Security News Collected by AWSODA-SYSTEMS

House busy with small-biz bills | An artful take on fed pay debate

2012-02-03T07:36:00.000-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

2/3/2012

House members introduce flood of small-business legislation
Insourcing, agency advocates, budget cuts, raised contracting goal: The legislation continues to pour out of the House. But will it go anywhere?

For the cartoonist, federal pay debates pay frequent dividends
FCW cartoonist John Klossner is always open to a new angle on everybody's favorite topic.
OFPP calls for end to exec pay benchmark
House votes to extend pay freeze
Interior creates system for employee mobile device connection
NATO cyber defense lags
OPM renews attack on processing backlog

How to relieve the pressure of data center consolidation
Sponsored by: CDWG and EMC

Under pressure to consolidate data centers, many government IT managers are focusing on hardware utilization. Several techniques can help agencies maximize their IT investments, including data center optimization and server virtualization.

Learn more

How to relieve the pressure of data center consolidation
Optimization mixes multiple tactics that have proven to be effective at boosting server efficiency and trimming data center costs.
Where saving the planet and saving money intersect
When it comes to cutting energy costs in data centers, what's good for the government is also good for the environment.

Setting a Strategy for Secure Mobile Printing
Sponsored by HP

IT security plans must be expanded to address printing from mobile devices, both inside and out of the traditional office. Learn how to implement an effective strategy.

Learn more

Adobe Government Assembly: Free for Government!
Feb 8, Washington, DC

This year's robust program features public sector leaders and industry experts focused on the key issues of advancing citizen engagement, implementing innovative technologies and protecting critical information. Don't miss your opportunity to learn tactics for meeting today's challenges and for revolutionizing operations in your agency.

Register Now!

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

TrendLabs | Malware Blog - by Trend Micro - Mobile Threat Landscape: A Decade Later

2012-02-03T02:11:00.000-06:00

Click here to read this mailing online.

Here are the latest updates for security-news@awsoda.net

"TrendLabs | Malware Blog - by Trend Micro" - 1 new article

Mobile Threat Landscape: A Decade Later

We already knew that more and more people are becoming tablet and smartphone owners, but two new surveys that were released just this week reinforced that. A Google/Ipsos poll found that smartphone use was growing in all 5 surveyed countries. In the US, smartphone ownership rose from 31% to 38% of the population by September/October 2011. Over the holiday, a separate Pew poll found that ownership of eBook readers and tablets doubled.

Increasingly, threats to users are “going mobile” – and quite comfortably it seems. The mobile threat landscape has grown exponentially ever since the first proof-of-concept Palm Trojan was found. Mobile and tablet users are now seeing the same kinds of threats seen in the PC-world. Here are some scenarios that show the increasing similarities:

More than five years ago, a common tactic that cybercriminals used was getting reconfigured modems to call out to premium service and long distance numbers. Today, mobile malware frequently attempts to sign up users to premium services with regular subscription fees. Other times, they will transmit pilfered credentials and data to attackers, not caring about the user’s (limited) data plan, a potentially unsecured WiFi hotspot, or roaming with an expensive data plan.
For twenty-odd years the predominant malware threats were viruses, then it was worms and today its mostly one-time use Trojan downloaders. All this was just a means to an end; to keep your systems infected and compromised and prolong the threat. On mobile platforms, we already have data stealing Trojans tucked away in the guise of a useful mobile app but which silently record and transmit your data in the background.
Multi-staged and cross-platform threats from PC-to-mobile and back are already happening. Some variants of the ZeuS banker malware monitor your PC and online transactions; when it detects a request for secondary verification will send a Facebook link to your mobile phone to retrieve the data and thus fully get access to your online financial records.
Almost everybody I know receives some form of email on their mobile device, which basically mirrors whatever they get on your desktop. They are therefore subject to all the same phishing and spam that one gets on the PC-platform.
Exploits and threats such as man-in-the-middle attacks and broken SSL connections are things one hears about on PCs. However, today’s smartphones run more than ten times faster than PCs did in the 1980s. Together with the smaller screens and lack of full fledged tools to investigate things that are running in the background, this means that mobile/tablet users will be even more unaware to the fact that they are under attack or are victims.

These same devices are being brought into companies and increasingly adapted with BYOD (bring-your-own-device) policies that increases productivity. However, many companies do not treat these “mobile PCs” with the same caution as full-fledged laptops and desktops that follow policies and guidelines.

The rash of mobile apps that monitor and steal user information, and applications that are able to bypass even the most stringent vetting processes is proof that the mobile threat is here and now. As technology continues to integrate and make online access ubiquitous, everyone should become more aware of safe computing guidelines no matter what platform they are on.

How can users avoid becoming the next victim? Even when using mobile devices, there are anti-malware and content filtering solutions available. When partnered with some safe computing common sense, this adds another extra layer of protection against many of the common threats out there. Don’t forget to upgrade/update your firmware and your mobile apps as soon as they become available. They aren’t just there to make things pretty, but are released as bug fixes to reported issues.

Our previous thoughts about the mobile malware threat may be found in the following posts:

Post from: TrendLabs | Malware Blog - by Trend Micro

Mobile Threat Landscape: A Decade Later

• Email to a friend • Article Search • View comments • Track comments • •

US-CERT Current Activity - Apple Releases Multiple Security Updates

2012-02-02T11:39:00.000-06:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Apple Releases Multiple Security Updates

Original release date: February 2, 2012 at 12:15 pm
Last revised: February 2, 2012 at 12:15 pm

Apple has released security updates for Apple OS X Lion 10.7 to
10.7.2, OS X Lion Server 10.7 to 10.7.2, Mac OS 10.6.8, and Mac OS X
Server v 10.6.8 to address multiple vulnerabilities. These
vulnerabilities may allow an attacker to execute arbitrary code, cause
a denial-of-service condition, obtain sensitive information, and
bypass security restrictions.

US-CERT encourages users and administrators to review Apple Support
Article HT5130 and apply any necessary updates to help mitigate the
risks.

Additional information regarding CVE-2011-3449 can be found in US-CERT
Vulnerability Note VU#410281.

Additional information regarding CVE-2011-3446 can be found in US-CERT
Vulnerability Note VU#403593.

Relevant Url(s):
<http://www.kb.cert.org/vuls/id/410281>

<http://support.apple.com/kb/HT5130>

<http://www.kb.cert.org/vuls/id/403593>

====
This entry is available at
http://www.us-cert.gov/current/index.html#apple_releases_multiple_security_updates1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTyrKYT/GkGVXE7GMAQLC2gf/e+PFKJzHdSVdFHLxw4RVbC8JADM/TZ6z
4ZXoxsZbyu7GqGtnHZrjFPnwSWhuMAMsBBRO1SQS7uOQh16ntiZmjhcR5R2Lb2vg
+IKVjvTzHKc/++fmvoVa8w7UM+BtN0xXKWiTRHwwkxs2RiSHW7wTjeNb4NnIR+ks
tbBzcOs8nzEV2g/MWLVZ3QWGlkS41pq1tSJHgAZ+jxBeQI0e28genphOh5Uev/ov
5YaW6kZSbFh+ZaDdm6QT6mri6JRD5LfTp+eqjg6FXo2D0A8GLAPRUASUm4Pp94ut
8JgTGyb/4hUfQbQj9EeyquxGVBQdabarjoCwUqx6saKGG6MT94Q0vQ==
=sxR4
-----END PGP SIGNATURE-----

Cloud skeptics by the numbers | The next tech destined for the dustbin?

2012-02-02T07:36:00.001-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

2/2/2012

Federal managers doubt cloud computing's cost-savings claims
Government managers are apprehensive about the security in cloud environments, and many are skeptical of its promises of major cost savings.

