In this third and final part of our article series about risk factors, we will examine Human attack factors and Physical factors.
The previous article discussed different procedures and systems that could be invoked in order to mitigate risk. In subsequent parts we will examine areas at risk, starting with Electronic factors.
The aim of this type of initial risk analysis is to identify potentially vulnerable points that may be exploited if they are not sufficiently secured.
The ease involved in creating QR codes that links to web pages implies that this will be a popular way to facilitate the propagation of malware for mobile devices.
A successful attack is not particularly easy to carry out, as it depends on several prerequisites.
Computers do what they are told. This may result in consequences that are funny as well as dangerous.
Malware authors continue to pursue delivery mechanisms that can confuse different malware detection systems.
Coordinated efforts between experts/authorities against cybercriminals seem like the most efficient method for combating cybercriminals. Different experts and authorities are then able to focus on the part of the criminal chain that corresponds to their ability and expertise.
Computer systems are becoming increasingly sophisticated and complex with components that are individually computerized. This increases the attack surface for cybercriminals, and represents a challenge for users and the security industry.
The steps that private users and organizations can take to protect themselves, are quite similar in character to protection of traditional computers.
Since the cybercriminals seem to shift from randomly directed mass attacks to more focused attacks, the total volume of spam will decrease.
It is almost impossible to protect completely against a targeted cyberattack against an organization.
We shall in this article focus on the PPI ecosystem and how this is used for malware distribution.
The web site (usually an infected site) that displays the message checks the browser visiting the site, and displays a warning message similar to the browser's real warning.
Recent weeks have shown that images are used as a malware spreading technique; particularly images that appear after performing a Google image search.
Do not rely on any file attachment or file on any device to be safe based on its file name.
Users of the operating system Mac OS X have so far been quite safe from malware infections compared to those who have chosen Windows as the operating system platform.
As one of the largest companies in the software industry, Microsoft's policy will influence the way vulnerabilities are handled.
Blocked access to important information - particularly if adequate backup routines are not in place - may be disastrous for the person who becomes the victim of ransomware.
Anonymous characterizes itself as a hive and a nest. One potential issue with such free structures is the potential for different actions that may conflict with each other.
Whenever malware authors find new vehicles to spread their malware, the probability for success increases immensely.
Bots and botnets comprise one of the biggest threats to the Internet and its users. However, recent news report of a success story: beheading the spam botnet Rustock.
In previous security articles, we discussed the fact that cybercriminals use big events to spread malware. Not surprisingly - nevertheless disgusting - the recent events in Japan have inspired shameless exploitations by cybercriminals.
In our security article last week, we discussed cybercriminals who targeted financial institutions in an indirect way. However, the major bulk of malware aimed at the finance sector puts the finance sector's customers at peril. One obvious reason is that the average end user's system presumably is less secure than the systems used by the financial sector.
Sony's PlayStation 3 (PS3) has been viewed as one of the most secure gaming devices. Applications and games from other sources than Sony could not be installed and run on PS3, and a firmware update early in 2010 disallowed using other operating systems than the one set up by Sony. All this is now changed.
December is the month to look back on the year that is coming to an end. We will attempt to sum up the situation seen from a security company's point of view. The most significant data security incidents to mention from the year are the sophisticated malware Stuxnet and incidents in the wake of WikiLeaks publication of U.S. embassy cables late November.
Some years ago it was an established "fact" that a computer could not be infected by malicious software by visiting a web page. But technology evolves quickly and some facts may change when new technology emerges. These days web pages are perhaps the most used propagation vector for malware.
According to a posting 15 November on the blog belonging to the UK based organization Get Safe Online, one in four UK web users have been targeted by so-called cold calls.
In recent months there have been lots of rumors about the upcoming email system closely integrated with Facebook. More detaileds about this have recently been disclosed by Facebook, and we will examine some aspects of the new offerings.
We have previously advocated the view that endpoint security is just one of several tools needed to accomplish secure environments. This article will examine one particular threat against the Internet community and discuss how it may be overcome.
A little more than one week ago a new extension to the Firefox web browser was published. And it got attention for sure!
