Author: admini

The debate over the virus sample has highlighted a rift between the more the conservative antivirus industry and a group of security researchers that do not adhere to the industry’s stance against publishing virus code and associating with virus writers.

Many security researchers believe that open disclosure of security vulnerabilities leads to better security. As those researchers begin to study viruses, worms and bot software, they argue that the same logic means the open discussion of threatening vectors for worms.

Last month, security researcher Kevin Finisterre admitted to creating the three versions of the OSX/InqTana worm and sending them to antivirus companies as a way to highlight weaknesses in Apple’s operating system.

“We work with people on a trust basis, people who have been in the industry and are known to us,” said Joe Telafici, director of operations for the antivirus emergency response team (AVERT) at security firm McAfee.

Graham Cluley, senior technology consultant at rival antivirus firm Sophos, also mentioned the articles as a reason for questioning the group’s conduct. “Right now, none of us can protect against this virus because we haven’t seen the code,” Cluley said.

http://www.securityfocus.com/news/11379?ref=rss

Evron, who serves as the Israeli CERT manager and is a leader in many global Internet security efforts, said the group includes representatives from anti-virus vendors, ISPs, law enforcement, educational institutions and dynamic DNS providers internationally.

Over the last year, the group has done its work quietly on closed, invite-only mailing lists. Now, Evron has launched a public, open mailing list to enlist the general public to help report botnet C&C servers. The new mailing list will serve as a place to discuss detection techniques, report botnets, pass information to the relevant private groups and automatically notify the relevant ISPs of command-and-control sightings. “The vetted lists will still do the bulk of the work, but we needed a public place to involve a wider audience,” Evron said in an interview with eWEEK.

Anti-virus experts have detected signs of a massive, well-coordinated Trojan attack capable of creating botnets-for-hire.

Dan Hubbard, senior director of security and technology research at San Diego-based Web filtering software firm Websense, said the threat from botnets should be high on a CIO’s worry list. “We’re seeing more and more bots being written for multiple use.”

Roger Thompson, a veteran anti-virus researcher who runs the Atlanta-based Exploit Prevention Labs, said the vigilante approach to targeting botnet command-and-controls comes with upside and downside. However, Thompson worries that culling the herds may breed a stronger beast. Like Thompson, Evron admits that the command-and-control shutdowns are only a small part of dealing with the growth of botnets.

The bad guys go back to drawing board and plan a more sophisticated mode of attack.

With the new mailing list and increased public participation, Evron envisages a scenario where experts in the anti-virus, anti-phishing, anti-spyware and anti-spam industries are all working together on research and development to help curb the growth of botnets. Websense’s Hubbard agrees there’s no silver bullet to solve the problem. “The techniques are becoming better and more sophisticated as we come out with new defense techniques.”

http://www.eweek.com/print_article2/0,1217,a=172598,00.asp

Null Session/Password NetBIOS Access Multiple Vendor SNMP Request and Trap Handling Vulnerabilities AT&T WinVNC Server Buffer Overflow and Weak Authentication Vulnerabilities Cisco IOS Telnet Service Remote Denial of Service Vulnerability Writeable SNMP Information SSH Protocol Version 1 OpenSSH Multiple Memory Management Vulnerabilities Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial…