Proactive IT Security
 

Security Center

Threat Level

Threat level: low

» About this threat level

Latest articles - Spreading mechanisms

An approach to an organization's risk factors (part 3)

In this third and final part of our article series about risk factors, we will examine Human attack factors and Physical factors.

» View Details

An approach to an organization's risk factors (part 2)

The previous article discussed different procedures and systems that could be invoked in order to mitigate risk. In subsequent parts we will examine areas at risk, starting with Electronic factors.

» View Details

An approach to an organization's risk factors (part 1)

The aim of this type of initial risk analysis is to identify potentially vulnerable points that may be exploited if they are not sufficiently secured.

» View Details

Malicious images (codes)

The ease involved in creating QR codes that links to web pages implies that this will be a popular way to facilitate the propagation of malware for mobile devices.

» View Details

The importance of typing correctly

Computers do what they are told. This may result in consequences that are funny as well as dangerous.

» View Details

Secure browsing turns insecure (again)

It seems obvious that the current certificate security model needs to be replaced by something that is less vulnerable for attacks from dedicated persons, organizations or governments.

» View Details

Circumventing malware detection

Malware authors continue to pursue delivery mechanisms that can confuse different malware detection systems.

» View Details

Combating fake antimalware

Coordinated efforts between experts/authorities against cybercriminals seem like the most efficient method for combating cybercriminals. Different experts and authorities are then able to focus on the part of the criminal chain that corresponds to their ability and expertise.

» View Details

Diversification of attack vectors

Computer systems are becoming increasingly sophisticated and complex with components that are individually computerized. This increases the attack surface for cybercriminals, and represents a challenge for users and the security industry.

» View Details

Mobile (in)security

The steps that private users and organizations can take to protect themselves, are quite similar in character to protection of traditional computers.

» View Details

Targeted attacks: More "Bang for the Buck"

Since the cybercriminals seem to shift from randomly directed mass attacks to more focused attacks, the total volume of spam will decrease.

» View Details

Plug mouse into the computer - be compromised

It is almost impossible to protect completely against a targeted cyberattack against an organization.

» View Details

The profitable Pay-per-Install ecosystem

We shall in this article focus on the PPI ecosystem and how this is used for malware distribution.

» View Details

Secure tokens turn insecure

Even organizations, which presumably are more security conscious than most, have vulnerabilities that may be exploited by an attacker who has sufficient resources and determination at her disposal.

» View Details

The old dogs are still in learning mode

The web site (usually an infected site) that displays the message checks the browser visiting the site, and displays a warning message similar to the browser's real warning.

» View Details

Dangerous images

Recent weeks have shown that images are used as a malware spreading technique; particularly images that appear after performing a Google image search.

» View Details

The RTLO unicode hole - sequence manipulation as an attack vector

Do not rely on any file attachment or file on any device to be safe based on its file name.

» View Details

Cybercriminals focus on new targets

Users of the operating system Mac OS X have so far been quite safe from malware infections compared to those who have chosen Windows as the operating system platform.

» View Details

Free music with an unwanted tune

Whenever malware authors find new vehicles to spread their malware, the probability for success increases immensely.

» View Details

Spam botnet Rustock beheaded

Bots and botnets comprise one of the biggest threats to the Internet and its users. However, recent news report of a success story: beheading the spam botnet Rustock.

» View Details

Shamelessly exploiting disasters

In previous security articles, we discussed the fact that cybercriminals use big events to spread malware. Not surprisingly - nevertheless disgusting - the recent events in Japan have inspired shameless exploitations by cybercriminals.

» View Details

PlayStation 3 security fully compromised

Sony's PlayStation 3 (PS3) has been viewed as one of the most secure gaming devices. Applications and games from other sources than Sony could not be installed and run on PS3, and a firmware update early in 2010 disallowed using other operating systems than the one set up by Sony. All this is now changed.

» View Details

Holiday - relax, have fun, meet family and friends... and be vigilant

Major events, happenings and in general all kind of things that create much notice, also leave in their wake a stream of malicious software.

» View Details

The ultimate surfing challenge: Avoiding web sites with malicious content

Some years ago it was an established "fact" that a computer could not be infected by malicious software by visiting a web page. But technology evolves quickly and some facts may change when new technology emerges. These days web pages are perhaps the most used propagation vector for malware.

