Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with Critical System Protection
Showing posts in English
Inner working of Botnets
vikram3500 | 23 Apr 2009 | 2 comments

 Very interesting article i read the past hour up

Marshal8e6, a global provider of Secure Web Gateway and email security products, announced today the findings of its extensive botnet research conducted by the company's TRACElabs threat research group. The data, compiled during the first quarter of 2009, represents two years of in-depth research and observation which provides detailed analysis of the inner workings of major botnets that Marshal8e6 has identified as the biggest spammers.

As part of the study's findings, TRACElabs determined that the Rustock and Xarvester malware provided the most efficient spambot code, enabling individual zombie computers to send 600,000 spam messages each over a 24 hour period.

More of the Article at http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=217000203&subSection=Antivirus

Read more
Microsoft Security bulletin
Sapta | 23 Apr 2009 | 1 comment

This alert is to provide you with an overview of the new Security Bulletin being released on 14 April 2009.

New Security Bulletins

Microsoft has released eight new security bulletins:

Bulletin ID
Bulletin Title
Maximum Severity Rating
Vulnerability Impact
Restart Requirement
Affected Software

MS09-009
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
Critical
Remote Code Execution
May require restart
Microsoft Office

MS09-010
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
Critical
Remote Code Execution
Requires restart
Microsoft Windows, Microsoft Office

MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
Critical
Remote Code Execution
May require restart
Microsoft Windows

MS09-012
...

Read more
Ethical Hacking
sebastiaan | 17 Apr 2009 | 15 comments

A few weeks ago, a couple of my co-workers visited a workshop about a new course: ethical hacking. In short, it teaches system administrators how to try and hack your own system, to check it's vulnerabilities and find out whether your security needs working on. The course is also available for pretty much everyone else, but that on a side note.

When i heard about it, the only thing that sprung to my mind was "WTF??". Are we really going to TEACH people to hack, how to do it and what to do with it? Why not just build a program for it then? That would make things a lot easier: Microsoft Hacking 2007 or something, ofcourse licensed, but that would not be a problem, since - well it is a hacking tool, right?

As i remember in the good ol' days, hacking was staring at black screens, learning, adapting to what you found and working with that information. It was almost completely auto-didacted by people that wanted to know. That made hackers good system admins,...

Read more
Conficker/Downadup: An Update
khaley | 01 Apr 2009 | 0 comments

Conficker; there has probably never been a virus or worms with so much written about it.  And now that’s it’s April 1st and the world has not come to an end, many people are no doubt questioning whether Conficker was a bust and nothing we didn’t needed to worry about, if the threat itself was over hyped, and it all the electronic ink spilled about this threat was worth it.  I’ll give you my opinion, but first a status update of Conficker.

 

April 1st has come and as predicted machines infected with Downadup.C have switched to the new communication algorithm.  But when these infected machines are able to communicate back to a Command & Control server they are not getting updated with a malicious code payload.  In other words, no large or small, malicious attack has been unleashed by Conficker.

So is Conficker a bust for the bad guys?  No.  One thing we can tell about this worm is that whoever...

Read more
Is Symantec Ready for Conficker (Downadup)? Yes!
Kevin Haley | 31 Mar 2009 | 22 comments
Interest in the Conficker (or Downadup) is reaching a frenzied peak.  As media interest in this worm continues to rise, customers are asking if Symantec is ready for Conficker. The answer is a resounding yes.  Symantec customers are already protected (as long as they are running the latest AV and IPS definitions). This article provides a short overview of Conficker (Downadup) and the protection offered by Symantec products.
 
Background
Conficker first appeared in late 2008 as the first worm in the wild to leverage a newly reported vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) service (MS08-067).  Symantec named the worm Downadup, but over time the popular name for this threat has become Conficker.  Symantec customers were quickly protected from the vulnerability with newly released IPS and AV signatures. 
 
In late November,  a new variant...
Read more
The DownadUp (Conficker) Codex
Ben Nahorney | 31 Mar 2009 | 0 comments

How do you summarize the functionality of a threat like Downadup? It sounds like the sort of challenge taken up only by folks that can solve a Rubik’s Cube in 30 seconds or less. If someone asked me do so in a sentence, here’s how I’d do it:

“Yeah, right.”

 

Then again, I was that kid who solved his Rubik’s Cube with a screwdriver. Downadup isn’t one of those types of threats that lend themselves to an in-a-nutshell summary. It happens to be one of the most complex threats we’ve seen in the history of malicious code. Still, let’s give it another try:

 

“Downadup is a worm.”

 

True, but this glosses over so, so much. Third time’s the charm?

 

“Downadup is a worm that spreads by exploiting a vulnerability without DoSing the network with traffic (as well as removable and network drives, by bruteforcing network shares and...

Read more