The JEHM Net News

New This Month

Threats posed to Windows Vista™ becoming evident

Microsoft’s new operating system, Windows Vista, is expected to be widely adopted and will likely have a significant effect on the security landscape. Symantec has continued to research potential issues and risks associated with the new operating system. LEARN MORE

New phishing economies

As phishing becomes entrenched as a mainstream attack activity, antiphishing techniques are improving and phishers are being forced to focus on new targets and adopt new methods. Symantec believes that, in the near future, phishers will expand the scope of their targets to include new industry sectors. LEARN MORE

SMiShing — Spam and phishing go mobile

In July 2006, Symantec reported that SMS and MMS had emerged as new vectors for spam and phishing activity. Subsequently, the term SMiShing was coined by the industry to describe this class of threat. Symantec speculates that SMS- and MMS-based phishing and spam will continue to increase. LEARN MORE

Symantec has released the 11th volume of its semiannual Internet Security Threat Report. Over the past six months, Symantec has observed a fundamental shift in Internet security activity with an increase in data theft and data leakage and the creation of malicious code targeting information that can be used for financial gain.

Symantec has observed high levels of malicious activity across the Internet, with increases in phishing, spam, bot networks, Trojans, and zero-day threats. Some of the key findings of the report are below.

Attack Trends Highlights

* The government sector accounted for 25 percent of all identity theft-related data breaches, more than any other sector.
* The United States was the top country of attack origin, accounting for 33 percent of worldwide attack activity.
* Microsoft Internet Explorer was targeted by 77 percent of all attacks specifically targeting Web browsers.
* Home users were the most highly targeted sector, accounting for 93 percent of all targeted attacks.
* Symantec observed an average of 63,912 active bot-infected computers per day, an 11 percent increase from the previous period.

Vulnerability Trends Highlights

* Symantec documented 2,526 vulnerabilities in the second half of 2006, 12 percent higher than the first half of 2006, and a higher volume than in any other previous six-month period.
* Symantec classified four percent of all vulnerabilities disclosed during this period as high severity, 69 percent were medium severity, and 27 percent were low severity.
* Sixty-six percent of vulnerabilities disclosed during this period affected Web applications.
* Seventy-nine percent of all vulnerabilities documented in this reporting period were considered to be easily exploitable.
* Symantec documented 54 vulnerabilities in Microsoft Internet Explorer, 40 in the Mozilla browsers, and four each in Apple Safari and Opera.

Malicious Code Trends Highlights

* Of the top ten new malicious code families detected in the last six months of 2006, five were Trojans, four were worms, and one was a virus.
* The volume of Trojans in the top 50 malicious code samples reported to Symantec increased from 23 percent to 45 percent.
* Trojans accounted for 60 percent of the top 50 malicious code samples when measured by potential infections.
* Polymorphic threats accounted for three percent of the volume
* Threats to confidential information made up 66 percent of the top 50 malicious code reported to Symantec.
* Keystroke logging threats made up 79 percent of confidential information threats by volume of reports, up from 57 percent in the first half of the year and 66 percent in the second half of 2005.

Phishing, Spam, and Security Risks Highlights

* The Symantec Probe Network detected a total of 166,248 unique phishing messages, a six percent increase over the first six months of 2006. This equates to an average of 904 unique phishing messages per day for the second half of 2006.
* Symantec blocked over 1.5 billion phishing messages, an increase of 19 percent over the first half of 2006.
* Throughout 2006, Symantec detected an average of 27 percent fewer unique phishing messages on weekends than the weekday average of 961.
* Organizations in the financial services sector accounted for 84 percent of the unique brands that were phished during this period.
* Forty-six percent of all known phishing Web sites were located in the United States, a much higher proportion than in any other country.
* All of the top ten security risks reported during this period employ self-updating.

View the complete Symantec Internet Security Threat report here.
Source :: Symantec

Presenting the most comprehensive online protection we’ve ever created. Norton 360™ provides all-in-one protection that keeps you, your family, your PC, and your information secure.

This comprehensive solution combines Symantec’s proven, industry-leading security and PC tune-up technologies with new automated backup and antiphishing features, providing a full circle of protection.

Learn More

A flaw has been found in Citrix’s Presentation Server Client, an application that allows remote users to access corporate servers from outside the office.

Versions older than 10.0 could be vulnerable to a buffer overflow which would enable an attacker to compromise a user’s machine, according to researcher Karl Lynn of Juniper Networks, who discovered the flaw. Security advisory organization Secunia has rated the vulnerability as highly critical.