In a press release 25 October the Dutch High Tech Crime Team (THTC) of the National Crime Squad announced a successful takedown of a major botnet. 143 malicious computer servers were taken down from the internet resulting from collaboration with a Dutch hosting provider, the Dutch Forensic Institute (NFI), the internet security company Fox IT and GOVCERT.NL and the Dutch computer emergency response team.
The product testing organization NSS Labs has recently published its test report for the 3rd quarter 2010 - test results for 11 antimalware products for consumers. The most interesting finding from this report is that the security products' performance have deteriorated compared to last year. In this security article we shall examine the implications of this.
The term Man-in-the-middle in a security context refers to an attack where someone/-thing is inserted between two endpoints and intercepts the communication between those. The intent is usually to obtain information and use this for illegitimate purposes. Recently the term Man-in-the-mobile, abbreviated as Mitmo, emerged.
Computer software evolves, and popular interpretation is to introduce new generations whenever fundamental changes arrive. If one looks at malware in the same manner, one may also classify different types into various generations.
Last week in our article "Ways to use botnets", we discussed among other issues, botnets for hire. One example we mentioned in our article was the company Aiplex Software, which was hired to try stop illegal distribution of copyrighted material.
This article will not go in depth with regard to how the different botnets function technically. We shall rather examine some of the ways botnets may be used, study one successful method used for fighting this threat, and finally discuss the idea of botnets used for benign purposes.
Fake antimalware software has become an increasing problem for end users and corporations. The creators of these rogue applications are able to earn easy money and are constantly searching for new ways to exploit their victims. A new technique has recently been seen. We shall look at this in more detail in this security article, and attempt to point to some general considerations regarding this type of software and malware in general.
In later years dangerous malicious software for mobile phones and other handheld devices has been predicted and expected by several analysts. Norman, however has traditionally been among those more reluctant in predicting that the explosion of if malicious software for mobile devices is imminent. In retrospective it seems safe to say that our view has proven correct (so far).
Norman releases generic protection against the .LNK vulnerability for customers running NPRO 7.20. The automatic scanner will stop attempts to exploit the .LNK vulnerability, thus also proactively protect customers against both known and unknown malware. Customers running Norman Network Protection will also be protected against known malware using this exploit if executed from a network share.
In this Norman report on security issues during the first half of 2010, we will go through some incidents and tendencies. We will focus on those that Norman perceives as most important in these past six months.
Last week a researcher from Google, Tavis Ormandy, posted information about and exploit code for a new vulnerability in Microsoft's help and Support center.
Earlier this month we wrote about a vulnerability in the PDF specification that could be utilized to run malicious programs embedded in a PDF file. Proof-of-concept code was published, and it was expected that real-life malware that used this technique might appear soon.
The title may imply that this article is about subscription services for email checking, like Norman Online Protection. Rather not! This time we shall examine yet another way that criminal activity imitates legitimate business.
Exploitation of how applications handle files in the Portable Document Format (PDF) is one of the most used techniques to successfully create malicious software. Usually this is accomplished by utilizing vulnerabilities in the applications used to read PDF documents, like the very popular free program, Adobe Reader.
We have earlier discussed the fact that cyber criminals are getting increasingly sophisticated in their attempts to succeed in obtaining illegitimate gain. We will now look into an example of how illegitimate businesses imitate legitimate.
The RSA Conferences are among of the most important annual security conferences. This year's US conference was held in San Francisco 1 - 5 March. One of the speakers was Microsoft's Scott Charney, Corporate Vice President Trustworthy Computing. His speech covered several interesting topics, of which we will discuss one: the ability, usefulness and implications of treating infected computers in a similar manner as infected human beings.
Code injection is a protection mechanism used by malware in order to avoid detection. The injector stores the malware as an encrypted resource, which it decrypts and injects into a running process. The injector may also contain various checks for virtual machines and system tools in order to hinder analysis.
Zimuse is a family of worms that performs destructive overwrites of the Master Boot Record of disk drives on the infected system. If the current system date and time matches certain conditions, the worm overwrites the Master Boot Record of available drives with its own data. The worm will also try to delete some of the important files of the Windows Operating system. The file is run-time compressed using PECompact arrives on the system either as a standalone file (possibly from a malicious download or e-mail) or by infected removable devices (e.g., USB sticks).
