May 2007 - Posts
A new version of Firefox has been released and should be applied promptly to address security concerns. Most folks should Autoupdate without issues (and users can also select HELP and CHECK FOR UPDATES from the Menu bar)
Firefox 2.0.0.4 Released - Security and Improved Vista Support
http://isc.sans.org/diary.html?storyid=2891
What's New in Firefox 2.0.0.4
Release Date: May 30, 2007
http://www.mozilla.com/en-US/firefox/2.0.0.4/releasenotes/
1. Security Update
2. Windows Vista Support: More enhancements and fixes for Windows Vista are included.
3. New Languages: Afrikaans (af) and Belarusian (be) are now available. Beta releases for several new languages are also available for testing.
Security Update: The following security issues have been fixed.
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.4
Fixed in Firefox 2.0.0.4
MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-13 Persistent Autocomplete Denial of Service
MFSA 2007-12 Crashes with evidence of memory corruption (rv:1.8.0.12/1.8.1.4)
Thanking Rod for sharing this link, as the MyIT Forums newsletter is one of my "must reads" each day 
First of all, good security ain't solely about operating systems themselves 
It's more about the process itself. You can implement either OS poorly, not keep them updated, etc. You also need more than just the OS alone to be properly protected from the dangers of the Internet.
However, if the right protective processes and best practices are followed, both versions of Windows as are fairly secure. If good security management principles aren't followed, neither operating system will ultimately protect the system from "click happy" users.
With that prelude, I disagree the theme of the article, as Vista clearly has some advantages (e.g., improved kernel protection, improved code base, UAC warning system, etc). In fact, in the charts it was rated as providing better spyware/adware protection (which is probally the most frequent hidden exposure folks encounter)
Yes, Vista security could have been tweeked a little better (e.g., in my opinion a better bi-direction Firewall). Still, on paper see security is at least slightly better than XP and thus I respectfully disagree particularly with the "Bottom Line" proposed in the article.
Review: Vista, XP Users Equally At Peril To Viruses, Exploits
http://www.crn.com/software/199701019
QUOTE: After a week of extensive testing, the CRN Test Center found that users of Windows Vista and Windows XP are equally at risk to viruses and exploits and that overall Vista brings only marginal security advantages over XP. One of Microsoft's big promises with Vista was a more secure operating system. But when stripped to the bare bones and thrown into the wild, wild Web, Vista's security failed to impress Test Center engineers.
THE BOTTOM LINE -- Based on the Test Center's findings, businesses that migrate their Windows PCs from XP to Vista will get a slightly more secure OS. But as the Finjan reports showed, Vista's security remains wafer thin.
In the end, both the Vista and the XP test notebooks were almost equally damaged by viruses, trojans and other malware. And because most of the Web sites in the test were able to exploit Vista's weaknesses, Internet users are just about equally vulnerable with both OSes.
VARs can still cite improved security as a selling point for Vista upgrades. Yet to avoid giving customers a false sense of safety, solution providers should stress that third-party security suites also will be needed to provide systems with ample protection.
Most AV vendors only highlight the most prominent new viruses, but they usually have to add dozens of new signatures daily to their detection files. More amazingly, it's a miracle that AV software can even run, much less efficiently without impacting performance.
AV vendors are always challenged by the growing in signature file sizes, (e.g., McAfee's has almost doubled in the past 2 years). There is alsooccasional need to adjust the scanning engine when new treats emerge in previously safe file types or system areas. As one of friends recently stated, "AV Detection is Rocket science" 
F-Secure estimates there are over 300,000 viruses
http://www.f-secure.com/weblog/archives/archive-052007.html#00001198
QUOTE: Question: How many viruses or malware exist in general? Can you give me some number? The approximate count is now over 300,000.
The full text of the PCAOB recommendations has been posted at their website. While these are still subject to SEC approval, that action is anticipated with an effective date for implementation around Nov 2007 (effective for fiscal year 2008 from an accounting perspective). The SOX 404 standards are controls and guidelines for automated IT financial systems, required for publicly listed companies.
