Jan 04 2013

Controls against industrial Malware

Category: MalwareDISC @ 11:43 pm

Malicious software is called a malware and malware may include viruses, worms and trojans. A virus is a piece of code which is capable of replicating itself and mainly it depends on a host file (a document) to reach its target. However worm does not rely on the host file to reach the target but it does replicate. Main property of Trojan is concealment of code and ultimately used to get control of target system.

Modern day malware Stuxnet can manipulate Programmable Logic Controllers (PLCs) of critical infrastructure. Industrial Control System (ICS), SCADA, and manufactruing insdutry infrastructure is controled by the PLCs. Another malware, named Duqu, Flame by its discoverers, is similar to Stuxnet in many respects. Like modern trojans Duqu communicates with a command and control server in encrypted form which gives you an idea of sophistication to develop this malware. In the past year the discovery of the Stuxnet malware – and subsequently of the Flame, Duqu and most recently Gauss malware – has brought the issue of state-sponsored cyberwarfare into sharp focus in security community which are simply known as modern day (WMD) weapon of mass destruction.

The discovery of these modern day malware caused an uproar among the security community when it was found that these malware had been specifically designed as a highly targeted industrial espionage tool. Perhaps this create a frenzy out there to deveop these kind of tools but that bring out some questions which I’m unable to answer. Is it legal for a state to develop these tools? Is it legal for a state to use these tools in offense? do we have any international charter on the legality of these tools, otherwise Stuxnet, Duqu and Flame may set a wrong legal precedence of what’s good for the goose is good for the gander.

Main sources of malware infection may be USB drive, CD Rom, internet and unaware users but basically malware can install itself on your computer by simply visiting an infected/implanted website (pirated software, web sites with illegal content)

An organization should perform a comprehensive risk assessment on their malware policy to determine if they will accept the risk of adobe attachment and other executable files to pass through their perimeter gateway. Organization may need to consider all the possible sources of malware threats in their risk assessment which may include but not limited to spyware.

Malware Controls:
• High level formal malware policy and procedure. There should be a formal policy and procedure for USB drives if risk assessment determines that USB drive risk is not acceptable to business. Then there is a need to implement a control (policy, procedure, technical or training) or multiple of these controls to mitigate this risk to acceptable level.
• Anti-Virus policy which makes it mandatory to install, and signature file updates should take place on a regular interval (daily)
• Patch policy for all the latest patches, fixes and service packs that are published by the vendors
• Regular audit or review of anti-malware software and data file on the system
• All email attachment, software downloads should be checked for malware at the perimeter and adobe attachment and executable treated based on the risk assessment (drop, pass)
• User awareness training to possible infected email, spyware and infected website
• There should be a business continuity plan to recover from a possible malware attack

Related Books

Malware Titles from DISC InfoSec Store
Anti-Malware Software from DISC Infosec store
Anti-Virus software from DISC InfoSec Store
Anti-Malware Titles from eBay

Free Online Virus Scan

Norton Virus Scan | McAfee Virus Scan | Analyze suspicious files

Tags: anti virus, Malicious Software, Malware, Security, Spyware and Adware, trojan, Trojan Horses, Viruses


Jan 12 2010

Pop-Up Security Warnings Pose Threats

Category: MalwareDISC @ 4:10 pm

FBI Warning
Image by Travelin’ Librarian via Flickr

Malware: Fighting Malicious Code

By FBI NPO

The FBI warned consumers today about an ongoing threat involving pop-up security messages that appear while they are on the Internet. The messages may contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft. The messages contain scareware, fake or rogue anti-virus software that looks authentic.

The message may display what appears to be a real-time, anti-virus scan of your hard drive. The scareware will show a list of reputable software icons; however, you can’t click a link to go to the real site to review or see recommendations. Cyber criminals use botnets—collections of compromised computers—to push the software, and advertisements on websites deliver it. This is known as malicious advertising or “malvertising.”

Once the pop-up warning appears, it can’t be easily closed by clicking the “close” or “X” buttons. If you click the pop-up to purchase the software, a form to collect payment information for the bogus product launches. In some instances, the scareware can install malicious code onto your computer, whether you click the warning or not. This is more likely to happen if your computer has an account that has rights to install software.