December is the month to look back on the year that is coming to an end, and we will attempt to sum up the situation seen from a security company's point of view. The most significant observation to make from this year's malware activity, is that different social networks became a major target for authors of malicious programs.
Große Ereignisse und Veranstaltungen und ganz allgemein alle Anlässe, die viel Aufmerksamkeit verursachen, ziehen oftmals eine wahre Flut von bösartiger Software nach sich.
Wir haben bereits in zahlreichen Sicherheitsartikeln die Tatsache besprochen, dass neue Medien und Kommunikationsgeräte erfolgreich als Instrumente für die Verbreitung von Malware eingesetzt werden. Dieses Mal untersuchen wir einen Anwendungstyp, der bisher noch keine Beachtung fand, und zwar (vermutlich) weder von Malware-Autoren noch von Kommentatoren.
Der Begriff „Identitätsdiebstahl“ ist seit ein paar Jahren in aller Munde. Weniger bekannt war bis vor Kurzem noch die Identitätsvortäuschung in böswilliger Absicht. Mit einer neuen Version von Koobface geschieht genau das – und zwar automatisch.
Anfang dieses Monats wurden mehrere zehntausend Passwörter kostenloser E-Mail-Konten von Microsoft (Hotmail), Google (GMail) und Yahoo kompromittiert.
Open Source als Ansatz für die Entwicklung und Verteilung von Software ermöglicht äußerst praktisch den Zugang zum Quellcode der Programme. Gern werden die Vorteile angeführt, die Open Source im Vergleich zur konventionellen, eher restriktiven Software-Entwicklung haben soll.
Das Thema des Sicherheitsartikels diese Woche ist die Verwendung eines bestimmten Computertyps – und zwar dedizierter Server – als Teil eines Botnets.
Nmap (Network Mapper) ist vielleicht das bekannteste und am häufigsten verwendete Hackertool, das es gibt. Seit seiner Einführung im Herbst 1997 hat das unter dem Pseudonym Fyodor (wahrer Name Gordon Lyon) geschriebene Tool zahlreichen Hackern dabei geholfen, wertvolle Informationen über ihre Angriffsziele zu sammeln. Diesen Sommer wurde Nmap Version 5 veröffentlicht. Laut Insecure.org soll dies „die wichtigste Nmap-Version seit 1997“ sein.
Das Abhören von Telefongesprächen wird in der Regel mit Aktionen der staatlichen Sicherheitsbehörden/Polizeiorganisationen mit umfassenden Ressourcen oder mit zwielichtigen Privatdetektiven in Verbindung gebracht. Dies ist jedoch unter Umständen nicht mehr zutreffend, wenn die überwachten Personen ein spezielles System für Telefonanrufe verwenden.
Vor Kurzem hat in unserem Sicherheitsblog Snorre Fagerland, Senior Virus Analyst bei Norman, über die Malware W32/Induc.A geschrieben. Es handelt sich dabei um einen Virus, der die Programmiersprache Delphi infiziert. Anwendungen, die in einer infizierten Delphi-Umgebung erstellt wurden, sind folglich auch selbst infiziert. Dies hat, wie wir sehen werden, interessante Auswirkungen.
Wir haben Twitter in diesem Jahr bereits in einigen Sicherheitsartikeln besprochen. Dieses Mal geht es jedoch um eine neue Verwendungsart dieses sozialen Netzwerks: Twitter als Teil einer bösartigen Aktion.
Letzte Woche wurde in allen Medien von einem Angriff auf die Websites sozialer Netzwerke wie Twitter, LiveJournal und Facebook berichtet, der angeblich in der Absicht gestartet wurde, einen einzelnen georgischen Blogger aufzuhalten.
Die erste Hälfte des Jahres 2009 liegt nun schon hinter uns – Zeit für einen Rückblick und eine Analyse der aktuellen Situation aus der Sicht von Norman als Datensicherheitsunternehmen.
Die Kurz-URL-Funktion hat ganz offensichtlich ihre Vorteile. Jedoch gibt es Schwächen und Sicherheitsprobleme, die das System an sich unsicherer machen als gewünscht.
Der Titel dieses Artikels mag wie ein Märchen klingen, das ein Ganove seinem Kind erzählt. Durch eine Art von schädlicher Software (Malware), die in diesem Jahr aufgetaucht ist, scheint dieser Traum aller Kriminellen wahr zu werden.