Sarbanes-Oxley - Accouncement of proposed changes for Section 404
http://www.pcaob.org/News_and_Events/News/2007/05-24.aspx
Quote: The adopted standard and related documents are available on the Board’s Web site under Rulemaking Docket 21
Sarbanes-Oxley - Full text of proposed changes for Section 404
http://www.pcaob.org/Rules/Docket_021/index.aspx
Key PDF files (1st 2 PDFs from main link above)
PCAOB Release No. 2007-005: An Audit of Internal Control Over Financial Reporting That is Integrated With an Audit of Financial Statements and Related Independence Rule and Conforming Amendments (Size=351KB)
http://www.pcaob.org/Rules/Docket_021/2007-05-24_Release_No_2007-005.pdf
SEC Filing Form 19b-4 (Size=42MB - download this huge PDF to your PC rather than viewing with browser)
http://www.pcaob.org/Rules/Docket_021/AS5_19b-4.pdf
I work with Excel spreadsheets often and recently captured the process for pivoting tables. I had used formulas and even table matching techniques and this process is much simplier and works like magic.
Who says you can't teach old dogs new tricks 
Excel - Step by Step instructions on How to Pivot a Table
http://www.excelforum.com/showthread.php?p=1787972#post1787972
P.S. Please select the attachment link "How to Pivot a Table" at the bottom of this post for a Word document with screen excerpts showing the step-by-step process.
I've used 2 of the 3 sites below for years. I discovered the Internet Health Report site today and bookmarked it as a monitoring resource.
Internet Storm Center - Significant Security Events
http://isc.sans.org/
Internet Health Report - Status of Major Carriers
http://internethealthreport.com/
Internet Traffic Report - Status of Performance by Continent
http://www.internettrafficreport.com/
While this email is most likely not wide spread, folks should be cautious of spoofed messages from banks and software vendors. Links in email messages can download hostile malware agents that can be difficult to recover from.
Microsoft Support has something very important to say
http://www.f-secure.com/weblog/archives/archive-052007.html#00001200
QUOTE: A few hours ago we received reports of an important update supposedly coming from Microsoft Support. Since this "update" is not part of the monthly cycle, we were of course suspicious. Looking at the e-mail, our suspicions grew due to the glaring typos and the non-Microsoft domain link.
The sample contained in the link is now detected as Backdoor:W32/VanBot.CA since 2007-05-28_05. Updates are always good, but in this case, keep your virus definitions updated instead.
16 of 30 AV vendors detect EICAR encapsulated in Rich Text Files
EICAR is an industry standard virus signature file that all AV vendors use for testing purposes. It is harmless. At work, I've used it often in the past to test corporate server and PC systems to ensure AV defenses were working. Vendors not detecting this test file most likely should adjust their systems
AVERT: Rich Text Malware
http://www.avertlabs.com/research/blog/index.php/2007/05/25/rich-text-malware/
16 of 30 AV vendors detect EICAR encapsulated in Rich Text Files
http://vil.nai.com/images/Blog-%20RTF%20Malware4.JPG
QUOTE: Every single scanner detected the antivirus test file EICAR.COM, but only 16 out of 30 scanners were able to detect it embedded inside a rich text file. In layman’s terms, one could take an already detected malware and embed it inside a rich text file and half the antivirus software on the market would not detect this type of threat. A perfect foil for virus authors to use in phishing and spam runs.
http://www.microsoft.com/technet/technetmag/issues/2007/06/
QUOTE: It's security month again. Learn how User Account Control in Windows Vista protects the machines you manage by limiting the administrator privileges users normally run with. BitLocker Drive Encryption, another Vista feature, adds security as well by providing full volume encryption and the validation of startup components.
