Month: August 2006

“Something always happens during the Christmas holiday, and it wrecks the holidays for IT administrators, and something always seems to happen in August to wreck their summer vacations,” she said. “Also, System Administrator Day is July 28, so maybe things happen in August to reinforce the appreciation everyone has for us.”

Paul Asadoorian, lead IT security engineer for Brown University in Providence, R.I., speculated that the annual Black Hat hacker event in Las Vegas is a factor. “People go to Black Hat and pick up all this knowledge about how to exploit various technologies,” Asadoorian said, “then they decide to use Patch Tuesday to practice their newest skills.” That’s especially problematic in a university environment, he said, since students returning to campus in August tend to come with computers that are infected with malware.

In the case of the Windows Server Service flaw, Bradley and Asadoorian are bracing for what may be another awful August. “We separate student computers from the rest of the campus and check them for problems before letting them on the network. Network access and/or endpoint assurance are two technologies every organization should try to take advantage of, something that checks the host when it tries to plug into the network,” Asadoorian said. “The good news is that the newer platforms are in wider use,” she said, noting that her environment is now made up of machines running Windows XP SP2 and Windows 2003.

Bradley’s advice for dealing with the current threat is to separate the MS06-040 patch from the rest of this month’s urgent updates and deal with that one first.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1210536,00.html

Users in Spain have also been warned about new types of attacks that do not follow the typical path expected of phishing scams.

The new online safety campaign in Spain is backed by the Spanish government, police and the Association of Internet Users, as well as banks and other institutions.

http://www.viruslist.com/en/news?id=194527499

“I used to do a lot of incident response, where someone would have a compromised system containing unknown files,” Valsmith says. “I would try to figure out what the files were, and I always thought, ‘I wish there was someplace I could go online and find out what these files are.’ So in late December of 2005, I set up the Website and started adding malware and analysis to it.”

Working on a self-funded project in the garage of co-founder Danny Quist, the two researchers began collecting and analyzing malware files for inclusion in the search engine. Soon, they added data from popular, open-source malware collections, such as Nepenthes and MWCollect, and then contributors began sending them files from their own collections.

“We get some contributions every day now, through our Web upload interface,” Valsmith says. “We hit 40,000 samples today.” Without Offensive Computing, IT troubleshooters and security researchers often are left scrounging for information about malware files that they find in their systems, Valsmith explains. “Antivirus systems in general only have about a 20 percent detection rate, so there is a ton of malware running around out there that few people know anything about,” he says. “Hopefully, we can help fill that gap.”

The groundswell of support for Offensive Computing’s efforts is indicative of a growing desire for more unified, consolidated study among security researchers, observers say. The search engine is not the only consolidation effort in town: At the Defcon conference in Las Vegas last week, Internet pioneer Paul Vixie and Georgia Institute of Technology bot researcher David Dagon announced that they have created a “malware repository” that helps researchers identify new bot exploits.

Vixie’s and Dagon’s repository includes data from Nepenthes as well as tens of thousands of malware contributions from Shadowserver.org.

Both Offensive Computing and the malware repository are designed to bring security researchers together and speed the process of shutting down new attacks. “Something has to change, because the malware authors are getting more and more sophisticated,” Valsmith says.

“We have actually been talking with some antivirus vendors on ways we can help each other improve,” he says. “We really want to reach out to the AV community and find ways to collaborate.” As more people become aware of the site, more analysis and samples are contributed, which builds up a knowledge base that people can use to help defend against threats.” However, such a unified effort could be tricky, because antivirus vendors make their living by collecting new exploits and trying to be the first to defeat them, observers note. A consolidated database of malware samples and suggested solutions could level the playing field and threaten AV vendors’ business, they add.

http://www.darkreading.com/document.asp?doc_id=101270&WT.svl=news1_1