Internet attackers looking for ways to compromise a growing number of computers have brought back SQL Injection.  Researchers are noticing a growing number of websites that have been compromised by a mass SQL Injection that take advantage of weak website apps and then use those sites as a launch pad to infect their website visitors with malware.  The concern is that there are a number of sites on the web that are vulnerable to an attack of this nature.  The attackers can access easily and quickly find new targets to attack.

The Asprox Trojan is an example of this SQL Injection.  Researchers have observed it being distributed by a spam botnet.  This trojan is related to a password-stealing trojan known as Danmec. The infected PC will download a binary that searches Google for websites that contain specific search terms and launch a SQL Injection attack on those sites.

Read more here: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1314697,00.html

Protect your companies computers with Digital Reach Managed Services. 

InternetNews.com, Sean Michael Kerner - This positive article on the aftermath of the XenSource acquisition noted the many ways in which Citrix is working to advance the Xen open-source project. Simon Crosby, Citrix chief technology officer, stated, “We’re absolutely committed to the Xen project and there are no plans to change that.” Crosby also indicated the open-source development methodology has been internalized at Citrix. InternetNews.com also noted the integration of Xen branding into the Citrix corporate brand, including the renaming of Citrix Presentation Server as Citrix XenApp.

How to determine if I have the Storm Worm?
How to determine if my email is infected with the Storm Worm? 

The Storm Worm ( a botnet of infected computers that feeds off unprotected users to strengthen its network ) may arrive in an email with one of the common subject lines listed below: ( see below that for a list of attachment filenames to avoid )

Original Source: Snopes.com

Email Subject Lines:

ATTN!
Spyware Alert!
Spyware Detected!
Trojan Alert!
Trojan Detected!
Virus Activity Detected!
Virus Alert!
Virus Detected!
Warning!
Worm Activity Detected!
230 dead as storm batters Europe.
A killer at 11, he’s free at 21 and…
British Muslims Genocide
Naked teens attack home director.
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
Russian missle shot down Chinese satellite
Russian missle shot down USA aircraft
Russian missle shot down USA satellite
Chinese missile shot down USA aircraft
Chinese missile shot down USA satellite
Sadam Hussein alive!
Sadam Hussein safe and sound!
Radical Muslim drinking enemies’ blood.
U.S. Southwest braces for another winter blast. More then 1000 people are dead.
Venezuelan leader: “Let’s the War beginning”.
Hugo Chavez dead.
President of Russia Putin dead.
Third World War just have started!.
The Supreme Court has been attacked by terrorists. Sen. Mark Dayton dead!.
The commander of a U.S. nuclear submarine lunch the rocket by mistake..
First Nuclear Act of Terrorism!.
So in Love
Happy World Religion Day!
Most Beautiful Girl
Someone at Last
I Believe
The Dance of Love
The Miracle of Love
All For You
Vacation Love
I am Complete
Wrapped Up
Moonlit Waterfall
A Little (sex) Card
A Special Kiss
Hugging My Pillow
Safe and Sound
You’re Soo kissable
A Romantic Place
Breakfast in Bed Coupon
For You
I Love You So
Want to Meet?
We Are Different
We Have Walked
You Asked Me Why

The attachment filename may be any of the following:

Full Clip.exe
Full Story.exe
Read More.exe
Video.exe
Full Video.exe
Full Text.exe
Flash Postcard.exe

Cisco has announced the “end-of-life” for Cisco PIX Security related products and has encouraged the migration to Cisco ASA 5500.  Businesses face a growing number of network security challenges due to many different dynamics in the industry.

The number and sophistication of attacks is increasing, with threats such as botnets and the exploitation of multiple vulnerabilities in many of today’s Web services, applications, and back-end systems. Increasing collaboration with business partners and customers requires more security at what was the Internet edge and new forms of secure remote access to critical business data. Many advanced technologies, such as unified communications and wireless, are being adopted as mission-critical infrastructure and require new forms of security to protect them. Finally, regulations pertaining to business governance and privacy are affecting businesses more than ever and forcing them to change their business practices and increase their overall level of information security.

On January 28, 2008, Cisco announced the end-of-sale and end-of life dates for Cisco PIX Security Appliances, software, accessories, and licenses. The last day for purchasing Cisco PIX Security Appliance platforms/bundles will be July 28, 2008 and the last day to purchase accessories and licenses will be January 27, 2009. It is important to note that Cisco will continue to support Cisco PIX Security Appliance customers through July 27, 2013.

Cisco PIX Security Appliance customers are encouraged to migrate to Cisco ASA 5500 Series Adaptive Security Appliances. In addition to providing the same robust firewall and IPsec VPN capabilities as Cisco PIX Security Appliances, the Cisco ASA 5500 Series offers significantly better performance and scalability, SSL VPN support, advanced Unified Communications (voice/video) security, and a modular design that allows you to add features such as intrusion prevention (IPS), antivirus, antispam, antiphishing, and URL filtering. Migration to the Cisco ASA 5500 Series is straightforward, because consistent management and monitoring interfaces allow you to take advantage of your knowledge and investment in Cisco PIX Security Appliances.