Also this month, finally get the tools you need to manage and control the kinds of hardware users install and connect to your network. You may be surprised at the range of security improvements this provides. Plus, read up on the four security must-haves: risk management, anti-malware, network anomaly detection, and configuration monitoring.
Below is part of a recent post in a forum, where a member asked how they might protect themselves better after a major virus or spyware infection created an unbootable system that needed reformatting.
QUOTE: Yes, sometimes advanced spyware or viruses become so ingranulated in the Windows registry and startup process that reloading is your only method of recovery. Tools, more secure settings and best practices will help prevent future occurrences. You probably know most of this general advice and I'll share what I see as a helpful in protection from some of the dangers out there:
1. Good AV package (there are certainly good free versions)
2. Good Firewall (bi-directional preferred)
3. Ensure you are using XP SP2 and IE7, (IE 6 has so many unpatched holes)
4. Firefox offers a good complementary browser with very few working exploits in the wild
5. Best practices and avoidance and "thinking security" at all times are probably your best defenses. Avoid all attachments and URLs in emails (plain text mode is also preferable). Be careful in website visitations (avoid all ads and untrusted sites). Think of every spam message as a telemarketing call or door-to-door salesman visiting ... There ain't no free lunches out there.
6. Monitor new developments. You don't have to become a security expert, but when a new risk emerges take the precautions, workarounds, countermeasures, etc. You're welcome to bookmark my Security Blog (link in signature) as I try to share new developments, best practices, etc. from a user standpoint (and there many other great sites out there as well)
7. You might want to research Anti-Spyware solutions (Counter-Spy, Spysweeper, AVG's version, AdAware, etc.)
8. Ramp up your security services and lock down unneeded services
9. When it comes to email or websites, avoid trusting them too quickly. I like the "No Trust" rule, rather than "Trust but Verify", as top-notch scammers can create authentic looking HTML that appears to come from a bank, Paypal, Microsoft, or other vendors. Call if you have to and validate anything suspicious.
10. Protect your privacy and avoid sharing sensitive info.
11. Use strong passwords and even change them periodically.
12. Stay up-to-date on all Windows patches and security updates for other products
While this is still subject to PCAOB and Congressional approval, passage of the proposed change appears promising according to the article. It's good to see these changes coming to SOX 404 
SEC approves Sarbanes-Oxley changes for section 404
http://www.forbes.com/feeds/ap/2007/05/23/ap3751963.html
http://www.reuters.com/article/ousiv/idUSN2323489520070523
http://www.washingtonpost.com/wp-dyn/content/article/2007/05/23/AR2007052301106.html
QUOTE: The U.S. Securities and Exchange Commission approved new guidance on Wednesday to help companies comply with what critics say is a burdensome and costly provision of the Sarbanes-Oxley corporate reform law. The agency, by a 5-0 vote, encouraged companies to take a more risk-based approach to complying with Section 404 of the legislation.
"Congress never intended that the 404 process should become inflexible, burdensome and wasteful," SEC Chairman Christopher Cox said at the agency's open meeting. Section 404 requires companies to assess their internal controls over financial reporting. It also calls for external auditors to report on management's assessment and on the controls themselves.
Corporations and business lobbyists have complained that Section 404 was too expensive and the SEC has conceded that, in some cases, overly cautious companies caused the law's costs to exceed its benefits.
The new guidance allows managers to identify the highest risks to their books as opposed to forcing them to test a long list of controls. The Public Company Accounting Oversight Board is expected to vote on Thursday in favor of revised guidance for auditors on a risk-based approach when assessing a company's internal controls.
Google has launched a new online security blog that discusses security controls for this major website
Google's New Online Security Blog
http://googleonlinesecurity.blogspot.com/
Introducing Google's online security efforts
http://googleonlinesecurity.blogspot.com/2007/05/introducing-googles-anti-malware.html
QUOTE: Online security is an important topic for Google, our users, and anyone who uses the Internet. The related issues are complex and dynamic and we've been looking for a way to foster discussion on the topic and keep users informed. Thus, we've started this blog where we hope to periodically provide updates on recent trends, interesting findings, and efforts related to online security. Among the issues we'll tackle is malware, which is the subject of our inaugural post.