» View Details

Malicous cold calls with high success probability

According to a posting 15 November on the blog belonging to the UK based organization Get Safe Online, one in four UK web users have been targeted by so-called cold calls.

» View Details

Communication consolidation or security nightmare

In recent months there have been lots of rumors about the upcoming email system closely integrated with Facebook. More detaileds about this have recently been disclosed by Facebook, and we will examine some aspects of the new offerings.

» View Details

Safe crime

We have previously advocated the view that endpoint security is just one of several tools needed to accomplish secure environments. This article will examine one particular threat against the Internet community and discuss how it may be overcome.

» View Details

Man-in-the-middle goes Mobile

The term Man-in-the-middle in a security context refers to an attack where someone/-thing is inserted between two endpoints and intercepts the communication between those. The intent is usually to obtain information and use this for illegitimate purposes. Recently the term Man-in-the-mobile, abbreviated as Mitmo, emerged.

» View Details

A new generation of malware

Computer software evolves, and popular interpretation is to introduce new generations whenever fundamental changes arrive. If one looks at malware in the same manner, one may also classify different types into various generations.

» View Details

Old dogs learn new tricks

Fake antimalware software has become an increasing problem for end users and corporations. The creators of these rogue applications are able to earn easy money and are constantly searching for new ways to exploit their victims. A new technique has recently been seen. We shall look at this in more detail in this security article, and attempt to point to some general considerations regarding this type of software and malware in general.

» View Details

Number of vulnerabilities on the rise

In August IBM Security X-Force published its Mid-Year Trend and Risk Report. The X-Force reports are always interesting reading, and this latest addition maintains the high standards. Lots of topics are discussed in the report. In our security article, we shall however focus on one particular finding.

» View Details

Self-protection from malware - part II

In the previous article in this series about self-protection, we discussed examples of attempts to trick you to expose yourself for malicious software. Infected web sites are currently the most used technique for propagation of malware. By increasing your own awareness of the techniques the cyber criminals use, you can avoid this exposure.

» View Details

Self-protection from malware - part I

There are several levels where you can set up protection mechanisms in order to minimize the risk of falling victim to malware. Different protection mechanisms are needed depending on which danger situation we are discussing.

» View Details

Malware infections by telephone

An interesting news item has appeared in several UK-based media lately. Several end users have received phone calls from someone who present themselves as security personnel. The caller informs that the computer is infected by malware and offers to help. Varying social engineering techniques are used to persuade the recipient to allow the use of remote access software in order to "fix the problem".

» View Details

The first part of 2010 - overview of security issues

In this Norman report on security issues during the first half of 2010, we will go through some incidents and tendencies. We will focus on those that Norman perceives as most important in these past six months.

» View Details

Disclose information about vulnerabilities? Yes/No/When?

Last week a researcher from Google, Tavis Ormandy, posted information about and exploit code for a new vulnerability in Microsoft's help and Support center.

» View Details

Upcoming? The age of the cyborgs

We should have been expecting it - some did. Late May this year a researcher in the U.K. claims to be the first person in the world infected by a computer virus.

» View Details

Reflections on the PDF vulnerability

Earlier this month we wrote about a vulnerability in the PDF specification that could be utilized to run malicious programs embedded in a PDF file. Proof-of-concept code was published, and it was expected that real-life malware that used this technique might appear soon.

» View Details

Dangerous device diversification

Most organizations have been experiencing an explosion in the number and types of devices that are in use in their networks. Gone are the days when traditional desktop computers, servers and printers, hard-wired together, were the available hardware in the network.

» View Details

Scary technique utilizing functionality in the PDF specification

Exploitation of how applications handle files in the Portable Document Format (PDF) is one of the most used techniques to successfully create malicious software. Usually this is accomplished by utilizing vulnerabilities in the applications used to read PDF documents, like the very popular free program, Adobe Reader.

» View Details

Domain name registrants - who? where?

Domain names are a crucial part of the Internet's infrastructure. However, as we have shown in previous security articles, registration of special domain names may be used as an attack vector for spreading malware.

» View Details

Handling an infected computer as an infected human being

The RSA Conferences are among of the most important annual security conferences. This year's US conference was held in San Francisco 1 - 5 March. One of the speakers was Microsoft's Scott Charney, Corporate Vice President Trustworthy Computing. His speech covered several interesting topics, of which we will discuss one: the ability, usefulness and implications of treating infected computers in a similar manner as infected human beings.

