Site News
Current section

July 30, 2010

StaffCop added!

Voting

Would you prefer to have 1 product that can fight both viruses and spyware or a specialized product for every threat?

1 multifunctional product
2 specialized products
VotingView results

September 16, 2009

Quick actions help financial firm avoid security disaster

While most of the IT world has been spared a devastating security attack like Blaster and Sasser for the last few years, the damage wrought by all manner lesser-known computer viruses continues to inflict corporate pain.

10 of the Worst Moments in Network Security History

For example, New York City-based investment firm Maxim Group, faced a security ordeal this year when a virus outbreak pummeled the company's Windows-based desktop computers and servers.

"On early April 15th, a few people called to say they were having problems with their computers," relates John Michaels, CTO there in describing how the investment firm's IT staff started to get an inkling that morning that something was terribly wrong. "After looking into it, we knew something bad was happening, affecting all our users, and my servers."

Malware was disabling applications by corrupting .exe files so they wouldn't open once they were closed, while also making thousands of connections to servers, saturating the network. "It damaged all the .exe files by corrupting them,” says Michaels. “People were logging on and getting a blank screen." The virus was altering the registry of the computers.

In response, Maxim Group told the approximately 325 computer users not to shut down the computers while Michaels and his team contacted vendors for assistance. Maxim Group didn't have a centralized antivirus product in place, having allowed various groups to go their own way with differing products. The decision to change that practice was made on the spot.

Antimalware vendor Symantec was called in to set up a centralized antivirus server, while also attempting to analyze what the malware was and advise on clean-up. It wasn't easy.

"Symantec took about three days to identify what the variant of the virus was," Michaels says. "They said they had never seen a variant of this."

The virus was finally identified as a variant on "Sality," an older virus that strikes at .exe and now also will install a backdoor and Trojan. "We asked Symantec, are we the only ones telling you about this? And they said 'We have 3 million infected.'"
Cleaning up more than 300 virus-riddled PCs was a huge headache. Symantec advised total re-imaging of the computers, which Maxim Group undertook, a process that consumed several weeks.

In the course of beating back Sality, Michaels says he also contacted another vendor, Cymtec Systems, whose product he had demoed, to install the security vendor's Sentry gateway, which monitors traffic and bandwidth usage, enforcing Web site policies and blocking antimalware.

The reason for the Sentry gateway is to prevent employees from going to "Web sites they probably shouldn't," especially as Web surfing raises the risks of malware infection, Michaels says.

But the virus outbreak also showed there was communication from the infected PCs to what might be a botnet. "They were connecting to rogue Internet sites," Michaels says, saying Sentry would help monitor for that kind of activity in the future.
To this day, Michaels says he's not sure how the Sality variant got into Maxim Group's network to explode in that April 15 outbreak. "Maybe it was a Web site or a USB device, I don't know," Michaels says. But on that day things changed in terms of the investment firm deciding to enforce stricter Internet usage policies.

"Before this episode, we allowed social network sites, but we don't now," Michaels says. Social networking sites are gaining a reputation as places where malware gets distributed, and if there's no clear business reason for using them, they're put off limits.

And are the old Blaster and Sasser worms that struck with such devastation over half a decade ago gone?

Unfortunately not, says the "Top Cyber Security Risks" report released this week by SANS Institute in collaboration with TippingPoint and Qualys. The report — which examined six months of data related to 6,000 organizations using intrusion-prevention gear and 100 million vulnerability-assessment scans on 9 million computers to get a picture of various attack types — notes "Sasser and Blaster, the infamous worms of 2003 and 2004, continue to infect many networks."



Source: NetworkWorld



All news for September 18, 2009:
20:13Microsoft Internet Explorer SSL security hole lingers
20:11Conservatives call for DNA databases to be reduced
20:09McAfee warns of bogus security suite
20:08Security market remains buoyant in choppy waters
20:07The good and bad of government in the cloud
20:05Vista, Windows 7 Are More Secure than Snow Leopard
20:04Will Google's Buy of reCAPTCHA Hurt Internet Security?
20:01HHS guts health-care breach notification law, groups warn
20:00Man gets 15 months for E-Trade skimming scam
19:59Sophisticated botnet causing a surge in click fraud
19:59Microsoft sues scareware scammers
19:58Software company fined for trading with the enemy
19:58Misdirected spyware infects Ohio hospital
19:57Firefox's Flash check drives 10M to Adobe's download
19:55Microsoft, Yahoo in informal talks with EU over search deal



All news for September, 2009
All news for 2009 year

DONATION: www.anti-keylogger.org and www.keylogger.org is an independent research projects supported by a team of enthusiasts. If you find this project useful and would like to help foster its continued development, please consider making a donation.
donate

Thanks in advance for your support!