Opera has just released v9.21 for Windows which corrects a serious security issue. All Opera users should update to the latest version. So far there are no issues in upgrading to the latest version in my own personal testing.
Opera Browser - 9.21 change log
http://www.opera.com/docs/changelogs/windows/921/
Advisory: Malicious torrent files can execute arbitrary code
http://www.opera.com/support/search/view/860/
Opera Torrent File Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/25278/
QUOTE: A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the handling of torrent files and can be exploited to cause a buffer overflow when a user right-clicks a malicious torrent entry in the transfer manager. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions prior to 9.21 for Windows.
This MSNBC article was informative and while the threat isn't new, web malware has increased in scope to where the volume of email viruses have declined in favor of other ways to compromise user security.
Internet Threat - Growth of Infectious Web Pages
http://redtape.msnbc.com/2007/05/the_next_net_th.html
The Ghost In The Browser - Analysis of Web-based Malware
http://www.usenix.org/events/hotbots07/tech/full_papers/provos/provos.pdf
QUOTE: Don't click on attachments? Good. Always keep that firewall turned on? Even better. Stay away from the Internet's unsavory neighborhoods? Better still. Think you are protected? Wrong.
Computer criminals are evolving their tactics to subdue your computer, experts say. Each time you invest more money and time in staying safe, the bad guys just find another way around your defenses. Their newest method may be the trickiest yet: Web pages booby-trapped with infectious computer code.
In the study, Google found 300,000 Web sites laced with such malicious code, and another 700,000 suspicious sites. For perspective, the study found only 18,000 Web sites laced with adware.
So called drive-by downloads are not new, but criminals have seized on the tactic lately because their success rate with traditional e-mail viruses has tapered off thanks to improved software and consumer education. Avoiding e-mail viruses is fairly easy, as long as consumers following clear rules like "don't click on any attachments." But drive-by downloads are much more sinister, as no user interaction is required beyond opening an infected site in a Web browser.
Corporate and home users should ensure they are using WPA2 for the best levels of wireless security. Otherwise, a "lightly secured" environment can be defeated easily as noted in this article.
Gone in 120 seconds: cracking Wi-Fi security
http://www.theregister.co.uk/2007/05/15/wep_crack_interview/
QUOTE: WEP is dead - and here's the proof. Cracking the Wi-Fi security protocol WEP is a probability game. The number of packets required to successfully decrypt the key depends on various factors, luck included.
When WEP was compromised in 2001, the attack needed more than five million packets to succeed. During the summer of 2004, a hacker named KoreK published a new WEP attack (called chopper) that reduced by an order of magnitude the number of packets requested, letting people crack keys with hundreds of thousands of packets, instead of millions.
Last month, three researchers, Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann developed a faster attack (based on a cryptanalysis of RC4 by Andreas Klein), that works with ARP packets and just needs 85,000 packets to crack the key with a 95 per cent probablity. This means getting the key in less than two minutes.
Sometimes spammers give you the option to supposedly "opt out" within the email message. However, can you trust someone to truly let you opt out; when as a spammer, their ethics may be in question? As the sender's email address may be forged (spoofed) your request may not be received. If it does get back to the sender, you might end up sharing your email address as a "clean address" that will be added to many more SPAM data bases. Worse yet SPAM messages are full of adware, spyware, and even viruses.
The best option is to line up all email messages from unexpected senders, and delete them all without opening them.
