F-Secure Security Labs have discovered three Chinese companies called XiaMen Jinlonghuatian Technology Co Ltd., ShenZhen ChenGuangWuXian Technology Co Ltd and XinZhongLi TianJin Co Ltd, who created the "Sexy Space" worms or Yxe Worm (Worm:SymbOS/Yxe.D) and submitted to Symbian OS-based phones through the Express Signing procedure.

Chia Wing Fei, Security Response Senior Manager at F-Secure said, "The first stage of Symbian's signing process is done automatically using an antivirus engine. Once an application has been submitted and scanned, random samples are then submitted for human audit. However, most applications are not inspected by a human through the Express Signing procedure." An attacker can therefore put a web link pointing to the worm's web site into a text message and invite the user to download the worm by clicking the link. Once activated, the worm will install itself on the device, and send a similar text messages to all phonebook contacts listed.

"These messages are sent in your name and from your phone. It means you will pay for each SMS sent by the worm. A typical cost for a single text message might be 5 cents. If you have 500 contacts in your phone, an infection would cost you 500 times 5 cents," added Fei.
The Worm is important because this is the first text message worm in history, according to F-Secure. The Labs have received few confirmed reports from China and Middle East at the moment. All Symbian Series 60 3rd edition phones by Nokia, LG and Samsung for example, best-selling phones like Nokia N95 or Nokia E71 are potential targets of Yxe Worm.

Back to Top

Businesses of all sizes, especially small and medium sized businesses (SMBs) can now save upto 50 percent of their IT-related costs with the launch of Microsoft Online Services. Microsoft India has also announced a free trial period of two-months for the range of services, which include e-mail, collaboration, conferencing and productivity capabilities. Starting immediately, date customers can try the offering at http://www.microsoft.com/online at no charge, allowing them to experience the potential impact Online services can have on their businesses before the commercial launch in October 2009.

Modelled on the 'pay-as-you-go' approach, Online Services provide affordability, enhanced productivity, and freedom from hassles of IT deployment. Online Services will allow businesses to stay in touch with customers, associates and teams across geographic boundaries round the clock and provide instant access to information, thereby enhancing efficiency and reducing costs.

Microsoft Online Services is a part of Microsoft software plus services strategy which provides flexibility and choice of accessing and using software on premise and on Internet as a service. As part of the Microsoft Online Services product family, Exchange Online (for e-mail) and Office SharePoint Online (portals and collaboration) are available separately or as a suite together with Office Live Meeting (for conferencing), Microsoft Exchange Hosted Services and Microsoft Office Communications Online (for instant messaging and presence).

Back to Top

VeriSign announced that it has issued more than 4 million Secure Sockets Layer (SSL) Certificates. The total includes certificates issued by VeriSign under all four of its SSL brands: VeriSign, GeoTrust, thawte, and RapidSSL.

The milestone of issuing more than 4 million SSL certificates underscores how VeriSign is essential to enabling secure online transactions around the world. The company has issued more than 12,000 EV SSL Certificates, making VeriSign the far-and-away market leader with a 74 percent share of the EV SSL market. And every day, VeriSign conducts up to 1 billion Online Certificate Status Protocol (OCSP) checks -- the most timely and efficient way for Web browsers to determine whether an SSL or user certificate is still valid or has been revoked and a key indicator of secure sessions initiated using VeriSign SSL Certificates.

VeriSign also plays a vital role in Public Key Infrastructure (PKI) deployments, which use digital certificates for authentication, encryption and digital signing. In the past 14 years, VeriSign has issued and managed tens of millions of PKI certificates for thousands of customers throughout the world.

