It seems that for every business innovation intended to improve our lives there is a counter innovation intent on destroying user confidence and trust.
Google releases the latest version of its nifty desktop search tool and within hours analysts issue warnings about it representing an "unacceptable security risk" to large enterprises.
The same goes for Web services. In January, analysts listed Web services as one of the top business IT trends to watch in 2006 and now experts are warning that current XML and simple object access protocol (SOAP) attachments could cause information leakage.
Equally disconcerting is that online criminals have significantly increased the speed with which they exploit newly published security flaws in software in an effort to infect systems before users update.
From bank-stealing Trojans to botnet attacks
This week`s malware innovation, which will no doubt result in fewer people trusting online banking, is "bank-stealing Trojans", which wait until the victim has actually logged in to their bank and then transfers the money out.
More disconcerting news this week is botnet controllers are switching to stealth tactics in a bid to avoid detection.
Mariette Du Plessis, events programme director, ITWeb
In response to the increased adoption of stronger authentication, cybercriminals are changing their tactics, according to MessageLabs. The bank-stealing Trojan is programmed to work with specific online banking Web sites. It arrives though an e-mail with an apparently innocent Web link. Once clicked, an executable that installs itself onto the browser is downloaded, which waits until a banking site is accessed.
This Trojan is number three on the list of most common threats, according to MessageLabs. The most-seen threat today, it noted, is remote control code used to maintain networks of zombie PCs, or botnets, followed by phishing scams, which seek to dupe computer users into giving up personal information.
More disconcerting news this week is botnet controllers are switching to stealth tactics in a bid to avoid detection. Instead of mass mail-outs of spam and malicious code, they are adopting slower distribution tactics in a bid to avoid appearing on corporate security radars.
The scary numbers award of the week, however, goes to Commtouch. According to the company, there were four "massive attacks" in January out of 19 new, significant e-mail-borne virus attacks. More attacks are managing to slide in under anti-virus radars, with 40% of attacks peaking within eight hours, says Commtouch.
Google - a risky business
Google topped the security headlines this week as the company`s latest innovation, its desktop search tool, came under heavy fire - most notably from Gartner, which issued a warning that the tool represents an "unacceptable security risk" to large enterprises.
According to the analyst firm, the cross-computer file searching features in the latest version of Google`s desktop search tool should be disabled or heavily managed by enterprises.
Google Desktop 3 beta introduces the ability to search the contents of one computer from another. Previous versions of the tool indexed files on users` PCs, but the optional "Search Across Computers" facility in the beta version temporarily stores text copies of searchable items on Google`s own servers for up to 30 days - a move Gartner describes as "inauspicious".
While this may elevate Google from a hacker tool to a primary information theft tool, Google "hacking" still remains a favourite pastime.
At the RSA Conference in San Jos'e earlier this month, McAfee noted that malware authors are increasingly creating digital pests that use Google to find their next victim. The latest trend in Google hacking, according to McAfee, is to use the search tool for automated vulnerability detection.
McAfee`s advice to business was to adopt policies regulating the information they put up on their Web sites and periodically audit their systems using tools such as GooScan or Site Digger.
Insecure Web apps
Security experts also had much to say this week about the impact of poorly designed Web applications, following news of a network worm that targets vulnerabilities in the Mambo content management system and PHP XML-RPC, a library of code for PHP programmers that allows procedures to run between computers with different operating systems.
<B>ITWeb Security Summit 2006</B>
At the ITWeb Security Summit 2006, from 8 to 9 March, top international security experts from MasterCard International, Gartner, Microsoft, Symantec, McAfee, Cisco, Check Point, Computer Associates and OpenHand will join forces to help you understand the insider threat to your business, as well as the strategies, technology and processes most effective in dealing with this changing threat environment.
In two separate keynote sessions at the conference, well-known author and ex-hacker, Kevin Mitnick will also offer an exclusive insider`s view of the low-tech threats to high-tech security, with advice for preventing "social engineering" hacks and how to mitigate the risk that wireless networks pose to sensitive corporate data.
More information about the conference and delegate bookings are available online at www.itweb.co.za/securitysummit or by contacting Denise Breytenbach at (011) 807-3294 or denise@itweb.co.za.
F-Secure calls the worm Mare.D, saying it installs several backdoors on a compromised system. The worm scans random hosts for those running vulnerable installations of the Mambo open source Web site content management system or the PHP XML-RPC library.
But the security community doesn`t seem to be too perturbed about the impact of the Mare.D worm. The real Web threat, experts say, lies with Web services and the fact that current XML and SOAP attachments can potentially allow threats to enter the network, as well as information leakage.
Clear text messages, which are used in transferring applications via Web services, are the main reason security experts are raising red flags.
According to them, these text messages could slip through existing security hardware allowing malformed code to run rampant within organisations. Adding to the problem is security controls built into Web services applications, which offer a compromise in performance and as a result are systematically being turned off.
As to be expected, it also wasn`t long before this week`s focus on Web application vulnerabilities prompted warnings about hosted Web applications soon becoming a target for e-criminals.
Patching Windows
On the patch front this week, Microsoft was kept busy again as attackers created exploits that use flaws in Microsoft Windows. The exploits are proofs of concept, meaning they demonstrate the flaw without causing any harm, but attackers can use the concept code to create their attacks.
Microsoft reportedly patched the vulnerability as part of its monthly patch release cycle. It rated the flaw a "critical".
F-Secure also reported a new OS X proof of concept virus that spreads using a known vulnerability in the way that the operating system handles Bluetooth wireless communications.
The company referred to the worm as OSX/Inqtana, but emphasised that it is only a proof of concept worm and is unlikely to cause any actual harm as the user is prompted to accept the file.
While maybe not that harmful, the OS X worm did cause some major embarrassment for anti-virus vendor Sophos. The company released an antidote, which incorrectly flagged various files in Microsoft Office 2004 and in Adobe Acrobat Reader as being infected with the OS X worm.
At least Sophos responded with an update of the Inqtana-B virus identity file for its Anti-Virus for OS X software, but not before the program caused some havoc on users` PCs, blocking access or deleting "infected" files.
Sources used: ITWeek, ZDNet, The Register.
Share