Owner: Panda Security USA Technology Blog URL:http://pandasecurityus.wordpress.com Join Date: Fri, 31 Aug 2007 23:49:45 -0500 Rating:0 Site Description: Panda Security USA Technology Blog. Site statistics:Click here
Anatomy of a data breach part 2 2008-05-06 19:48:40 In this second part I am going to talk about utilizing different methods of hardening web-facing applications. The goal is to obviously implement an effective strategy to reduce the potential of a data breach. First of all we have to understand how a data breach is conducted and what methods are used to access internal protected information.
The purpose behind such an [...]
Eleven months of writing for the Information Security Systems Association Journal 2008-05-20 18:57:48 I have been writing
now for eleven months in the Information Security Systems
Association Journal
(ISSA). These articles have been primarly focused along the lines of sharing information concerning the emerging threat-landscape and what we are seeing from a Panda Security perspective. Therefore; I thought I would share a little history with you by making these articles [...] Read more:Eleven
Webinar on Privacy and Security - Win a Garmin GPS! 2008-05-20 16:38:00 Free Live Webinar on May 21 @ 10AM PST / 1PM EST
-malware/
New breeds of malware – spyware, adware, Trojans, and viruses – are rapidly infecting networks and exposing businesses and their customers to unprecedented security risks. The government is now mandating that corporations effectively protect the privacy of individuals and ensure the confidentiality and integrity [...] Read more:Privacy
, Garmin
, GPS
How regulations affect small to mid-size companies 2008-05-20 14:16:44 It’s important to note that not only are large corporations affected by regulatory standards, but the small and mid-size companies are also equally affected; especially when their core business is dealing with protected classes of information by law (patient information, credit card information, financial data, etc).
A very good example is a regional medicare facility that has les
From Traditional AV to Security-as-Service 2008-05-19 21:57:50 Over the past five years the anti-virus market has experienced tremendous growth with the advent of new technologies to adapt to current conditions. What was once a market consisting of a very few players has now evolved into a global enterprise consisting of dozens of companies with an assortment of anti-virus products varying in degrees [...] Read more:Traditional
, Service
Yesterday’s Webinar Available! 2008-05-22 11:49:15 Yesterday’s webinar on Customer Privacy, Malware and Government Regulations is now available for your viewing pleasure. Enjoy!
-malware/?tfso=1409
Read more:Yesterday
Why Security-as-a-Service reduces total cost of ownership (TCO) 2008-05-22 11:23:40 Recently I have been getting a number of questions concerning the cost savings of a security service (SaaS) model versus a traditional on-premise solution. While there are certainly a number of direct benefits to the end-user, I thought for the purpose of this article to elaborate on the most important one: “reducing the total cost of ownership (TCO) via [...] Read more:Service
LayerOne Security Conference Video Available 2008-05-23 10:39:09 Last weekend we participated in a smaller regional security conference in Pasadena California called LayerOne which occurs yearly at the Pasadena Hilton. There was a number of great talks and I provided one on the evolution of cyber-crime and it’s prevalence. I am making the video available here.
Anatomy of a data breach part 2 2008-05-22 03:48:40 In this second part I am going to talk about utilizing different methods of protecting sensitive data-at-rest by using system hardening. The overall goal is to obviously implement an effective strategy to reduce the potential of a data breach (keeping in mind it’s all about best efforts when meeting compliancy). First of all we have to understand how a data breach is [...]
SQL Injection Attacks: The future of mass hacking campaigns 2008-05-28 12:32:41 SQL injection attacks are evolving as a prime mode of transportation for malicious scripts that hackers wish to insert into legitimate web-sites. Typically the web-site is a vehicle for distributing Trojans through scripts crafted to exploit specific vulnerabilities on visiting PCs; i.e. the recent Adobe Flash vulnerability annouced today that could use SQL injection as a form [...] Read more:SQL
, Injection
SQL Injection Attacks: The future of mass hacking campaigns (updated) 2008-06-11 12:32:41 SQL injection attacks are evolving as the prime mode of transportation for malicious scripts that hackers wish to insert into legitimate web-sites. Typically the web-site is a vehicle for distributing Trojans through scripts crafted to exploit certain vulnerabilities on visiting PCs.