The Cisco ASA 5500 delivers many benefits, including the following:

• Assists businesses meet compliance and regulatory requirements like HIPAA, PCI and many more.
• Delivers secure mobility services to improve access to SSL VPN technologies.
• Overall cost to maintain one or more security services is lowered.
• Gives customeres the ability to take advantage of training and operational experience from Cisco PIX Security Appliances.
• Secures unified communications with end-to-end encrypted voice and video communication with greater capacity and scalability.

Why Migrate to Cisco ASA 5500? 

Better Performance. Stronger Security. Increased Scalability. Protection from application-layer threats.

Digital Reach PIX to ASA Migration Services

Finjan Inc. reports that attackers infected at least 10,000 trusted web sites with malware last month using the Random.JS Trojan toolkit.  Random.JS is an exceptionally sneaky Trojan that infects the targeted machine and sends data from the machine back to the attackers controlling it via the Internet.  The information that is stolen includes documents, passwords, surfing habits and other forms of compromising information.

“Random.JS uses varying methods to remain undetected and keep spreading,” he said. “It is able to break antivirus signatures and store malware on legitimate sites.” The Random.JS toolkit is a piece of JavaScript code that morphs every time it is accessed, Ben-Itzhak said. As a result, it’s nearly impossible to detect with traditional signature-based anti-malware products.

The Random.JS attack is performed by dynamic embedding of scripts into a Web page, he said. It provides a random filename that can only be accessed once and is done in such a selective manner that when a user receives an infected page once, it will not be referenced again on further requests. This method prevents detection of the malware in later forensic analyses.

The list of attack toolkits includes MPack, NeoSploit, IcePack, WebAttacker, WebAttacker2 and MultiExploit, along with newer toolkits like Random.JS, vipcrypt, makemelaugh and dycrypt.

Security vendors warn of the rising use of attack toolkits in recent months.

Are your systems protected?  Let Digital Reach assess your network security strategy.

Experts are predicting the Storm Trojan’s reign will continue.

Antivirus companies, as well as security researchers and experts, have said the size of the botnet creatd by Storm is well into the millions of machines.  In fact, some estimates going as high as 50 million infected PCs.  However, despite all of the attention Storm has received, new research into its impact and reach shows that the number of active Storm bots operating at any one time is significantly less than one million…probably closer to 200K.

Symantec’s research on Storm - which is focused on the amount of spam messages that infected PCs send out -4,375 unique IP addresses were infected during the 24 hour reporting period.  The reporting period was a 24 hour period in August.  In September that number jumped to 6000 with only 25% overlapping from the previous month.

Microsoft added Storm to its Malicious Software Removal Tool, and cleaned Storm from more than 274,000 infected machines - eliminating about 20% of the malware’s DDoS capability in one day.

The economies of scale on the Internet can increase the power and reach of botnets even 1/10th the size of Storm.  Broadband connections and fast PCs mean that a malware author doesn’t necessarily need a botnet of millions to make money sending spam or selling processing power to attackers. In fact, huge networks can be a detriment to criminals looking to evade detection. No need to attract attention with a massive botnet when a much smaller one will do the job just fine.

Storm’s creator has modified and updated the software a number of times this year, and experts expect that to continue. At least for now, they say, there is no end in sight to Storm’s reign.

Are you protected? Let us help you decide. Review: Security Threats

In the past an organization’s computer systems were centrally located in the company’s data center and the duty to keep those systems running smoothly was responsibility of Computer Operations IT personnel. Disaster recovery and contingency planning are the responsibility of the IT department, whose focus is to ensure that business applications within the IT environment are available as required by its useres.

Today’s IT environment is much more complex to manage. Business information is spread out among varying mediums as LANs and departmental systems have replaced the mainframe.

Further, the emphasis on the computer and resident information has given way to an emphasis on ensuring continuity of the processes that keep the business running. Risk management and business continuity planning, therefore, must become critical components of business operations.

In order for managers to make informed decisions about whether to assume, avoid or transfer risk, and implement cost-effective security solutions, it is essential to adopt a methodology that addresses the issues in terms of cost and benefit.

It is important, therefore, to understand the basics of risk managment by comparing the quantitative and qualitative approaches to risk assessment practices.

While there are a number of ways to identify, analyze, and assess risk, there is little real understanding of the process and metrics of analyzing and assessing risk. Certainly everyone understands that “taking a risk” means “taking a chance,” but a risk or chance of what is often not so clear.

Learn more about Digital Reach’s comprehensive risk management solutions.