Back to Top

SonicWALL announced the SonicWALL Comprehensive Anti-Spam Service (CASS), a solution delivering advanced spam protection fully integrated with SonicWALL's Unified Threat Management Firewalls. The new service is designed to be easily enabled on SonicWALL TZ, NSA and E-Class NSA Series security appliances with just one mouse click, and will immediately begin to filter SMTP (Simple Mail Transfer Protocol) email traffic to remove spam, phishing threats and even virus-laden email. The service's hybrid-cloud design simplifies set-up while optimizing protection, and upon activation stops spam before it enters the corporate network. The solution also allows for IT administrators to quarantine individual junk mail boxes, a first in the industry. The Comprehensive Anti-Spam Service differs from other firewall services in that it is a true and complete enterprise-class anti-spam service and not a simple black list filter or OEM list.

By integrating directly with the firewall, the SonicWALL solution is able to scan every packet across every protocol—something hosted solutions simply can't do. Implementing the Comprehensive Anti-Spam Service allows businesses to remove junk email at the gateway before it enters the network, improving bandwidth, optimizing network efficiency and enhancing employee productivity.

Back to Top

Previously known to compromise Facebook and Myspace accounts, the new variant is spreading using malicious link posted on compromised Twitter accounts. In order to infect the user, the worm posts links to fake Youtube videos asking users to upgrade their version of Flash player. Instead, it installs an infected binary that seizes control over the user’s Twitter account and starts posting malicious links on their behalf. Twitter has already started blocking accounts posting messages such as “My home video” followed by hyperlinks. BitDefender has already released an emergency update to protect against the newly-discovered vulnerability.

Back to Top

Check Point Software Technologies Ltd. announced that Check Point IPS Software Blade shields customers against drive-by attacks associated with a newly discovered Microsoft DirectShow Video ActiveX Control vulnerability. The new attack has already compromised thousands of Web sites, which in turn infect endpoints with malware and expose companies to potential data leakage. Check Point IPS customers gain immediate protection against the exploit through Check Point’s SmartDefense automated security update service.

The still unpatched vulnerability works as users visit or are discreetly redirected to either a malicious Web site or a legitimate Web site that has been infected with malicious code. The moment a user visits an infected site, JavaScript is automatically executed to deliver malicious software unknowingly to the user’s computer, by way of an exploit that exists in Microsoft DirectShow video streaming software. The downloaded malicious software allows the attacker to gain the same user rights as the local user. These rights allow the attacker to download more malicious programs, redirect victim’s Web searches, intercept information the user types, or steal files that reside on the victim’s computer. This silent, unsolicited download is known as a drive-by download.

Check Point IPS Software Blade and SmartDefense protect networks against attacks that leverage the DirectShow exploit by detecting and blocking attempts to utilize specific ActiveX components. The IPS Software Blade and SmartDefense provide protection during delays in a company’s patching process to always ensure the security of the network. The protection is further strengthened by immediately available security updates, capable of detecting specific attempts to exploit newly emerging vulnerabilities.

Back to Top

Symantec unveiled Norton Internet Security 2010 and Norton AntiVirus 2010 betas, which feature new reputation-based security technologies that tackle undiscovered malware and today’s toughest threats head-on.  The upcoming versions of Norton products mark a significant shift in the way the global leader in security software will protect computer users from cyber crime. This new protection model, codenamed “Quorum” will be introduced to the mass market for the first time with the official product launch expected in fall 2009.

Similar to the auto industry recognizing the need for a significant shift to more fuel efficient vehicles, Symantec believes the security industry demands a similar “rethinking” of the traditional approach. With the 2010 Norton products, Symantec will introduce “Quorum”, the codename for a  new protection system based not only on the traditional “fuel” of malware signatures but also on the new “fuel” of reputation with an intelligent control system using each when necessary.

In spite of the dramatic shift to a constant flood of deceptive and unknown malware, industry responses have been largely based on adjusting existing protection models rather than adopting a fresh approach. Project Quorum introduces not only new reputation-based threat detection, but also reconsiders other fundamentals such as security alerting, threat removal, antispam and parental controls.

