Security experts are warning computer users to beware of malware attacks timed to coincide with April Fool’s Day, noting that the keepers of the Storm Trojan have already launched such attacks.

Source: SearchSecurity.com | Information Security Magazine

Researchers at Helsinki-based F-Secure Corp. said in the company blog that a new wave of April Fool’s Day-related Storm mails were spammed out late Monday with a link that points to an IP address. Subject lines carry such messages as “All Fools’ Day,” Doh! April Fool” and “Surprise! The joke’s on you.”

There appears to be no text in the messages, only the URL that, if clicked, downloads executable files with such names as “foolsday.exe” and “kickme.exe.” The files carry the Storm Trojan.

“Virus coverage is poor with the samples we’ve captured, but we’re working with the antivirus vendors to improve that,” Stephen Hall, a handler at the Bethesda, Md.-based SANS Internet Storm Center (ISC), said in a message on the SANS ISC blog.

In a follow-up message on the ISC site, handler Joel Esler reminded people to be aware of this and other April Fool’s tricks.

Controllers of the Storm botnet have a history of using holidays such as Valentine’s Day and news events such as a wave of storms that swept across Europe several months ago to dupe people into opening infected emails.

Meanwhile, victims falling pray to the Pushdo Trojan aren’t finding any love. Sunnyvale, Calif.-based network security vendor, Fortinet has been tracking the Pushdo, which continues to spread as a result of a successful eCard spam campaign. The eCard touts nude photographs, random female names and a fake link to relationship sites.

If the victim opens an attachment in the email, “Pushdo.EV cycles through various IP’s in an attempt to establish an HTTP session where it will download a rootkit component,” Fortinet said in its March threat report. The Pushdo botnet is growing larger and gaining in activity, according to Fortinet security research engineer Derek Manky.

Source: www.widespreadpr.com

Finjan Inc. reports that attackers infected at least 10,000 trusted web sites with malware last month using the Random.JS Trojan toolkit.  Random.JS is an exceptionally sneaky Trojan that infects the targeted machine and sends data from the machine back to the attackers controlling it via the Internet.  The information that is stolen includes documents, passwords, surfing habits and other forms of compromising information.

“Random.JS uses varying methods to remain undetected and keep spreading,” he said. “It is able to break antivirus signatures and store malware on legitimate sites.” The Random.JS toolkit is a piece of JavaScript code that morphs every time it is accessed, Ben-Itzhak said. As a result, it’s nearly impossible to detect with traditional signature-based anti-malware products.

The Random.JS attack is performed by dynamic embedding of scripts into a Web page, he said. It provides a random filename that can only be accessed once and is done in such a selective manner that when a user receives an infected page once, it will not be referenced again on further requests. This method prevents detection of the malware in later forensic analyses.

The list of attack toolkits includes MPack, NeoSploit, IcePack, WebAttacker, WebAttacker2 and MultiExploit, along with newer toolkits like Random.JS, vipcrypt, makemelaugh and dycrypt.

Security vendors warn of the rising use of attack toolkits in recent months.

Are your systems protected?  Let Digital Reach assess your network security strategy.

Experts are predicting the Storm Trojan’s reign will continue.

Antivirus companies, as well as security researchers and experts, have said the size of the botnet creatd by Storm is well into the millions of machines.  In fact, some estimates going as high as 50 million infected PCs.  However, despite all of the attention Storm has received, new research into its impact and reach shows that the number of active Storm bots operating at any one time is significantly less than one million…probably closer to 200K.

Symantec’s research on Storm - which is focused on the amount of spam messages that infected PCs send out -4,375 unique IP addresses were infected during the 24 hour reporting period.  The reporting period was a 24 hour period in August.  In September that number jumped to 6000 with only 25% overlapping from the previous month.

Microsoft added Storm to its Malicious Software Removal Tool, and cleaned Storm from more than 274,000 infected machines - eliminating about 20% of the malware’s DDoS capability in one day.

The economies of scale on the Internet can increase the power and reach of botnets even 1/10th the size of Storm.  Broadband connections and fast PCs mean that a malware author doesn’t necessarily need a botnet of millions to make money sending spam or selling processing power to attackers. In fact, huge networks can be a detriment to criminals looking to evade detection. No need to attract attention with a massive botnet when a much smaller one will do the job just fine.

Storm’s creator has modified and updated the software a number of times this year, and experts expect that to continue. At least for now, they say, there is no end in sight to Storm’s reign.

Are you protected? Let us help you decide. Review: Security Threats

Email Spammers launch DOS attacks against antispam sites

Antispam sites that help battle phishing scams and spam are now being targeted with DOS attacks ( Denial of Service ) by malware botnets operated by spammers according to antispam site SpamNation.

SpamNation believes that the denial of service attacks are being launched by the Zhelatin gang, a group that is thought to be behind the Storm Worm Botnet.  According to the SpamNation report, the botnet operators are selling denial of service attacks.

