Irish virus levels rise again as new threat emerges

Posted on by admini

Viruses were found in 11.99pc of messages circulating in Ireland last month, a significant rise on the rate of 7.39pc in January.

As with January, variants of the Zafi worm were the two most frequently occurring infections last month. In February their influence was somewhat reduced; Zafi.D was found in 41.12pc of infected emails and Zafi.B occurred in 21.16pc of cases.

The IFrame styled viruses takes advantage of a vulnerability in Microsoft’s Internet Explorer that allows a malicious HTML document such as an email message to execute automatically when it is viewed through the browser. It also affects Microsoft Outlook and Outlook Express, which share similar code for previewing HTML formatted messages. This helps the virus to spread as users don’t even have to click on the attachment to launch the virus – it could be spread simply by opening the infected message in Outlook’s preview pane.

“This is the first time in memory that a specific HTML exploit has come up so prevalently, normally they only occur in ones and twos,” he said. Driscoll pointed out that the vulnerability in Internet Explorer that IFrame exploits was identified almost four years ago, which means its presence suggests that large numbers of home users still have unsecured systems.

“This is an education issue that doesn’t seem to be reaching some people,” he said.

IE Internet also released figures, which showed the incidence of spam rose slightly to 38.1pc last month, a marginal increase from the level of 36.68pc recorded in January.

As ever, the US is the largest single source of unsolicited commercial email, although South Korea is gaining ground and now accounts for 17.85pc of emails sent to Ireland.

http://www.siliconrepublic.com/news/news.nv?storyid=single4509

Read more

Zafi-D and Netsky top virus charts

Posted on by admini

Antivirus software company Sophos said that Zafi-D, which first appeared at the end of 2004, has been the most regularly spotted malware, followed by Netsky P.

Sophos noted that February’s top 10 is dominated by old viruses, with only two new entries this month, Bagle-BK and Sober-K.

“It looks like the Zafi-D worm is going to be hanging around like a bored teenager for some time to come, unless more home users realise how important it is to update their antivirus software. This Hungarian worm accounts for almost one in three viruses reported,” said Carole Theriault, security consultant at Sophos.

Theriault predicted that the Sober-K worm will be one to watch in March. “It can pose in a number of disguises, including a bogus bogus email from the FBI or raunchy videos of celebrity heiress Paris Hilton,” she said. One in 23 emails circulating last month carried viruses, according to Sophos.

Kaspersky Labs added that the number of malware detected overall in February “in absolute terms was low enough to make this month the quietest for the past 12 months”.

But the company warned that the detection of six new Bagle variants today is likely to have an impact. “We will undoubtedly see some of them in the March top 20. We will undoubtedly see a new crop of Trojan-Proxy.Win32.Mitglierder in the next few days, since this is the Trojan that Bagle typically downloads. We should then see a burst of spammer activity and new phishing emails,” the antivirus company said.

http://www.vnunet.com/news/1161599

Read more

CA Unveils New Security Management Architecture

Posted on by admini

The new open-standards framework, dubbed the eTrust Security Management Architecture, will be incorporated into channel-friendly toolkits from CA later this year, said to Bilhar Mann, vice president of product management for identity and access management.

Down the road, CA will extend this security backbone to all of its identity and access management products, Mann said.

By featuring a common security backbone that leverages open standards such as WS-Security, SAML, SPML, ISO-10181, Kerberos, X.509 and SAF, the new architecture enables interoperability between diverse platforms and security mechanisms. The new framework also will provide “intelligent decision processing,” a feature that enables security policies based on point of entry and other variables that may impact the attributes of a specific transaction, as well as “true accountability,” which ensures that a user’s identity is not lost in a transaction by delivering identity mapping across platform boundaries.

This latter technology, spawned from the nascent log management industry, delivers a complete audit of an identity or access transaction as it moves throughout an organization, and enables solution providers to help customers enforce platform-independent security policies.

http://www.crn.com/showArticle.jhtml?articleID=60404405&flatPage=true

Read more

Microsoft: No Plans For IE7 On Windows 2000

Posted on by admini

In mid-February, chairman Bill Gates promised a new version of IE before Longhorn ships, and said the new browser — which will concentrate on delivering additional security against such threats as phishing — would roll into beta this summer.

At that time, only Windows XP SP2 was mentioned as a supported OS.

According to the posting on the blog, IE 7 will also work on the 64-bit edition of XP (with the long title of “Windows XP Professional x64 Edition”) and the upcoming Windows Server 2003 Service Pack 1 (SP1).

About Windows 2000 support, Microsoft hasn’t budged from its previous position. “We have heard the requests for support of Windows 2000, but have nothing to announce at this time.”

On a related subject, the blog also made clear that a new version of Outlook Express, Microsoft’s for-free basic e-mail client, would not appear with IE7.

http://www.securitypipeline.com/news/60404527

Read more

Security Chiefs Sit High On The Corporate Ladder

Posted on by admini

The Business Software Alliance and Information Systems Security Association released results of their Information Security Survey, a Web poll of 850 worldwide members of ISSA conducted in December and January.

According to the survey, 44% of companies said a member of senior management is responsible for IT security, up from 39% in October 2003.

BSA, a consortium of 25 software companies that includes Cisco Systems, IBM, and Microsoft, supports enforcement of copyright and software-counterfeiting laws.

Among other findings: 78% of companies have a formal information-security program; 90% have an information-security officer; and 55% have a chief privacy officer.

http://www.informationweek.com/story/showArticle.jhtml;jsessionid=5CWAFMGITIQIIQSNDBCCKH0CJUMEKJVN?articleID=60403494

Read more

Reuters reviews IT security

Posted on by admini

The company hopes to improve the reliability and availability of the financial news and market data it provides to financial firms.

‘That information needs to be accurate and there when they need it,’ Malcolm Kelly, global IT security director at Reuters, told the RSA Conference. ‘It’s about achieving the balance between availability, security and integrity.’

Kelly says Reuters needs to deal with any threats to information that might materialise. ‘That’s not just viruses and worms, but data availability and storage,’ he said.

Kelly has outsourced penetration testing and vulnerability management, and says firms need more holistic IT security strategies.

Reuters hopes to benefit from the Symantec and Veritas merger, with security covering anti-virus software to data storage and disaster recovery systems.

http://www.computing.co.uk/news/1161479

Read more