» View Details

Summing up 2009 - predictions for the year to come

December is the month to look back on the year that is coming to an end, and we will attempt to sum up the situation seen from a security company's point of view. The most significant observation to make from this year's malware activity, is that different social networks became a major target for authors of malicious programs.

» View Details

Holidays - preferred season for children and ...criminals

Major events, happenings and in general all kind of things that create much notice, also leave in their wake a stream of malicious software.

» View Details

Plug-ins to applications - a ripened target for malware

In several security articles we have discussed the fact that new media and communication devices are successful vehicles for malware propagation. This time we will examine a type of application, which has not been focused upon - (presumably) neither by the malware authors yet, nor by commentators.

» View Details

Malicious identity production

Identity theft is a term, which has become familiar during the latest years. More exotic - until recently - has been identity production with malicious intent. A new version of Koobface does exactly that - automatically.

» View Details

Web advertisements - a significant spreading vector for malware

Website advertising is an expanding industry. Several of the websites, which we visit each and every day - for leisure or as part of our work - have advertisements as a major part of their owner's income. Suffice to mention online newspapers and other magazines, search engines, information resources of other kinds and more. Unfortunately website advertising is also a substantial spreading vector for malicious software.

» View Details

Dedicated servers as parts of a botnet

In the security article this week we will discuss using a particular type of computers - dedicated servers - as part of a botnet.

» View Details

Software most susceptible to successful attacks

A new report about security risks was published this week. This report - "The Top Cyber Security Risks" - is a joint effort from the security organizations TippingPoint, Qualys, and SANS. In this week's security article we shall discuss one particular issue in the report - patching software.

» View Details

Malware in applications - a special problem

Recently Norman's senior virus analyst Snorre Fagerland wrote about the malware W32/Induc.A in our security blog. This is a virus which infects the programming language Delphi. The result is that applications that are created with an infected Delphi environment are infected themselves. This has interesting implications as we shall see.

» View Details

The first part of 2009 as seen through secure glasses

The time has arrived when it is useful to look back on the first half of this year, and attempt to sum up the situation seen from Norman as a security company's point of view.

» View Details

Easy URLs - a good or bad system

The short URL functionality obviously has its merits. However, there are shortcomings and security issues that make the system in itself less secure than desired.

» View Details

Your PC as an Internet server with a few clicks

Software to set up any computer as an Internet resource has been freely available for a long time. However, the threshold to do so has been so high that not everyone has felt that this can be accomplished without some special skills. This situation may now change with a new initiative.

» View Details

Unlimited supply of money...

This security article's title may look like the intro to a fairytale told to by a criminal to her child. However, a family of malicious software (malware) that has appeared this year seems to make this fairytale come true for some…

» View Details

You're bad. No, I'm not!

The vendors of security software have the following simple task: Detect and remove as much malicious software as possible without erroneously defining benign software as malware. Unfortunately, this is not as simple as it seems.

» View Details

Domain name registration - a malware spreading vector

Another use of web servers has been on the rise as malware spreaders. This approach exploits popular terms to trick users to visit web sites that are by intent malicious.

» View Details

GhostNet - a real espionage network

This week started with significant media attention about a report, which showed that several computers owned by governments and international organizations were compromized. This includes several embassies world-wide and a NATO computer.

» View Details

Hot stuff: Exploitable routers - a flash of the whole iceberg

A new type of malicious software has recently been getting some media attention. The most interesting part of this is the fact that the malware's targets are not traditional computers. Rather does this malware attack different types of devices, namely routers and modems.

» View Details

Social engineering with a virtual twist

Social engineering in several forms has been discussed in numerous of our security articles. This time, we shall discuss it from a different angle - the traditional one, with a quite clever new twist.

» View Details

"We told you so" - hindsight is usually correct

The need to apply security patches to operating systems and applications has been discussed several times in our security articles. Recent events show that this is a caution that cannot be repeated too often.

» View Details

Program downloads from the Internet - a risky activity

The Internet offers a cornucopia of applications, movies, pictures, text - everything digital that can be imagined (and some not!). Navigating this is difficult and can even be hazardous in several ways.

» View Details

Internet gaming - new opportunities for the (shady) visionary

The use of money involved in online gaming has traditionally been only as an entrance fee to buy the game itself (if it is not free). This no longer holds true.

» View Details

Ghosts from the past resurface through USB sticks

The increasing use of USB sticks and their storage capacity constitute major security issues. Problems that were dominant with floppy disks resurface.