Seit Jahren warnen verschiedene Sicherheitsorganisationen vor den Risiken und Gefahren, die sich für Privatpersonen, Unternehmen und den öffentlichen Sektor aus der Nutzung des Internet ergeben. Leider wurden diese Warnungen oftmals nicht im notwendigen Maße ernst genommen. Die Rede von Präsident Obama ist daher eine willkommene Anerkennung aus den höchsten politischen Kreisen.
Die Anbieter von Sicherheitssoftware haben daher folgende einfache Aufgabe: So viel bösartige Software wie möglich erkennen und entfernen, ohne dabei versehentlich legitime Software als Malware zu definieren. Leider ist diese Aufgabe dann doch nicht so einfach, wie sie scheint.
Seitdem konnten wir eine weitere immer häufiger genutzte Malware-Verbreitungsmethode beobachten, bei der ebenfalls Webserver eingesetzt werden. Bei dieser Methode werden beliebte Begriffe genutzt, um Benutzer auf Websites zu locken, deren Inhalte bösartiger Natur sind.
Zu Beginn dieser Woche erregte ein Bericht des Information Warfare Monitor (Kanada) vom 29. März mit dem Titel Tracking GhostNet: Investigating a Cyber Espionage Network (GhostNet: Auf den Spuren eines Cyper-Spionagenetzes) großes Medieninteresse.
A new type of malicious software has recently been getting some media attention. The most interesting part of this is the fact that the malware's targets are not traditional computers. Rather does this malware attack different types of devices, namely routers and modems.
ATLAS betrachtet Angriffe auf Computer aus einem globalen Blickwinkel und trägt dazu bei, neue Netzwerkangriffe vorherzusagen. Dazu werden Daten aus verschiedenen Quellen analysiert.
Social Engineering in seinen verschiedensten Ausprägungen wurde bereits in zahlreichen unserer Sicherheitsartikel thematisiert. Diesmal betrachten wir das Phänomen aus einem anderen Blickwinkel: Es geht um den uralten Trick, der mit einem intelligenten neuen Dreh versehen wurde.
Sicherheitsexperten stehen im ständigen Kampf mit Programmierern von Malware und versuchen, die Benutzer vor Gefahren aus dem Internet zu schützen. Wie bereits mehrfach von uns angesprochen, wächst die Anzahl von Malware-Bedrohungen exponentiell, und neue Techniken für die Verbreitung von Malware schießen wie Pilze aus dem Boden. Das macht die Aufgabe von Sicherheitsexperten natürlich zusehends schwieriger.
Der Titel bezieht sich nicht, wie vielleicht zu vermuten wäre, auf das frühere PC-Betriebssystem DOS. Es handelt sich vielmehr um einen dieser Neologismen, die heutzutage immer häufiger anzutreffen sind. Kaum ein anderer Bereich bringt so viele Wortneuschöpfungen hervor wie die IT-Sicherheit.
Dass Sicherheitspatches für Betriebssysteme und Anwendungen nötig sind, haben wir in unseren Sicherheitsartikeln schon mehrfach diskutiert. Der letzte Artikel zu diesem Thema, Sicherheitspatches – ein weiteres Sicherheitsproblem, wurde erst Ende Oktober 2008 verfasst.
So far there has been no really dangerous malicious software targeting mobile phones. The New Year 2009 started with a new, interesting threat to mobile phones, which may change this picture.
Große Ereignisse und Veranstaltungen und ganz allgemein alle Anlässe, die viel Aufmerksamkeit verursachen, ziehen oftmals eine wahre Flut von bösartiger Software nach sich.
Das Internet bietet eine unglaubliche Fülle von Anwendungen, Filmen, Bildern und Texten - einfach alles, was man sich nur irgendwie in digitaler Form vorstellen kann. Das Zurechtfinden in dieser Unmenge von Möglichkeiten und Alternativen kann aber in vielerlei Hinsicht gefährlich sein. In diesem Artikel werden einige Stolperfallen bei der Informationssuche beschrieben.
Bisher wurde Geld bei Online-Games nur zur Zahlung der Zugriffsgebühr verwendet, um das Spiel an sich zu erwerben (sofern es nicht kostenlos verfügbar ist).
