Security Articles
Microsoft Malware Protection Center Website | RSS Feed
MSRT May Threat Reports and Alureon - 22-May-2010
MSRT May Threat Reports and Alureon - 22-May-2010
Microsoft Security Response Center MSRC Website | RSS Feed
Security Advisory 2028859 Released - 18-May-2010
MSRC Ecosystem Strategy Website | RSS Feed
Strengthening the Security Cooperation Program - 17-May-2010
Project Omega Launch at AusCERT - 17-May-2010
Security Bulletins Advisories Website | RSS Feed
Microsoft Security Advisory (2028859): Vulnerability in Canonical Display Driver Could Allow Remote Code Execution - 5/18/2010 - 18-May-2010
Security Bulletins Comprehensive Website | RSS Feed
Microsoft Security Bulletin Summary for May 2010 - 19-May-2010
MS10-030 - Critical: Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) - Version:1.2 - 19-May-2010
MS10-031 - Critical: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213) - Version:1.1 - 19-May-2010
Security Products Forefront
Forefront Client Security Website | RSS Feed
Pardon our dust…. - 17-May-2010
Pardon our dust…. - 17-May-2010
Forefront Product Suite Website | RSS Feed
Issuing information cards with AD FS 2.0: Community Technology Review released - 21-May-2010
Forefront Server Security Website | RSS Feed
Introducing the Forefront Protection 2010 for Exchange Server capacity planning tool - 21-May-2010
Check out this new video overview of Forefront Protection 2010 for SharePoint - 20-May-2010
Forefront Threat Management Gateway ISA Server Website | RSS Feed
Announcing the availability of the new MRS (V1.1) release - 18-May-2010
Forefront Unified Application Gateway UAG Website | RSS Feed
DirectAccess and Teredo Adapter Behavior - 21-May-2010
UAG DirectAccess Test Lab Guide CRL Check Update - 20-May-2010
Introduction to “The Edge Man” - 18-May-2010
Configuring an External Load Balanced UAG DirectAccess Array for an IPv4 Only Network - 17-May-2010
Tuesday, May 25, 2010
Microsoft Security Articles
Wednesday, May 12, 2010
No-Cost Antivirus and Antispyware Tools from Microsoft
| ||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||
|
Tuesday, May 11, 2010
Security Tools and Guidance for Managers
This link provides a central site for comprehensive reference to MS offerings on Security Perspective and Guidance
http://www.microsoft.com/security/manager/
Guidance
|
|
Security Program Building Blocks
|
|
Thursday, April 22, 2010
MVP Announce: Alert - McAfee Update Causing Windows XP Machines to Shut Down
What is the purpose of this alert?
Microsoft has been made aware of an issue with a McAfee DAT file update - released Wednesday, April 21, 2010 - that has been causing stability issues on Windows XP client systems. The symptom is caused by a false-positive detection on a core Windows file (svchost.exe). Once the file is quarantined by McAfee, the system may encounter one of the following symptoms:
· The computer shuts down when a DCOM error or a RPC error occurs
· The computer continues to run without network connectivity.
· The computer triggers a Bugcheck (Blue Screen).
The DAT file version that that caused the problem is McAfee DAT 5958. This file was propagated to client machines that conduct automatic updates of definition files. McAfee updated the DAT file soon after the problem was identified with a new version that does not cause the problem.
Resolution Steps
Please review the following KB Articles for specific steps to resolve the issue on systems that are affected.
McAfee KB Article:
Microsoft KB Article:
Recommendations
We recommend customers affected by this symptom first review the McAfee KB Article referenced above. For further assistance, customers should contact McAfee. Customers who are unable to resolve the issue through these means can contact Microsoft for technical support using resources found on this Web page: http://support.microsoft.com/.
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.
Thursday, February 25, 2010
My Article in January 2010 Edition of the Hakin9 Magazine
Edition Link: http://hakin9.org/magazine/995-hardware-keylogger-a-serious-threat
Friday, December 25, 2009
Saturday, November 7, 2009
Increase in Web Malware Activity
There have been many discussions in various Forums, Blogs and Message Boards that the Web has now become the primary vehicle for the Malwares to enter our networks. For more details about such a presentation, please refer to the WebCast “Web Attacks: How Hackers Create and Spread Malware”, presented by Chris McCormack (Web Security Expert - Sophos) and Fraser Howard (Principal Researcher - Sophos). It is very scary, as pointed out in this WebCast, that there is no such thing as a trusted website. Even the most legal site can become the epicenter of spreading out Malware infections. From the popular social networking sites to private/public discussion boards, web sites and blogs, anything can become the harboring ground of these Web Malwares. The table below, taken from Kaspersky Security Bulletin (Statistics 2008), shows the number of Web Malwares detected in some of the popular social networking site. This statistics is compiled by comparing the number of malicious programs that attacked users of different social networking sites.
| Social Networking Site | Malwares Detected (2008) | Registered Users (2008) |
| Odnoklassniki (www.odnoklassniki.ru) | 3302 Malwares | 22000000 Users |
| Orkut (www.orkut.com) | 5984 Malwares | 67000000 Users |
| Bebo (www.bebo.com) | 2375 Malwares | 40000000 Users |
| Livejournal (www.livejournal.com) | 846 Malwares | 18000000 Users |
| Friendster (www.friendster.com) | 2835 Malwares | 90000000 Users |
| Myspace (www.myspace.com) | 7487 Malwares | 253000000 Users |
| Facebook (www.facebook.com) | 3620 Malwares | 140000000 Users |
| Cyworld (us.cyworld.com) | 301 Malwares | 20000000 Users |
| Skyblog (www.skyblog.com) | 28 Malwares | 2200000 Users |
Source: Kaspersky Security Bulletin (Statistics 2008)
Similarly, the below graph shows the sudden increase of Web Malwares activity related with some of the popular social networking sites.