AVERT Blogs (McAfee) - Unsubscribe getting Worse
http://www.avertlabs.com/research/blog/?p=274
QUOTE: My advice is simple: Never unsubscribe from email you did not specifically request
EXAMPLE >>> Click here for an example of why URLs in email messages might be dangerous
Each month in the Roanoke area, I have the privilege of attending a Leadership Training series of programs to actively continue my education in leadership skills. It appears that each month, free Podcasts will be offered related to this leadership training series 
Leadership Training - Free Maximum Impact Podcast
http://www.maximumimpact.com/podcast/
| Quote: |
| Welcome to the new Maximum Impact Podcast! The Maximum Impact Podcast delivers must-have leadership, teamwork, and personal growth content for leaders in any organization, anywhere. Each episode will feature notable leaders from the world of business, education, sports, entertainment, military, government, life-coaching, and profiles of emerging leaders who are making a difference. You'll learn from renowned leadership experts, such as John Wooden, Larry Bossidy, Peter Drucker, John Maxwell, and many others. Become a leader who leads from the heart! Download each month's episode FREE from MaximumImpact.com. |
Technical note - after downloading, I had to rename and add a .mp3 to the file name (e.g., from 01-John to 01-John.mp3 ... sharing just in case you can't play this file afterwards
This informative article offers good advice for recovery and hopefully a passing grade later
Article: How to Recover from Failed Security Audit
http://www.itsecurity.com/features/failing-a-security-audit-050707/
An abbreviated version of the 5 key recovery points are noted below:
QUOTE: The most important result of your audit will be the list of vulnerabilities your auditor discovers. Simply being aware of the specific vulnerabilities facing your company is a good step toward designing a comprehensive security program. Whatever your specific goals and time frame, you'll need to manage the recovery process as you would any company project -- by designing a plan, allocating resources and setting a time frame.
1. Prioritize -- You'll come away from the audit with a lot of data -- and all of it's important, according to Julian. If your auditor hasn't already assigned a risk level, you'll need to sit down and decide what is high risk and what can wait.
2. Assign Recovery Roles -- Decide who will manage each task and hand off the solutions to the appropriate manager or team, whether it's IT, a development group or the management. To make sure that each group follows through, assign a specific individual with responsibilities for specific solutions.
3. Require Status Reports -- Once you've assigned roles, you want to make sure that the project is completed as promised, by a given deadline. Make sure to plan out milestones along the way when certain steps toward the end goal need to be completed.
4. Run Your Own Assessments -- Once you've started repairing any security holes or reconfiguring systems, you can start testing the work you've done. Before you plan a second all-encompassing security audit, you'll want to run automated scans or penetration tests, that focus on specific aspects of your security system to make sure each section is secure.
5. Schedule Another Audit -- ... it's rare for a company to return for a second audit, even if they failed the first. However, companies should have regular assessments.
Kim Komando highlighted this on her radio program this weekend. Apparently, TJX was using a WEP based wireless security implementation and crackers were sitting out in the parking lot. Wireless LANs should use the latest equipment and protective standards (e.g., WGA, WGA2)
TJX’s failure to secure Wi-Fi could cost $1B
http://blogs.zdnet.com/Ou/?p=485
QUOTE: The news of the TJ Maxx data breach has rocked the retail and banking industry, and many estimate that it will cost hundreds of millions or even a billion-plus dollars in financial damage. It was already widely reported back in March that the TJ Maxx breach was probably due to an insecure wireless network, but the Wall Street Journal is now reporting that it happened outside of a St. Paul, MN, Marshalls discount store in July 2005 (Marshalls is owned by TJX Cos.) WSJ is reporting that investigators believe that the hacker used a laptop and a telescope-shaped antenna.
What's most alarming about this is that most of the major retailers during that time were running WEP and many are STILL running some form of WEP. There's no reason to believe the same attackers didn't try this sort of attack on many other retailers and are still actively attacking networks today. Many businesses and organizations, including hospitals, are STILL running WEP or some other useless form of security. Some are running a slightly better enterprise version of WEP, which uses per-session per-user dynamic keys that supposedly rotate every hour, but even that's worthless since the third-generation of WEP cracking tools can break WEP in under a minute.