Vor kurzem haben wir bemerkt, dass einige der Großen auf der "dunklen Seite" der Internet-Community aus dem Internet entfernt wurden. Aktivitäten mit böswilligen Absichten gingen sofort überraschend stark zurück.
Die zunehmende Verwendung und wachsende Speicherkapazität von USB-Sticks sorgen für große Sicherheitsprobleme.
There are some issues with security patches that in fact may render certain users more vulnerable. This apparent contradiction will be examined in this article.
Es lässt sich eine zunehmende Verbreitung von Malware beobachten, die auf die Facebook-Community abzielt und diese beliebte Plattform als Ausgangspunkt verwendet. Verschiedene Arten von Malware sind bereits bekannt – aber ein Ende dieser Entwicklung ist noch nicht abzusehen.
Seit ein paar Wochen kursiert in Veröffentlichungen zum Thema „IT-Sicherheit“ ein neuer Begriff: „Clickjacking“. Einige Unternehmen und Organisationen, die im Bereich Sicherheit tätig sind – z. B. US CERT und verschiedene Online-Nachrichtenagenturen, berichteten bereits über diese vermeintlich große und neue Gefahr.
Ein neuer Verbreitungsvektor wird bei den Angreifern immer beliebter: Schädliche Websites
Experten – selbsternannte und andere – stellen häufig die Behauptung auf, bösartige Software (Malware) sei das ultimative Mittel zum Zweck für terroristische Vereinigungen.
Compared to the relatively innocent scheme of malware in the early age, it has changed into an activity for "geeks" that caused major problems for individuals and organizations, and further into an industry dominated by criminals.
Seit kurzem taucht immer wieder eine spezielle Form des Phishing auf, die mit dem Begriff „Speer-Phishing“ bezeichnet wird.
Der E-Mail-Wurm Stration verzögert bei vielen Benutzern die Zustellung von E-Mails. Der Wurm verbreitet sich über Anhänge von Spam-Mails. Im Oktober wurden bereits mehrere hundert Versionen des Wurms auf diese Weise verschickt.
Bei bösartigen Internetaktivitäten im Allgemeinen und bei Malware im Besonderen ist in den letzten beiden Jahren eine deutliche Veränderung zu verzeichnen.
Das Wort "Vishing" setzt sich aus den beiden Begriffen "Voice over IP" und "Phishing" zusammen und bezeichnet die Kombination aus neuer Technologie und bekannter betrügerischer Tätigkeit: Unter Ausnutzung der zunehmenden Verbreitung von Voice over IP wird versucht, Personen zur Preisgabe persönlicher Daten zu animieren, die dann für betrügerische Handlungen genutzt werden.
Spamming wird zu einem immer größeren Problem, und die Spammer gehen immer raffinierter vor. Seit April ist die Zahl der Spam-E-Mails um mehr als 40 % gestiegen. Die neueste Spam-Form ist das sogenannte Image- oder bildbasierte Spamming.
Hackers that encrypt your files and demand money in order decrypt them are an increasing threat in the world of IT criminality.
ContextPlus has stopped their activities. This company most known programs are PeopleOnPage and Apropos. Once installed, they will monitor the browsing behavior and send the obtained information to the ContextPlus servers.
Researchers of the University of Amsterdam in The Netherlands have succeeded to successfully infect a RFID-chip (Radio Frequency Identification Device) with a computer virus.
A new proof of concept virus has been discovered infecting yet another application of the Microsoft Office Suite.
During the last few months the number of so called Greyware has increased massively. Greyware reefers to antispyware utilitites that force themselves into the users' machines by scaring the users and by auto-installing programs.
Der Wurm W32/Small.KI@mm hat sich seit Beginn dieser Woche rasch verbreitet.
Diese Malware infiziert Computer durch E-Mails und offene Netzwerke.
Hier haben wir einige nützliche Ratschläge für den Kauf eines neuen Computer für Sie zusammengestellt:
Bisher zielten Phisher oder ID-Diebe mit ihren Angriffen traditionell auf Einrichtungen und Organisationen im Bereich Finanzwesen. Neuerdings scheinen sie sich jedoch auch andere Zielgruppen zu suchen. Inzwischen sind alle möglichen Organisationen zum Angriffsziel von Phishern geworden. Dabei bleibt selbst das Gesundheitswesen nicht verschont. Der Krieg zwischen Phishern und Anti-Phishing-Vereinigungen spitzt sich zu. Und Sie könnten dabei das potenzielle Opfer sein.