Back to Top

In light of reports of increasing incidents of scareware and rogue antivirus programs recently appearing on the Internet, Barracuda Networks Inc., today announced it is aware of a Web site promoting a rogue spyware program called “Barracuda Antivirus.”  If downloaded, reports indicate that the program performs a fake scan of the user’s computer, when in actuality it is installing spyware that will subsequently display pop-up ads and other unwanted applications.

This rogue ‘Barracuda Antivirus’ program is in no way affiliated with Barracuda Networks and is just one of a string of recent examples of hackers attempting to spread malicious programs using an established and trusted Internet security brand,” said Stephen Pao, vice president of product management for Barracuda Networks.  “Our threat databases have been updated to protect all Barracuda Networks customers from visiting or downloading content from this rogue site and we advise all businesses and consumers to work directly with their trusted Internet security product vendors when deciding which solutions will best suit the needs of their networks.”

In addition, Barracuda Networks is reaching out to fellow Internet security vendors to ensure that their databases are also updated to protect customers from inadvertently accessing the Web sites that are hosting the fake executable program.

Back to Top

Fortinet announced its FortiDB family of database security appliances now provides vulnerability assessment (VA) support for MySQL Enterprise from Sun Microsystems. Certification with MySQL Enterprise assures customers that FortiDB appliances have gone through the proper testing requirements for these complex database environments and further extends Fortinet’s solution to detect and safeguard against today’s enterprise data concerns that cross over deeply into open source applications. FortiDB works by identifying the weakness within a database, alerting system administrators of potential threats and offering remediation advice.

FortiDB vulnerability assessment solutions provide an automated, cost-effective and centralized solution for database application security, with evaluation and remediation advice for common compliance requirements integrated into the appliance. By identifying weaknesses in databases that can be open for exploitation, the FortiDB family of appliances helps to prevent the theft of proprietary and personal data by hackers that may appear to be legitimate users.

Back to Top

McAfee outlined details of its Security-as-a-Service strategy, designed to provide consumers, small to mid-sized businesses and large enterprises with a comprehensive set of security products delivered as a service in the cloud. This strategy builds on McAfee’s core strengths in threat prevention, its diverse software-as-a-service portfolio and industry-leading global threat intelligence, powered by McAfee Avert Labs.

McAfee’s approach to harnessing the cloud is based on completeness of vision and breadth of functionality within the current SaaS portfolio. With nine years of experience and maturity in providing SaaS solutions, the McAfee portfolio offers comprehensive protection and reliability. McAfee provides customers with a single vendor solution and more cost efficient deployment options in difficult economic times. With SaaS delivery options, McAfee customers recognize cost savings of 50 percent on average.

By integrating with McAfee’s real-time, cloud-based global threat intelligence, McAfee Security SaaS products provide increased visibility into both external and internal threats and vulnerabilities, protecting customers more efficiently and reducing both acquisition and operational costs. With 350 threat researchers and tens of millions of data collection sensors, McAfee’s global footprint is substantial. The complete McAfee Security SaaS portfolio leverages McAfee’s large install base and impressive threat intelligence capabilities, providing customers with the most insightful and comprehensive view of the evolving threat landscape. With McAfee’s Security SaaS offerings, the company delivers confidence in protection through a market leading and diverse portfolio of solutions.

Back to Top

At the Black Hat USA 2009 conference, Microsoft Corp. unveiled the progress of its information-sharing programs, providing insight into the positive impact the growing trend of community-based defense is having on the broader security ecosystem. In addition, in an effort to help improve customers’ risk analysis and security update management processes, the company introduced new tools and guidance designed to help security professionals around the world better manage online threats.