» View Details

Security patches - an additional security issue

There are some issues with security patches that in fact may render certain users more vulnerable. This apparent contradiction will be examined in this article.

» View Details

Facebook - an increasingly popular spreading vector for malware

Customized malware, which utilizes and targets the Facebook community, is emerging. Several reports about different types of malware are appearing, and more are certain to come.

» View Details

Clickjacking - a new danger or an innovational new name?

A few weeks ago a new name started circulating in security writings - "clickjacking". Security organizations as well as web-based news agencies reported this as a  major, new threat.

» View Details

Slurping - a security issue often overlooked

Slurping is not only a method for quenching your thrist. It is also used as a term for a particular kind of security issue, that is often overlooked.

» View Details

Not ALL Christmas gifts are welcome

Christmas is a time many persons use for giving and receiving gifts. However, you do not want all "gifts" that someone wants to give you!

» View Details

Insecure web servers - malware spreaders on the rise

A new spreading vector is becoming increasingly popular among the bad girls: Malicious web sites.

» View Details

Public wireless access points - the world at your fingertips or risky business

Imagine a person with malicious intent sitting in a cafe drinking her cappuccino, pretending to surf the Internet; while what she actually does is harvesting user names and passwords from her fellow guests. A no-sense scenario, or an easy-to-set-up scheme? Unfortunately the latter.

» View Details

Smishing - another ingenious play with the phishing term

Most of those working with security, and probably greater parts of the general public are aware of the term phishing at what it means. You ...

» View Details

Beware of the Stration worm

The email worm Stration is causing delayed delivery of emails for many email users. The worm is spreading through attachments being spammed out and several hundred versions of the worm were spammed out to users during October.

» View Details

A changed approach from the authors of malware defines new challenges for protection software

During the latest couple of years we have seen a significant shift in malicious software. This enforces new requirements to software that is supposed to protect against malware.

» View Details

7 IT sins when seeking fun in the sun

It is that time of year again when people take to skies, roads and sea in an attempt to find rest and relaxation and enjoy their holidays. At this time IT security is the last thing on their mind.

» View Details

Zombies and targeted attacks – a challenge to overcome?

One of the most prevalent and fastest increasing threats against IT security is the rise of zombie computers and botnets. Not only do they spread extremely fast, they are also able to do immense damage that can easily lead to large costs.

» View Details

ContextPlus RootKit bytes the dust

ContextPlus has stopped their activities. This company most known programs are PeopleOnPage and Apropos. Once installed, they will monitor the browsing behavior and send the obtained information to the ContextPlus servers.

» View Details

The usage of child porn: a sad but true story…

Where in the past malware file names would have ‘interesting’ names such as “Anna Kournikova" or “Britney Spears Naked", many things happened but seeing a picture of the two aforementioned idols was not one of them.

» View Details

People are easily fooled - reasons why phishing works

Phishing is one of the fastest growing threats against IT security. Even though security vendors are constantly developing tools to protect the users from being tricked, this form of fraud activity is raising. The reason: people are easily fooled.

» View Details

Your pet can be infected by a computer virus!

Researchers of the University of Amsterdam in The Netherlands have succeeded to successfully infect a RFID-chip (Radio Frequency Identification Device) with a computer virus.

» View Details

Proof of concept virus targeting InfoPath

A new proof of concept virus has been discovered infecting yet another application of the Microsoft Office Suite.

» View Details

New worm spreading through emails and "open network shares"

The worm W32/Small.KI@mm has been spreading rapidly since the beginning of this week. This malware is infecting computers through emails and through open network shares.

» View Details

A world populated by zombies

Threats against the IT community are no longer dominated by viruses, worms and trojans. While phishing attacks have received the largest amount of attention lately, one should not forget the highly prevalent threat of zombies.

» View Details

Program flaws as malware propagation technique

During the latest years the tendency for malware to exploit flaws in computer programs seems to have increased.

» View Details

The cyber war continues – the zombie battle

Hacker controlled computers- so called zombies - are on the rise and the number of new zombies is increasing rapidly.

» View Details

Which browser to choose

Security Information Week 19, 2005

» View Details

The threat of Phishing and Pharming

Security Information Week 15, 2005

» View Details

The malware situation - a rapid change

In April 2005 we saw a rapid change in the malware situation. There was an explosion of different kinds of malware.

» View Details

Bagle and Spam

7 September 2004

» View Details

Information about the Sasser worms

Here are some general information about the Sasser worm - Frequently Asked Questions, and their answers.

» View Details

"You ain't seen nothing yet" - or - The Warhol worm and worse

It is hardly controversial to claim that the end of February and beginning of March 2004 was the worst period ever regarding the sheer number of new mailicious programs threatening the Internet community. New variants of Bagle, MyDoom and Netsky were spread daily - sometimes even more than once per day. 

» View Details

An analysis of Sobig.F and its ability to harm Internet users around the world

In September 2003 Internet users and organizations experienced the most severe attack on the Internet infrastructure since the "Morris worm" in November 1988.  The outbreak of W32/Sobig.F caused major problems because of the huge amount of emails flooding the infrastructure.

» View Details

Infections from opening e-mails and browsing the web

Security Information  Week 45, 1999 The Security Information for week 43 discussed several vulnerabilities which were possible to exploit due to problems with the functionality in ...

» View Details

PrettyPark is still alive and active

Security Information  Week 40, 1999 There have been several reports about the PrettyPark.Worm program recently. This worm was first reported to be in the wild early ...

» View Details

Deceitful patch to Internet Explorer

Security Information  Week 7, 1999Since January this year several users have received an e-mail apparently from Microsoft. The mail informs the receipient that the attachment ...

» View Details

Risk assessment with Mass Mailers

Security Information  Week 50, 1999IntroductionDuring the latest months viruses have been using e-mail clients to spread themselves. The most famous one is of course W97M/Melissa.A ...

» View Details

Internet Explorer 5 and Active Scripting

Security Information  Week 43, 1999During the last weeks different security issues which involves Internet Explorer version 5 has been discovered. These have to do with ...

» View Details

The worm ExploreZip is in the wild

Security Information  Week 23, 1999 A new, malicious worm is reported in the wild. So far reports has come from France, Germany, Israel, Czechia and the ...

» View Details

Documents with RTF extensions - are you safe from virus infections?

Security Information  Week 21, 1999 Documents saved as RTF files are not dangerous with respect to macro virus infections. This fact has been stressed from the ...

» View Details

The dilemmas of publishing information about vulnerabilities in software

Security Information  Week 40, 2002IntroductionOne of the ongoing discussions regarding security is about informing the public about new security risks. The two extremes are on ...

» View Details

PCs at home - a safe haven for malicious programs?

Security Information  Week 26, 2002 Introduction Several previous Security Informations have discussed topics related to PCs at home. E.g. one issue in 1999 examined Attacks from the ...

» View Details

Malicious programs in the Klez family

Security Information  Week 25, 2002 Introduction The Security Information for week 20 discussed in general terms why some malicious programs succeed in becoming widespread while other do ...

» View Details

Malicious programs - why do they never end

Security Information  Week 20, 2002 Introduction During the latest 10 months the "top three" malicious programs ("malware") with respect to spreadig have made havoc on networks and ...

» View Details

The so-called HTML viruses

Security Information  Week 1, 1999 The computer magazines as well as other papers have recently published articles about a "new" kind of viruses - the so-called ...

» View Details

The worm JS/Kak and a security patch from Microsoft

Security Information  Week 9, 2000 In our Security Information for week 45 last year, we discussed a security problem with Internet Explorer which had as a ...

» View Details

Computer viruses in non-Microsoft products

Security Information  Week 8, 2000Visual Basic for Applications (VBA) is Microsoft's programming language used to enhance the functionality of some of its programs, particularly the ...

» View Details

What to learn from visits by Melissa and her siblings

In April 1999 a lot of people and organizations were paid a visit by the computer virus Melissa. This virus propagated so quickly and extensively that many compared it to the legendary "Morris worm."

» View Details

Latest blog entries

The insecurity paradox

2011-08-29
The formula here attempts to explain a paradox in security analysis: If it is true that security is only as strong as its weakest link, why are not those who use insecur...
more >>

The 10 most insecure passcodes

2011-06-16
Earlier this week I read an extremely interesting and impressing blog item by Daniel Amitay: Most Common iPhone Passcodes. Amitay has analyzed more than 200 000 passcodes used in an app with a similar...
more >>

Purchasing and downloading outdated software

2011-05-23
Last week in the "JoshMeister On Security" blog, the topic was about Apple's Mac App Store, and the fact that software available from this store may not be the latest version. The blog's aut...
more >>