Downloading the software could result in viruses, malicious software called Trojans, and/or keyloggers—hardware that records passwords and sensitive data—being installed on your computer. Malicious software can cause costly damages for individual users and financial institutions. The FBI estimates scareware has cost victims more than $150 million.

Cyber criminals use easy-to-remember names and associate them with known applications. Beware of pop-up warnings that are a variation of recognized security software. You should research the exact name of the software being offered. Take precautions to ensure operating systems are updated and security software is current. If you receive these anti-virus pop-ups, close the browser or shut down your computer system. You should run a full anti-virus scan whenever the computer is turned back on.

If you have experienced the anti-virus pop-ups or a similar scam, notify the Internet Crime Complaint Center (IC3) by filing a complaint at www.ic3.gov.

Tags: anti virus, crime, FBI, Federal Bureau of Investigation, Identity Theft, Internet Crime Complaint Center, Malicious Software, Malware, pop-up, Security, Theft, trojan, United States


Dec 04 2009

Five ways to lose your identity

Category: Identity TheftDISC @ 2:42 pm

beconstructive12

By Jaikumar Vijayan
The rush by shoppers to the Web makes the season a great time for online retailers. It’s also a great time for hackers looking to steal data and money from the unwary millions expected to search for great deals online.

Checkout huge savings on Today’s Hot Deals on Information Security Solutions for the holidays

The growth of holiday hackers has annually prompted security analysts, identity theft awareness groups, and various government agencies to come up with lists of precautions that consumers can take to avoid becoming a victim of online fraud. Such lists can prove a benefit to consumers, but unfortunately some people ignore it.

Below are the identity theft awareness tips which can help maximize your exposure to online fraud.

Tip No. 1: Open all attachments from strangers and click on all embedded links in such e-mail messages. Such actions remain one of the most effective ways to provide thieves with personal information and financial data. All a hacker needs to do is find computer users who instinctively open e-mail messages from strangers, even those who write in a foreign language. The action can open the door to keystroke loggers, rootkits, or Trojan horse programs. Crooks can also easily install backdoors to easily steal data without attracting any attention. Once installed, hackers gain unfettered access to personal data and can even remotely control and administer systems from anywhere.

Tip No. 2: Respond to Dr. (Mrs.) Mariam Abacha, whose name is used by many hackers who say they have close friends and relatives in Nigeria who have recently been widowed or deposed in a military coup and need your help to get their millions of dollars out of the country. Users are told they will undoubtedly be rewarded for helping to get their “well-packed trunk boxes” full of cash out of Nigeria. And to make sure to provide bank account information, login credentials, date of birth, and mother’s maiden name so that they can wire the reward directly into a checking account in time for the holidays.

Tip No. 3: Install a peer-to-peer file-sharing client on your PC and configure it so all files, including bank account, Social Security, and credit card numbers, along with copies of mortgage and tax return documents, are easily available to anyone on the same P2P network. Your personal data will stream over the Internet while you check out what songs you can download for free without getting sued by the RIAA.

Tip No. 4: Come up with passwords that are easy to crack. It saves hackers from spending too much time and effort trying to access your PC. Clever sequences such as “123456” and “abcdef” and your firstname.lastname all make fine, easy-to-remember default passwords for you and for hackers. For maximum exposure, keep passwords short, don’t mix alphabets and numerals, and use the same password for all accounts.

Tip No. 5: Avoid installing the latest anti-malware tools and security updates. Keeping operating systems properly patched and anti-virus and anti-spyware tools updated make life hard for hackers. Users can help them out by making sure their anti-virus software and anti-spyware tools are at least 18 months out of date or by not using them at all. Either way, it’s very likely that your computer will be infected with a full spectrum of malware.

For additional tips on how to shop securely on Christmas and holidays season:
How to shop safely online this Christmas
Identity theft tip-off countermeasure and consequence | DISC

Please comment below regarding any other new and emerging threat which needs to be addressed during holiday’s season?