In an effort to help shift advantage to the security industry, Microsoft created the Microsoft Active Protections Program (MAPP), Microsoft Exploitability Index and Microsoft Vulnerability Research (MSVR) programs, announced at Black Hat last year. The MAPP and MSVR programs increase the level of industry collaboration, and the Exploitability Index builds on this collaboration and provides additional information and guidance on managing risk to Microsoft customers. In a new report, “Building a Safer, More Trusted Internet through Information Sharing,” Microsoft outlines how through these programs, customers and partners are better able to evaluate risk and have more access to countermeasures to help combat cyber threats.

The Microsoft Exploitability Index has also proven an effective and reliable resource to help customers better assess risk. Of the 140 Exploitability Index ratings Microsoft provided from October 2008 to June 2009, only one had to be modified — a 99 percent reliability rate. As the global threat landscape continues to evolve, Microsoft is committed to driving advances in industry collaboration and information sharing, and providing the tools and guidance to help customers anticipate and manage the threats they face online.

Back to Top

Business Software Alliance announced the successful completion of the Software Asset Management Leadership program, where 65 small and medium companies within the IT and ITES sector in Karnataka participated in the assessment program to review the quality of management of their organizations' software assets. On July 10th over 45 companies who completed the steps of assessment were awarded an official BSA certificate by the Centre of e-Governance, Government of Karnataka in Bangalore.

In November 2008 BSA, with support from the Center of E-Governance, State of Karnataka, had launched the SAM Leadership Program under which BSA reached out to approximately 700 IT & ITES SME companies with education, awareness materials, and information on Software Asset Management, a 2006 ISO Standard and its key benefits. The program also included voluntary SAM Reviews where participating companies were offered complimentary SAM Reviews/Audits and an opportunity to be recognized through a certificate.

This unique program which debuted in Karnataka will help establish a model state within India that promotes organizational productivity and network security through the implementation of model SAM practices within businesses and will also encourage innovation through the promotion of Intellectual Property Rights (IPR) protection to fight software piracy. Karnataka being a frontrunner and pioneer in many of the important IT milestones in the country, including the launch of multiple e-governance schemes and programs was an ideal State for BSA to develop an association to promote the value of SAM.

Back to Top

Until now, Comodo Internet Security had a drawback: it was only available in English. Grateful Internet users around the world install the award-winning freeware on their computers. Yet many could not benefit from it because they could not understand the English-language instructions for the antivirus and firewall software.

Comodo Internet Security 3.10 now is available in 17 languages. The award-winning suite can be downloaded in Brazilian, Chinese (simplified and traditional), Czech, Dutch, Estonian, Finnish, French, German, Italian, Japanese, Polish, Portuguese, Romanian, Russian, Slovak, and Swedish, in addition to the original English. For more information about Comodo Internet Security, or to download a copy of the free security software in one of the above languages, visit personalfirewall.comodo.com.

Back to Top

SonicWALL confirmed that users of its Gateway AV/IPS technology are automatically protected against the recently discovered vulnerability within Microsoft's Internet Explorer (IE) browser. SonicWALL's vulnerability and malware research team yesterday deployed Intrusion Prevention (IPS) signatures that address the flaws in Window's IE, without the customer needing to manually update the service. As a result, customers with a current subscription to SonicWALL's gateway threat prevention services are automatically protected against the Microsoft Windows Internet Explorer vulnerability.

Anyone who visits a site that's been hacked due to the IE vulnerability could be at risk. By exploiting the IE vulnerability, hackers can remotely take control of a user's computer as soon as the user visits a site that contains malicious code. Exploiting a component of Microsoft DirectShow, hackers are able to create HTML pages with malicious JavaScript parsed in an IE browser to infect users' computers' without their knowledge. The URL JavaScript is used to instantiate an instance of the vulnerable control and feed it a malformed image, likely to be logo.gif, causing it to crash and execute the malcode. Once initiated the hacker is able to launch a wide range of attacks on the computer that could include opening random files on the target machine, thus causing potential denial of service attacks.

For further information on the signatures created please visit: https://www.mysonicwall.com/SonicAlert/index.asp?ev=article&id=145

Back to Top