These scripts are often designed to exploit vulnerabilities that the vendor usually has a patch [...] Read more:SQL
, Injection
Host Intrusion Prevention: Behaviroal Analysis 2008-06-13 13:57:41 Host Intrusion
Prevention Technologies or better known as HIPS have been around for some time in the market. HIPS technologies work on the premise of providing end-point intrusion prevention against anomalous system behavior.
HIPS over the years has been developed for the anti-malware space in order to compliment existing technologies (signature and heuristics) and to improve detection capa Read more:Analysis
Trojan to Worm Creator: A Camouflage? 2008-07-01 10:17:04 Recently PandaLabs discovered a specialized tool for converting a Trojan
to a Worm. Tools like these are not new and have been around for some time being made available in underground forums that are frequented by Script Kiddies and novice hackers.The danger with this specific kit is the ability to take a banker Trojan and make [...] Read more:Camouflage
Video Codec Malware Continues 2008-07-31 15:38:35 Over the last few days we have been getting a number of new emails with links to a specific fake video codec (which is actually a Trojan) ”get_flash_update.exe“. The attack appears to have infected a number of real and legitimate web-sites to act as malware distribution points. The interesting part is the URL that is being used to invoke [...] Read more:Codec
, Malware
More Trojans hiding behind false celebrity videos 2008-07-31 09:51:12 It appears that another spam campaign has surfaced with the intention of enticing users into opening messages with tag lines such as ”Failure Notice” and ”Your Order is Executed” or “Your Order”. However, when you look at the message body, it presents something entirely different such as “Angelina Jolie Nude” or “Jennifer Lopez Extremely N Read more:Trojans
, hiding
, behind
, false
, videos
Angelina Jolie Spam 2008-07-30 10:04:28 This morning I discovered a very interesting email in one of our spam sensors in the US. This message is claiming to show the viewer a nude video of AngelinaJolie
. However, the link directs you to a website hosting a malicious Trojan.
File size: 148992 bytes
MD5…: a7e316a7ebc0a90f1d278d63f500e79f
SHA1..: 454fa925c9c1de565e463b4763f8faee4376df94
SHA256: 1bdc9ff03f7910d24d86871d4ea9a3c15528 Read more:Angelina Jolie
FBI v.s Facebook Spam 2008-07-29 09:56:56 This morning I checked one of our mailboxes here in the US and discovered this very interesting spam message containing the subject line “F.B.I may strike facebook“. When I investigated further, the body of the message consisted of text such as: ”F.B.I Facebook
Records” with a link to a URL that appeared to be a daily news site.
When you visit the [...] Read more:FBI
Point-of-Sales Vulnerabilities 2008-07-24 17:36:13 The Target: the wireless point-of-sale (POS)
The wireless POS system consists of one or more networked wireless POS end-points located at check-out stands and the internal on-site transaction server which connects the system to the payment authorization source. The transaction server also interfaces with the inventory control system.
• Transaction initiated at wireless POS checkout stand
• T Read more:Sales
Anatomy of a Data Breach Part 3 - The Wireless Hack 2008-07-17 10:18:53 Wireless networks and endpoints offer convenience and connectivity. Unless properly secured, they also offer a means of egress into the network. This article will describe the vulnerabilities and strategies for mitigation.
In the wake of undiscovered data breaches and subsequent public exposure, hackers have begun to turn their eye towards breaching wireless networks and taking advantage [...] Read more:Breach
, Wireless
PandaLabs Q2 Figures 2008-07-07 12:12:35 Today we published our Q2 figures covering the most relevant trends in the malware landscape. Some of the key points from this Q2 report includes:
Distribution of Banker Trojan families by prevalence in the market.
Distribution of Active malware by country (this entails PCs with active malware running in memory).
