, but if this is the case, I believe it will also be a threat for free software because if reverse engineering, or the software that is required to perform it, is deemed illegal, it would be impossible for free software to allow interoperability. Even worse, without reverse engineering we cannot have antivirus definitions and no Intrusion systems detection rules, as these also depend on malware analysis.

Since this is a treaty, and each country has to enact legislation to comply with the treaty, it is extremely hard to get clear-cut answers. Reverse engineering and disassembling have long been a big issue for developers. Console manufactures have a strong interest in ensuring that any Anti-Circumvention law will apply to consoles as well. All this adds to my concern that the treaty may have negative repercussions on the security industry and those who work in it.

I would like to hear the perspective of admins and other IT professionals who might be affected by the terms of the treaty. What are your views on the subject? Are you worried or do you think any legislation is unlikely to have an impact on your work?

I think you know where this is going. Martin had the idea to add the VIPRE logo to some of the planes, and the owners agreed. The planes include a Cessna 152 and two Cessna 172 planes – one of them happens to be a famous Reims Rocket, the “most powerful version of the 172 ever built”.

The shots below are of the Cessna 172, who had her first flight sporting the VIPRE logo on February 14th. We’re informed we’ll be seeing some in-flight shots soon and we’ll happily post them up when we get them. Huge thanks to Martin and team – this is fantastic.

Click to Enlarge

Click to Enlarge

Click to Enlarge

Click to Enlarge

Click to Enlarge

Click to Enlarge

Christopher Boyd (Thanks Martin!)

The talks are generally around 30 minutes long, and the registration page can be found here. The presentation takes place on Tuesday, February 21, 2012 11:00 AM – 11:30 AM EST – hope you can join us!

Christopher Boyd

In this day and age when almost every site on the Internet is interested in “getting to know more about you”, I reckon our privacy-conscious readers might take delight on this one.

DNT+ a free application you can download and install on your Internet browser (IE, Firefox, Chrome, Safari, etc.). Once installed, DNT+ automatically prevents tracking cookies of social networking sites, advertising networks, and companies that collect data (such as Google) from getting and sharing data about you when you visit websites. Abine, Inc., makers of DNT+, explains this mechanics better in the video clip below:

Of course, there is always the option of unblocking such trackers, and it can be done with ease, as well. Below is a clip explaining how DNT+ works:

Let me throw in here a few screenshots of the privacy tool in action to further help you make an informed choice on whether you’d like to have this inside your computer or not:

click to enlarge

DNT+ can be downloaded here.

Additional source: Introducing DNT+: Keep your personal information personal in 2012

Jovi Umawing (hat tip: Help Net Security)

What many people outside the retail industry don’t realise, however, is that the lovers’ feast can actually be a big drain on productivity and a security threat at the workplace. Below are five things you should look out for tomorrow when love goes to most of your employees’ heads.

1. Social media

The first, and most obvious, time waster is social media. Employees are guaranteed to be on the look-out for messages from people they like or love, and the slightly more nosy ones will be spending an entire day stalking their exes or taking note of which couples profess their love for each other publicly on Valentine’s Day.

2. Chatting

The more cautious employees will not display their love publicly because it would give them away to their colleagues and bosses, however they might still spend the day chatting away with their better half on Google chat, Facebook chat, or any other type of IM. Valentine’s Day is also a special day for chat portals – those tend to slip between most network admins’ fingers.

3. Shopping for gifts

Oops, forgot to buy your other half a gift? Why not look for something while at the office? Shopping for gifts online is practical and easy. And if your employee is looking for a racy gift, it saves them the embarrassment of choosing it in public. But, apart from the waste of time, does this open your business up to any additional risks?

4. Planning the night

A number of individuals will spend the day “researching  new ideas” for that special night. Again, this is not only a big waste of time, but can also have legal and security implications on your business, because it is very easy for employees to land on pornographic and malware-ridden sites when they are searching around the darker underworld of the Internet.

5. Security

On a day like Valentine’s Day, it is much easier for people to fall for phishing scams and unwanted malware downloads. Scammers will play on people’s desires to feel loved and special. As a result there is a much higher chance of them clicking on malicious content when they receive an email with an attachment purporting to be a card from someone anonymous.

So before thinking of your own loved one, it might be wise to consider plugging any holes you might have in your company’s productivity and security solutions. Using advanced web filtering and monitoring software will help put your mind at ease by protecting you from time wasters and cyber-criminals. The latest programs allow you to manage the amount of time users can browse non-work-related websites, block chat clients and protect you from phishing and malware downloads.

Click to Enlarge

As with the previous spam attacks (Starbucks gift cards and free plane tickets), the Tumblr post pretends to be a “Tumblr Staff Blog” and claims freebies await those who would click the link. The end-user is taken to a site asking for offer sign ups and referral schemes galore, just like last time.

Click to Enlarge

“Two reward offers from each of the silver and gold page options and nine reward offers from the platinum reward page and refer three friends to do the same.”

We can see from the Bit.l y stat page that there’s been 152 clicks on the above link so far, so it looks like we’ve probably caught this one early.

Do yourself a favour and steer clear. Boxes of chocolates, badly performed serenades and a sickeningly cute teddy bear are all more likely to win the heart of your loved one than ten ringtone signups and a Justin Bieber quiz.

Christopher Boyd

• Centralizes and simplifies management via a UI built for business users
• Utilizes multiple detection technologies to find and remediate malware
• Minimally impacts system performance with low resource usage.

So ask yourself this: “While you may be ‘comfortable’ with your current antivirus solution, is it truly the best fit for your security needs?” If you know it’s not, or if you aren’t sure, you need to attend the February 14 VIPRE webcast at 11 a.m. ET. In less than 30 minutes, VIPRE Sales Engineer Kyle Wallace will demo the product, VIPRE security experts will answer your questions and you’ll learn why this business antivirus is the right choice for your organization.

Top-rated VIPRE features and benefits include:

• Automatic removal of incompatible software
• Easy-to-use UI with centralized management
• Low memory and CPU resource usage
• Auto-configuration of the Windows Firewall
• No additional training requirements
• Tech support via chat, phone or email

Don’t wait – this VIPRE webcast will fill up fast! Register today to guarantee your spot.

To quote Senior Threat Researcher Christopher Boyd: “While cybercriminals are not picky about their choice of victims, their choice of tactics is anything but haphazard.”

You can read more about the January VIPRE Report, Cybercriminals Cast a Wide Net in January, Targeting a Broad Range of Victims, here.

Jovi Umawing