FREE Wireless Security e-book download
http://downloads.techrepublic.com.com/abstract.aspx?docid=277380
George Ou - More on Wireless LAN security
http://blogs.techrepublic.com.com/Ou/?p=404
This applies mainly to home product versions and autoupdating may have repaired this for users who have this enabled
McAfee Security Center Buffer Overflow Vulnerability
http://secunia.com/advisories/25173/
http://ts.mcafeehelp.com/faq3.asp?docid=419189
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528
The fix has reportedly been available via automatic updates since March 22, 2007.
Update to Security Center version 7.2.147 and 6.0.25, or higher.
http://us.mcafee.com/root/login.asp
quote:
Affected Products
McAfee Internet Security Suite 6.x, 7.x, 8.x, 2007
McAfee Total Protection 2007
McAfee VirusScan Plus 2007
McAfee PC Protection Plus 2007
McAfee VirusScan 8.x, 9.x, 10.x
McAfee Personal Firewall Plus 5.x, 6.x, 7.x
McAfee Privacy Service 6.x, 7.x, 8.x
McAfee SpamKiller 5.x, 6.x, 7.x
McAfee QuickClean 4.x, 5.x, 6.x
McAfee AntiSpyware 1.x, 2.x
McAfee Wireless Home Network Security 1.x
Microsoft has released the following new security bulletins for May:
Microsoft Security Bulletins - May 2007
http://www.microsoft.com/technet/security/bulletin/ms07-May.mspx
Brief Summary of Bulletins and Products Affected
------------------------------------------------------------------
MS07-023: Excel - all currently supported versions
MS07-024: Word 2000, 2002, 2003, 2004 (Mac)
MS07-025: Office (all currently supported versions)
MS07-026: Exchange (all current versions)
MS07-027: Internet Explorer - all current versions
MS07-028: CAPICOM, BizTalk Server
MS07-029: Windows 2000 Server, Windows Server 2003
ISC Detailed Analysis - Some are rated as "Patch Now"
http://isc.sans.org/diary.html?storyid=2769
Passwords are one of our primary security safeguards. This site allows you to key in a password and test it immediately. Recently, I've adopted the following practice to ensure all my passwords are rated as strong:
- Passwords of 8 characters (or more)
- Include both letters and numbers
- One upper case letter and the rest as lower numbers
Examples:
McAfee01
Jubo0007
Peanuts2
1Tractor1
Microsoft Security - Check the Strength of your Passwords
http://www.microsoft.com/protect/yourself/password/checker.mspx
Microsoft Security - How to create strong Passwords
http://www.microsoft.com/protect/yourself/password/create.mspx
Users should avoid suspicious emails or other attempts that request activation of their Windows environment. Microsoft does not send emails for this process and does not ask for credit card details. Windows activiation is a one-time process only required during the initial install process. The screens and HTML used in this attack are realistic.
Kardphisher - Trojan Horse Spoofs Windows Activation
http://www.symantec.com/security_response/writeup.jsp?docid=2007-042705-0108-99&tabid=2
QUOTE: The Trojan pretends to be a legitimate Microsoft activation program and tricks the user into entering their credit card details to activate Windows. The Trojan shuts down the compromised computer if the user does not enter their credit card numbers.
HMTL by trojan emulates Windows Activation
http://www.symantec.com/content/en/us/global/images/threat_writeups/2007-042705-0108-99.1.png
Windows Activation process further asks for credit card info
http://www.symantec.com/content/en/us/global/images/threat_writeups/2007-042705-0108-99.2.png
This new IRC based attack may take advantage of an important security vulnerability patched by Microsoft during late 2006:
IRCBOT.AAS - Exploits MS06-040 if unpatched
http://www.f-secure.com/v-descs/backdoor_w32_ircbot_aas.shtml
QUOTE: This BOT takes advantage of MS06-040. The specially crafted packet is embedded in the body of this IRCBot and is XOR'ed by 99h. The BOT will then wait for a "Scan" command from a remote user. In this case, the BOT will send this specially crafted packet to all IP addresses that the remote user specified to the BOT.