The power of the Storm botnet is thought to have surpassed that of all major supercomputers.  The rate at which the botnet is evolving is extremely unsettling, and one can only wonder what kind of sites will be targeted with DOS attacks as it continues to grow in size.

Data Security and Protection is just one of the solutions offered by Digital Reach, Inc. To learn more about Digital Reach’s IT Outsourcing Solutions, click here.

Richardson IT Support services. Richardson IT Outsourcing solutions.

This past month, spammers developed a new variation of the “pump-and-dump” stock spam campaign in which text, Excel, and PDF files containing a spam message were zipped and sent as attachments to email messages.  Spammers attempted to bypass text and image scanning engines in email security products by using compressed files that required the use of ZIP file utilities to decompress the attachment. 

Barracuda Central quickly detected various forms of the ZIP file spam campaign, many of which resembled the image spam attacks introduced in 2006.  Utilizing the Barracuda Spam Firewall’s sophisticated spam scoring engine, reputation technology and fingerprint analysis to detect known spam techniques within the message and its attachments, the message is given a score and acted on accordingly.  Using these techniques, along with enhancements to Barracuda Networks Optical Character Recognition (OCR) technology, the Barracuda Spam Firewall effectively blocked ZIP files containing spam content.  To view samples from this ZIP file spam campaign, visit: http://www.barracuda.com/trends/zipspam.

Just as Barracuda Networks was the first major appliance vendor to introduce OCR technology in 2006 and PDF spam filtering techniques earlier this summer, the Barracuda Spam Firewall was the first to utilize a comprehensive scanning approach to successfully block this latest “pump-and-dump” stock spam campaign.

To find out more about how our clients are protected, click here.

Forrester Research recently reported that the majority, as high as 85 percent, of security breaches involve internal employees.  These include inadvertent employee error, laptop theft, contractor unauthorized access, disgruntled employees and password mismanagement.  These factors can have a drastic impact on revenue, liability, productivity and brand.

What are these threats and how can you avoid them?

Phishing

Phishing is an email that “looks” like the real thing but is far from it.  It is a means to gather trust from the receiver in hopes of collecting sensitive login information, banking account numbers, credit card numbers, and a host of other personal information including phone numbers, SSN numbers and addresses.

“These days a phishing attack is almost indistinguishable from the real thing,” says Paul Stamp of Forrester Research.

Employees mistakenly disclose confidential information including passwords and financial data to the attackers.  These internal employees are essentially opening a company up to criminal activity.

Laptop Theft

Leaving your laptop at the coffee shop, airport, hotel or restaurant can have greater consequences than merely being an inconvenience. The loss of a computer or data-storage device made up 54% of all identity theft-related data breaches in 2006 according to Symantec.

The theft can minimized should it occur.  Companies should require employees to protect their laptops with a startup password.  Also, deleting old emails, text messages and unwanted files should be put into practice.  It is also a good idea to make use of the device’s built-in encryption capabilities and password protection features.

Disgruntled Ex-Employees

Research has revealed that it can take up to 4 months to remove user rights of a former employee. Many IT administrators are simply too time-strapped to actively update users access and privileges. This delay can seriously endanger the security of mission-critical applications.

Digital Reach offers solutions that automate policy enforcement and delegate administration for user provisioning.  This helps maintain security levels while managing large numbers of users.

Missing Security Patches

Many IT administrators are simply too overburdened to ensure that they have the latest updates and patches in place for their systems.  As a result, viruses succeed in penetrating their IT environment.  If you are not up to date with the latest anti-virus detections, you  are clearly at risk for some of the latest threats.

Patch management solutions from Digital Reach can greatly ease the burden on today’s administrators.  These solutions automates system discovery, patch assessment, and patch installation on both workstations and servers.

Data Leakage

Joke emails, web link forwards, photos of friends and family not only hurt a companies productivity but can also serve to leak sensitive data.  Data leakage is primarily the result of malicious employee activities or more common, non-malicious employee error. The most innocent of correspondences can result in trouble. Example: an email message sent to a co-worker can offend leading to legal liability.

Installing strict usage policies can prohibit employees from sending sensitive information via insecure email.

Destructive viruses, such as the LoveLetter virus, are being distributed worldwide via email and can cripple an email server in seconds. They attach and attack through users email systems and infect your users through harmful attachments.  But, did you know that some viruses are transmitted through non-attachment methods and without user intervention?  It is important for network administrators to make sure all user systems are updated and current with the latest virus protection software and version number.  These updates can be as often as two to three times per day.  This can task an IT department well beyond their capacity to support your infrastructure.

Digital Reach can test your machines remotely to detect whether your users email system is safeguarded against a number of email-borne threats.  From there, we can update your users machines with the latest software releases and patches to help protect your network.  Working seemlessly with your IT department, we can develop a strategy for proactive software maintenance and efficiency.

With Digital Reach’s remote computer support solutions you can rest easy in knowing that your systems are safe, secure, compliant and backed up.  That’s one less thing on your plate!