The vulnerability is caused by an error in the support for ICA (Independent Computing Architecture) connections through a proxy server. This may be exploited to execute arbitrary code when a user visits a malicious Web site, Citrix warned in an advisory last week.

ICA, designed by Citrix, is a proprietary protocol for application server systems. The protocol gives specifications for passing data between servers and clients, regardless of platform.

The vulnerability currently has no patch. Citrix recommends users protect themselves by upgrading to version 10.0 of Citrix Presentation Server Client.

Tom Espiner of ZDNet UK reported from London.

Researchers have discovered a “highly critical” security flaw in newly released Office 2007, despite Microsoft’s efforts to deliver its most secure version yet of the productivity software.

The consumer version of Office 2007, which launched only four weeks ago, is designed to withstand higher scrutiny by malicious code writers, as Microsoft subjected the software to code auditors as part of its security development lifecycle.

But researchers at eEye Digital Security found a file format vulnerability in Microsoft Office Publisher 2007, which could be exploited to let an outsider run code on a compromised PC.

“We were surprised we could find a flaw so quickly (after Office 2007 launched) and one that was part of their core products,” said Ross Brown, eEye’s chief executive.

An attacker could create a malicious publisher file, he said. Once the recipient opens the file, he or she could find the system infected and susceptible to a remote attack.

Researchers at eEye used a standard process of code auditing in discovering the vulnerabilities, Brown added. He noted that Microsoft either did not do a “good job” with its code auditing, or it may not have had enough people working on such a task.

Microsoft, meanwhile, said it is investigating eEye’s report of a possible vulnerability in Publisher 2007 and will provide users with additional guidance if necessary.

Executives at the software giant have recently said they expect security challenges to keep emerging, as an increasing number of devices connect to the Internet.

No public exploits have been reported in circulation for Publisher 2007 and, given Office 2007’s recent release, the flaw may hold little attraction for attackers who may wish to concentrate on software that is in greater distribution, eEye said.

(News.com)

As of September 18, 2006, Symantec Security Response is advising users to take extra precautions if they use any version of Microsoft Internet Explorer as a result of a new zero-day attack against the application.The attack leverages a previously unknown vulnerability in Microsoft Internet Explorer. This vulnerability is due to the way Internet Explorer handles Vector Markup Language (VML).

Currently, the vulnerabilities are being hosted primarily on adult and pornographic websites and used to attack users visiting those sites to install spyware onto the victim’s machine. It is important to note that although the attacks appear primarily on adult sites at the moment, it is possible that they may spread to other more mainstream websites on the internet. The spyware may include a variety of security risks such as keyloggers that will monitor the keystrokes in an attempt to steal financial and confidential information.

There are no patches available from Microsoft for the vulnerability at this point.

Symantec Security Response has analyzed the threat and has provided protection for it via LiveUpdate and Intelligent Update. The current Trojan that leverages the zero-day vulnerability to attack is detected as Trojan.Vimalov. Symantec Security Response is also releasing intrusion protection (IPS) signatures to proactively protect customers against attempts to exploit the Internet Explorer vulnerability itself.

If you are a current Symantec Customer running Norton AntiVirus or Norton Internet Security and regularly run LiveUpdate™, you are protected from this threat and its varients.

If you are unaware of the security status of your PC, please take one of the following actions:

Run LiveUpdate™

virus Definitions are available via the LiveUpdate or the Security Response Website.

Existing Customers
If you have an older version of Norton Internet Security™ and would like to upgrade to Norton Internet Security 2007, please click here.

New Customers
To protect yourself with Norton Internet Security 2007, please click here.

By: Marv Ko

Computer viruses are deadly. They often spread without any apparent contact and can be a nuisance, or even worse, fatal to your computer. Individuals who create these viruses, estimated at 10-15 new ones a day, are the electronic version of terrorists.

Their goal is to inflict havoc and destruction on as many people as possible by disabling, stealing, damaging, or destroying computer and information resources. (more…)

By: Tim Knox

Q: I use PayPal to accept credit cards for my online collectibles business. I recently received an email that my PayPal account was going to expire in five days if I didn’t click a link in the email and give them my PayPal account information. Being naturally paranoid I decided not to give this information and I’m happy to say that my PayPal account did not expire. Was this a scam?
– Brenda A. (more…)

By: Tim Knox

Do you know what “phishing” is? No, it doesn’t mean you grab a phishin’ pole and head to the nearest phishin’ hole to catch some phish.

Phishing has a much more sinister connotation. The official Webopedia definition of “phishing” is as follows: The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information. (more…)