When successfully logged in to the BOT, the remote user can do the following IRC commands:
Joins/Part an IRC channel
Send private/channel messages
Change the BOT's nick
Quits the IRC server.
Checks the BOT's ID and version.
Check the up-time of the BOT
Logout from the BOT.
Update the BOT.
Microsoft has issued the advance warning on patches coming out next week. Looks like security and system admins will have their work cut out for them. We have Two Critical for Windows, two critical for Office, one Critical for Exchange and one critical patch for CAPICOM and BizTalk. Two non-security patches are scheduled for Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft Security Patches - May 2007
http://www.microsoft.com/technet/security/bulletin/advance.mspx
Summary of the patches:
• 2 for Windows
• 3 for Office
• 1 for Exchange
• 1 for CAPICOM
• 1 for BizTalk
• 6 NON-SECURITY High-Priority Updates
These "Month of" projects, where working exploits are publicly disclosed, often do more harm than good for the cause of security. Private disclosure is a safer method of sharing vulnerabilities with software vendors. The month of May might be more active after some quieter times in the past couple of weeks. Two new MS Office ActiveX weaknesses have been noted as follows:
MOAXB Project - Month of Active X Bugs
http://moaxb.blogspot.com/
Day 1 - Powerpoint vulnerability
http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html
http://secunia.com/advisories/25092/
Day 2 - Excel vulernability
http://moaxb.blogspot.com/2007/05/moaxb-02-excelviewerocx-v-31-multiple.html
As AV vendors use different naming conventions, some of the names used will differ. This is an interesting categorization of malware, that we have to always defend our users from.
Kaspersky - Top 10 categorizations of malware
http://www.viruslist.com/en/weblog?calendar=2007-04
QUOTE: It’s that time of the month again – when a young man’s mind turns to browsing virus collections.
1. Greediest Trojan Targeting Banks - Trojan-PSW.Win32.Agent.km takes this title this month. Not only does this Trojan wage war against 42 banks at once, it also attempts to intercept TAN-codes, which once again proves that this kind of protective measure does not present much of an obstacle for cyber criminals. The Trojan’s victims include many leaders in the global banking sector.
2. Greediest Trojan Targeting E-payment Systems - this title goes to one of the modifications of Trojan-Spy.Win32.Banker.clu, which is programmed to gain access into three different electronic money systems.
3. Greediest Trojan Targeting Plastic Cards – the title goes to Trojan-Spy.Win32.Banker.ciy. Last month, the malicious program that took this title was programmed to access three plastic card systems at once. Banker.ciy wins because it targets 5 systems instead of 3.
4. Stealthiest Program - this month Backdoor.Win32.Hupigon.elw takes the title – it is packed seven times with different .exe file packers.
5. Smallest Malicious Program - is the 51 byte Hoax.Bat.AlotWindows.a, which plays a mean joke on Internet users. When this program is launched, it begins to open a series of windows on the user's computer with the text "DDoS DOS!" In reality, opening windows is all Windows.a is capable of.
6. Biggest Malicious Program - Trojan.Win32.Haradong.ao weighs in at a hefty 182 MB (!). This file is spread under the guise of a video file, with the extension “avi.scr.” It’s very large size is attributed solely to that fact.
7. Most Malicious Program - Backdoor.Win32.Rbot.aeu blocks security solutions using a variety of methods.
8. Most Common Malicious Program in Email Traffic - Email-Worm.Win32.NetSky.q, which has been around for years, but still managed to account for 14% of all malicious email traffic in March, which just goes to show that the older malware is still going strong.
9. Most Common Trojan Family - once again it is the Chinese Backdoor.Win32.Hupigon family, with a mere 326 modifications instead of the 368 we saw last month.
10. Most common virus\ worm family - goes to the well known Warezov worm again; with 44 new modifications detected this month.
More Posts
Next page »