Reblog this post [with Zemanta]

Tags: antivirus, Christmas and holiday season, Computer security, Credit card, File sharing, hacker, Identity Theft, Malicious Software, Malware, Online shopping, Personal computer, Security, shop safely, shop securely, Spyware, threats, trojan, Trojan horse


Oct 16 2009

Web Services and Security

Category: Cloud computing,Information SecurityDISC @ 4:01 pm

Cloud Security and Privacy

Because of financial incentive, malicious software threats are real and attackers are using the web to gain access to corporate data. Targeted malicious software’s are utilized to steal intellectual property and other confidential data, which is sold in the black market for financial gain. With use of social media in corporate arena, organizations need to have web services use policy, to ensure employees use the internet for business and comply with company web use policies. To have an effective web use policy makes business sense and to implement this policy efficiently is not only due diligence but also assist in compliance. After implementing, the key to the success of web use policy is to monitor the effectiveness of the policy on regular basis.

webservices

Hosted web security services operate at the internet level, intercepting viruses, spyware and other threats before they get anywhere near your network. These days if malicious software has infected your gateway node the attacker is home free and it is basically game over. How to fight this malice is to use hosted web security services, which is transparent to users and stop the malwares before they get to the corporate network.

Things to look at web security hosted services are protection, control, security, recovery and multilayer protection.

Protect your corporation from anti-virus, anti-spam, and anti-spyware
Content Control of images, URL filtering and enterprise instant messages, all web request are checked against the policy
Secure email with encryption
Archive email for recovery
Multilayer protection against known and unknown threats including mobile user protection

Web Security Anti-Virus, Anti-Spyware – stops web-borne spyware and viruses before they infiltrate your network, protecting your business from information theft and costly diminished network performance.

Web Filtering – enables you to block access to unwanted websites by URL, allowing you to control Internet use and enforce acceptable Internet usage policies


Download a free guide for the following hosted solutions

Hosted email solution
Hosted email archiving
Hosted web monitoring
Hosted online backup

Tags: archive email, boundary encryption, content control, email archiving, email solution, image control, Malicious Software, Malware, multilayer protection, online backup, Spyware, url filtering, web filtering, web monitoring, wen security


Mar 26 2009

Conficker C worm and April fool

Category: MalwareDISC @ 3:24 pm

My creation! (APRIL FOOL)
Image by david ian roberts via Flickr

Worm like conficker is a digital time bomb which is hard coded to trigger on April 1 (April fool’s day). Antivirus companies are doing their best to minimize the impact of conficker worm. Conficker first variant was introduced few months back and have already caused significant amount of damage to businesses. Conficker is using MD6 hash algorithm, first known case where this new algorithm has been used. Across the globe, there are about 15 million computer infected with conficker worm.

“In computer, a worm is a self replicating virus that does not alter files but resides in active memory and duplicates itself”

This happens to be third variant of conficker in the wild which is named “conficker c” which pose a significant threat to businesses and security expert are still trying to figure out the potential impact of this worm. In new variant, the worm has tendency to morph into something else which makes it harder for antivirus software to detect it. What is known about this worm so far is that at a predefined time on April 1st the infected machine will execute the worm which will be later be exploited by the worm originator. The originator or controller of the worm will control the infected machines and it’s anybody’s guess right now what commands will be given to these zombies. It can be to steal private and personal information, spam, DDoS, or simply wipe the infected machine hard drive. Also bad guys don’t have to give the commands to zombie machines on April 1st, it can be any time after April 1st.

Possible countermeasures:
• Keep up-to-date patches (Microsoft Ms08-067 security update)
• Keep antivirus signature files up-to-date (latest DAT)
• Disable Auto run
• Try different antivirus software to verify and take advantage of McAfee free online scan services
• Free Sophos Conficker clean-up tool
• Make sure your machine is not infected with “conficker c” then you don’t have to worry about April 1st

Microsoft is offering a $250,000 reward for information that leads to the arrest and conviction of the conficker worm’s makers.

[TABLE=12]

httpv://www.youtube.com/watch?v=YqMt7aNBTq8

Reblog this post [with Zemanta]

Tags: Antivirus software, April Fools Day, conficker, Malicious Software, McAfee, Microsoft, Security, Viruses