Spam levels fluctuated between 60% to 94% of all email on the Internet
Banker Read more:Figures
Update: MSNBC attack morphs 2008-08-13 15:47:44 Earlier today the MSNBC
spam campaign currently in circulation morphed and the page that users are directed to has been replaced with an MSN branded web page (earlier this morning it pointed to the CNN fake video codec page). The page operates and behaves similar to the CNN fake flash codec in which it prompts visitors to install an updated ActiveX [...] Read more:Update
, attack
Critical Security Briefing on CNN malcode campaign 2008-08-13 13:49:57 Tomorrow I will be giving a critical security briefing concerning the CNN
, MSNBC and other malcode campaigns currently in circulation. Please join this special webinar August 14th at 9:00AM PST or 12:00PM EST for a very informative briefing including a Q&A session.
Register now to reserve your spot.
MSNBC Breaking news alerts: a weird twist in the CNN spam campaign 2008-08-13 09:41:16 This morning several messages appeared to be coming from MSNBC
breaking news alerts. However, it is another weird twist
in the CNN
spam campaign as the link will direct the user to the fake CNN video codec page to download the adobe_flash.exe. We expect to see in the next coming days variations of these messages as [...] Read more:Breaking
Attack of the greeting card malware 2008-08-12 11:10:01 This morning another spam run was detected containing a link to a fake e-greeting card. While the use of the social vector of greeting cards is not a new thing, spam attacks using malcode is on the rise and in the last two weeks a number of new spam runs were detected (CNN spam, Fake IE 7.0, etc).
The latest [...]
Detecting malware in CNN spam generically with PEiD 2008-08-11 14:51:53 Recently I have been investigating the adobe_flash.exe files associated with the latest round of CNN
spam. During my analysis all of the binaries appeared to look and behave the same; however, some of the files are actually quite different. Therefore, using PEiD and Signature Explorer 3 I created two generic detection signatures for variations of the adobe_flash.exe file.
[...]
CNN Alerts: still going strong with new malware and new URLs 2008-08-11 11:37:11 The CNN
Alerts spam campaign continues this morning with new email messages and new malware hidden behind the links. The latest change to the URL scheme they are using behind the “Full Story” link is cnnvid.html, cnnhottopics.html, cnnheadlines.html, cnncurrent.html, cnnplus.html, etc which directs the user to a fake video site. The codec name continues to be [...]
CNN Alerts & New Malcode (Antivirus XP 2008) 2008-08-08 10:26:36 This morning the CNN
spam campaign took an ugly twist in terms of content. Spammers are now spoofing the CNN alerts system that users configure to receive customized news alerts. This is particularly harmful to those who actually create alerts for themselves with CNN as at the first glance it looks very authentic. In some of [...]
Fake IE 7.0 Update: Full Analysis 2008-08-07 13:02:07 Antivirus XP 2008 is currently detected on 1.68% of all PCs scanned and is ranked as 3rd in active malware. The application causes extreme annoyance, system performance degradation - mainly through pop-up messages, registry keys and spawning a large volume of files.
The unfortunate part for end-users is the vector for delivery of this application is through [...] Read more:Update
, Analysis
Fake Internet Explorer 7.0 update = Antivirus XP 2008 2008-08-07 10:49:53 The fake Microsoft InternetExplorer
7.0 spam campaign continues this morning with new messages and new malware binaries hidden behind links. The latest binary is ie7.0.exe which the infection is associated with AntivirusXP 2008, a rouge anti-virus application which is currently in wide spread circulation and accounts for a number of the infections we are seeing on a daily basis.
In [...]
Fake Microsoft Internet Explorer 7.0 Update 2008-08-06 15:22:46 A few minutes ago we discovered another spam campaign this time offering an update to MicrosoftInternetExplorer
7.0. What’s interesting about this particular message is it appears to be in exactly the same format as to what was used to distribute the get_flash_update.exe as seen in some attacks. The message comes from the [...] Read more:Update
, Internet Explorer
Recommend Site To A Friend