During the latest years the tendency for malware to exploit flaws in computer programs seems to have increased.
The threath of keyloggers is a rapidly growing danger in the world of IT security.
Threat is maybe not the first word that comes into your mind when talking about spam.
The first worm that spreads through handheld devices, like mobile phones, is observed. This is a "proof of concept" program without malicious code.
Nachfolgend finden Sie wichtige allgemeine Informationen rund um das Thema der verschiedenen Sasser Wurm-Varianten.
It is hardly controversial to claim that the end of February and beginning of March 2004 was the worst period ever regarding the sheer number of new mailicious programs threatening the Internet community. New variants of Bagle, MyDoom and Netsky were spread daily - sometimes even more than once per day.
In September 2003 Internet users and organizations experienced the most severe attack on the Internet infrastructure since the "Morris worm" in November 1988. The outbreak of W32/Sobig.F caused major problems because of the huge amount of emails flooding the infrastructure.
Security Information Week 32, 1999From time to time there are virus alerts which turn out to be false alarms. Several of these are rumors saying ...
Security Information Week 8, 1999Several viruses have recently been created which utilize Internet protocols and applications in their behaviour.One such familiy is the W97M/Caligula viruses ...
Security Information Week 17, 1999 In our Security information for week 3 we warned about the dangerous CIH virus with payload 26 April. We now have ...
Security Information Week 5, 1999Recently a new worm has been reported several places in the world. This is called Win32.Ska.A. It is also known as ...
Security Information Week 35, 1999In week 35 a report of a new backdoor in Microsoft's operating systems Windows 95, 98, NT and the beta version ...
Security Information Week 40, 1999 There have been several reports about the PrettyPark.Worm program recently. This worm was first reported to be in the wild early ...
Security Information Week 13, 1999 Friday 26 March 1999 a new virus was discovered "In the wild" - W97M/Melissa.A. During that week-end reports came from all ...
Security Information Week 11, 1999During the last half year one has seen an explosion in so-called Windows backdoor programs. These are programs which utilize the ...
Security Information Week 20, 1999 Some companies have warned about the virus Emperor.5826. These warnings have also reached the news, and the virus has even been ...
Security Information Week 50, 1999IntroductionDuring the latest months viruses have been using e-mail clients to spread themselves. The most famous one is of course W97M/Melissa.A ...
Security Information Week 25, 1999 This year we have seen three instances of malicious programs which caused severe damage all over the world: ...
Security Information Week 23, 1999 A new, malicious worm is reported in the wild. So far reports has come from France, Germany, Israel, Czechia and the ...
Security Information Week 32, 2003
Security Information Week 21, 1999 Documents saved as RTF files are not dangerous with respect to macro virus infections. This fact has been stressed from the ...
Security Information Week 25, 2002 Introduction The Security Information for week 20 discussed in general terms why some malicious programs succeed in becoming widespread while other do ...
Security Information Week 14, 2001 Introduction It is often claimed that security companies, security consultants and the antivirus vendors, are too eager to warn about different kinds ...
Security Information Week 1, 1999 The computer magazines as well as other papers have recently published articles about a "new" kind of viruses - the so-called ...
Security Information Week 21, 2000Windows Scripting Host (WSH) is a part of some of Microsoft's 32 bits operating systems or is installed when certain Microsoft ...
Security Information Week 9, 2000 In our Security Information for week 45 last year, we discussed a security problem with Internet Explorer which had as a ...
Security Information Week 8, 2000Visual Basic for Applications (VBA) is Microsoft's programming language used to enhance the functionality of some of its programs, particularly the ...
Security Information Week 6, 2000During the first days of this week several high-profile web sites fell victim of what seems to be Denial of Service ...
Security Information Week 4, 2000The high frequency of updates to antivirus packages - weekly or even more often - has come about partly as a ...
In April 1999 a lot of people and organizations were paid a visit by the computer virus Melissa. This virus propagated so quickly and extensively that many compared it to the legendary "Morris worm."