Source: Kaspersky Security Bulletin (Statistics 2008)
Recently it was discovered that social networking sites were getting used as botnet command control. Arbor Network Security reported that, they have identified a Twitter account that was being used as part of an update server for infected systems that were part of a botnet. This account was issuing base 64 encoded tweets that pointed to links where the infected computers could receive malware updates from. Almost similar kinds of botnet command control mechanism were also detected in Tumblr & Jaiku as well. These bots were using RSS feed to get the status updates.
It was pointed out by Google that ‘1% of all search results contained at least one result that point to malicious content and the trend seems to be increasing’. Of the billions of web pages that they have investigated, more than 3 million unique URLs on over 180,000 web sites automatically install Malwares by drive-by download. Shown below are some of the interesting statistics of Malware activity identified in the Web. These interesting trends were observed by the Google Security Team.
Source: Google Online Security Blog
The above graph shows the percentage of daily queries that contain at least one search result identified as Malicious.
Source: Google Online Security Blog
The above graph shows the number of entries in the Google Safe Browsing Malware List. It becomes obvious from these graphs that in the last few years there has been a constant increase of Web related Malwares. The Google research paper on this increasing trend of Web Malware activity, as observed by the Google Security Team, can be referred to from the URL mentioned below in the reference section of this article (Google Research).
Taken from Kaspersky Monthly Malware Statistics, the below table shows the top twenty Web Malwares with new infections detected (highlighted in yellow) and the number of infected web pages.
| Position | Malware Name | Infected Web Pages |
| 1 | Trojan-Downloader.JS.Gumblar.a | 8538 |
| 2 | Trojan-Clicker.HTML.IFrame.kr | 7805 |
| 3 | Trojan-Downloader.HTML.IFrame.sz | 5213 |
| 4 | Trojan-Downloader.JS.LuckySploit.q | 4719 |
| 5 | Trojan-Downloader.HTML.FraudLoad.a | 4626 |
| 6 | Trojan-Downloader.JS.Major.c | 3778 |
| 7 | Trojan-GameThief.Win32.Magania.biht | 2911 |
| 8 | Trojan-Downloader.JS.ShellCode.i | 2652 |
| 9 | Trojan-Clicker.HTML.IFrame.mq | 2576 |
| 10 | Exploit.JS.DirektShow.o | 2476 |
| 11 | Trojan.JS.Agent.aat | 2402 |
| 12 | Exploit.JS.DirektShow.j | 2367 |
| 13 | Exploit.HTML.CodeBaseExec | 2266 |
| 14 | Exploit.JS.Pdfka.gu | 2194 |
| 15 | Trojan-Downloader.VBS.Psyme.ga | 2007 |
| 16 | Exploit.JS.DirektShow.a | 1988 |
| 17 | Trojan-Downloader.Win32.Agent.cdam | 1947 |
| 18 | Trojan-Downloader.JS.Agent.czm | 1815 |
| 19 | Trojan-Downloader.JS.Iframe.ayt | 1810 |
| 20 | Trojan-Downloader.JS.Iframe.bew | 1766 |
Source: Kaspersky Monthly Malware Statistics
Web Malwares have become a major contributor to this growing Malware menace. According to ScanSafe's Annual Threat Report, on an analysis of 200 billion web requests they came to a conclussion that web malware infection surged 582 percent last year, with a significant increase visible toward the last quater of 2008. Security researchers at AVG Technologies have observed that the number of new infected Web sites has grow by 66 percent, from 100,000 to 200,000 per day to 200,000 to 300,000 per day it is expected that this trend would continue in days to come.
Since 2006, the number of Malware signatures of most of the Antivirus vendors has doubled. But with new variants getting created, newer methods of infection and increase in the numbers of distribution points, which are mainly compromised websites, this has resulted in a situation where the Antivirus vendors are now finding it difficult to block these threats, hence, resulting in misses in Malware detection. Earlier Antivirus companies were blocking a major portion of these Malwares with dedicated and generic signatures. However today, it has become literally impossible to block these Malwares with older methodologies. The below statistics (Jan-Jun 2009) shows the misses by some of the major Antivirus engines to detect Malwares and this trend has increased off late.
Source: CommTouch Labs
After calculating an average daily detection rate of some of the major Antivirus vendors, it was revealed by Cyveillance, a cyber-intelligence gathering company, that none of these Antiviruses were going over the 50% mark as far as successful detection is concerned. The top five scores came from McAfee (44 percent), Sophos (38 percent), Dr. Web (36 percent), Symantec (35 percent) and Trend Micro (34 percent). The list also had details of AVG (31 percent), F-Secure (28 percent), ESET (27 percent), Sunbelt (26 percent), F-Prot (23 percent), Norman (23 percent), Kaspersky (18 percent) and VirusBuster (16 percent). Similarly, Panda Security Research also reported that, out of 1.5 million home computers they looked into, only 37.45 percent were correctly protected with an active anti-malware solution with the latest signature database and out of these protected computers, 22.97 percent had active malware infections which were undetected by the anti-malware solution. This is because, more than 52 percent of the Malwares will get reconfigured within 24 hours of its first release so that they can evade signature-based scanners. They also audited a total of 1,206 companies' network. These networks were protected by a variety of different security vendors and in 69.34 percent of the cases they were correctly protected. However they still found thay 71.79 percent systems of these networks were actively infected with Malware.
Posts
