With Great Power Comes Great Responsibility

by

By Ian Moyse, EMEA Channel Director The cloud delivery model gives vendors a great amount of power. It is easier to create, deploy, maintain and enhance a service than it has been at any other point in computing history. Just look at Facebook, which grew to 500 million members in a very short period of time. People readily share within it, many with a limited understanding of the potential risks to their private information. The ability to make an enhancement and almost instantly put it into the customer’s hands is immensely powerful – and immensely dangerous. If you’re a software […]

Continue Reading »

A Cryptogram a Day Keeps the Malware Away

by

As a child, one of my favorite daily pastimes was solving the cryptogram puzzle published in the LA Times (after my mom finished the crossword puzzle, of course). I used to plow through paperback word puzzle books obsessively, finishing them in days. Appropriately, a Trojan that popped onto my radar last week had me flexing my cryptogram muscles yet again. The Trojan is a fairly common game password stealer, and it wouldn’t have merited a second look except that it also runs through a few routines to disable various antivirus products sold exclusively in Korea. Most game phishing Trojans we […]

Continue Reading »

Tips to Avoid Tax Season Scams

by

By Jeff Horne, Director, Threat Research As tax season rolls around again in the US and UK, it seems like a good time to revisit the perils taxpayers face seemingly every year at around this time. Phishing attacks against taxpayers are already in full swing — not that they haven’t been going continuously since last year. But this is high season for scams involving Web pages that look like the IRS or HMRC’s own Web site. Scam messages typically contain dire warnings or outrageously large promises for a refund. The messages often are presented as if they originate from a […]

Continue Reading »

Google Results Tarnished Again to Push Rogues

by

It’s been a few months since Google implemented new ways that it displays search results, and in that time, it’s been difficult to find the kinds of hijacked search results we saw in huge numbers a year ago. But if you thought the search engine manipulators were laying down on the job, you’d be wrong. A new campaign seems to have hijacked Google search terms of not just products or words, but of people’s names, towns, and phrases in both English and Spanish to lure victims into a trap. One of our Threat Research analysts stumbled upon the new scheme […]

Continue Reading »

New Year’s Drive-By Brings a Recursive Rogue

by

On the morning of January 2nd, still bleary eyed, I checked my email to find a charming notification informing me that I’d received an electronic greeting card. Yay! I thought to myself: The first targeted malware of 2011 plopped right into my lap. I immediately pulled up my research machine, browsed to the URL in the message (don’t try this at home, kids), and found my test system swamped in malware. After classifying the files and their source URLs into our definitions — I didn’t want this to happen to you, after all — I turned the computer back off […]

Continue Reading »

10 Threats from 2010 We’d Prefer Remain History

by

With 2010 finally behind us, and an unknown number of cyberattacks likely to come in the new year, I thought I’d run down a brief list of the malicious campaigns criminals pulled off last year that I’d really dread to see anyone repeat. Now that they’re in the past, they should stay there. Operation Aurora: Google’s accusation (with Adobe, Juniper Networks, Rackspace, Yahoo! and Symantec) that China hacked its servers, allegedly stealing private emails stored on the company’s servers. The big surprise wasn’t that it was happening, but that companies were publicly talking about it. Abused ccTLDs: 2010 saw lots […]

Continue Reading »

Software Channels the Cloud – For the Better

by

By Ian Moyse, EMEA Channel Director I continue to read doom and gloom news about the future of the software distribution channel, in particular, how it’s being impacted by the global recession, by catalogue providers, and most importantly, the cloud security delivery model. We already know that cloud software will change the security landscape as we know it today, and it looks likely to change the software marketplace as well. In my opinion, this change is long needed, and for the better. Resellers who find the right education and support for transitioning to a mixed world with both traditional and […]

Continue Reading »

Christmas IE Zero-Day Thwarted. Ho ho ho.

by

Yesterday, two different 0 day exploits against Internet Explorer were published, just in time for the holidays when most of you (and many security researchers as well) are taking time off from work. The exploit, named CVE-2010-3971, is fairly serious, affecting the latest builds of IE versions 6 through 8. Well, I’d normally get all hot and bothered about the fact that this kind of event might force some of our research team to spend their precious vacation time working the problem and coming up with a comprehensive solution. Normally, but not this time. This time we headed the Black […]

Continue Reading »

Fake Firefox Update is a Social Engineering Triple Fail

by

Where’s the work ethic, malware geniuses? If this latest example of shenanigans is the best you can deliver, you’re not even trying to generate convincing scams — or even something that makes sense — anymore. One of our Threat Research Analysts pointed me to a Web page hosting a fake update program for Firefox the other day, and the only thing it was useful for was a pretty good laugh. In replicating the Firefox “you’re now running…” page, the malware distributor managed only to build something that looks remarkably similar to a more sophisticated, and ultimately more plausible, scam we […]

Continue Reading »

Internet Misuse: Bandwidth Does Matter

by

By Ian Moyse, EMEA Channel Director Recent studies demonstrate that upwards of 25% of Internet bandwidth in an office are consumed by employees misusing the internet. According to Gartner, the average growth of business email volume is 30% annually, with the average size of the email content growing in parallel. Add to this the growth of Web misuse from streaming media, downloads, file sharing, social networking, and spam, and it becomes pretty clear that the mismanaged cost to business of non-work-related Internet use is already bad and getting worse. There are plenty of examples, including employees wasting more than two […]

Continue Reading »