Is the laptop about to be obsolete in agencies?
The rising popularity of tablet computers could consign older tech to the dustbin, analyst argues.
Feds encourage tech companies to create ID management 'ecosystem'
Google tries to quell privacy policy backlash
Finding NASA's new multi-player game on Facebook takes one giant leap

A peek inside the Fed 100 process
A lot of hard work goes into choosing each year's Federal 100. Here, we pull back the curtain to show you how we do it.
Presenting: The Federal 100 for 2012

The STAND: Data Center Efficiency
Sponsored by: Brocade

What tools do agency data center managers need to manage for the greatest efficiency?

Learn more

Unused, dust-gathering software is a symptom of poor IT management
Poor software management techniques add up to billions in wasted investments.
How better intell keeps US warfighters ahead of the opposition
As the Defense Department wrings as much extra spending as possible out of its budget, DOD continues to emphasize C4ISR programs that can deliver critical intelligence and data to warfighters in the field.

Free Breakfast Seminar--Disaster Recovery and The Cloud

Join IT experts from NetIQ and Strickland Consulting at this complimentary breakfast seminar in Washington DC. Explore how cloud based disaster recovery and virtualization are changing the face of disaster recovery planning in your Federal agency. Space is Limited.

Register Today!

Download resources

Red Hat Enterprise Virtualization, KVM, and the Path to Cloud Computing
Sponsored By Red Hat
This IDC whitepaper begins with the history of virtualization. It then explains Red Hat's role in the development of virtualization technology, new features in Red Hat Enterprise Virtualization 3.0, and the next wave in virtualization-the cloud. Read more.

Improve Business Performance in a Project-Intensive World
Sponsored By Oracle
This white paper examines how project trends have a direct impact on project performance as well as overall business performance, and look at the areas of project management that executives at project-driven organizations must focus on in order to address these challenges. Read more.

FISMA Compliance through Centralized Identity & Access Management Leveraging Active Directory
Sponsored By Centrify
While FISMA compliance is a complex process, the core IAM requirements are well established principles that can be addressed through centralized management, policy enforcement and continuous monitoring. Learn how to address these requirements by leveraging existing Active Directory infrastructure to centrally manage non-Windows systems and applications. Read more.

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

US-CERT Current Activity - Mozilla Releases Firefox 10 and 3.6.26

2012-02-01T09:21:00.000-06:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Mozilla Releases Firefox 10 and 3.6.26

Original release date: February 1, 2012 at 9:50 am
Last revised: February 1, 2012 at 9:50 am

The Mozilla Foundation has released Firefox 10 and Firefox 3.6.26 to
address multiple vulnerabilities. These vulnerabilities may allow an
attacker to execute arbitrary code, cause a denial-of-service
condition, obtain sensitive information, or perform a cross-site
scripting attack.

US-CERT encourages users and administrators to review the Mozilla
Foundation Advisories for Firefox 10 and Firefox 3.6.26 and apply any
necessary updates to help mitigate the risk.

Relevant Url(s):
<http://www.mozilla.org/security/known-vulnerabilities/firefox36.html>

<http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox10>

====
This entry is available at
http://www.us-cert.gov/current/index.html#mozilla_releases_firefox_10_and

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTylYVT/GkGVXE7GMAQLt3wgAl/bvmirvEy/87JrIuu+gOTEAkuGwdU6r
pKi0GhOAypGEWBQSaVqJQ0NyxWfqxFfhUu4RiYPds8f2dVV/ZhOqC4Q8fFSs0WBj
mz9nIA40ziBYU1idR3f/o23bFQu2DQaMvTNAEh4hcj+S+NVsNhW77/YyL5/MmnI8
6Ufi/70J9B4oiahF5GrKG4E8g6oYDAH9ixV/3y/qqnPufvWojnddrmmTmJUZWi60
MFJSaHsJfdjLqhvsuxCMiKvPUnKpGFRzsOPqEN09X4zz94FNVl5y7+gRa7Mj11ws
IduzTZN+hRsayR1ReIElESUFYXuqZeTxseYmL0OdFwnHybtZIPEPkA==
=lX7H
-----END PGP SIGNATURE-----

DOD's Android efforts paying off | A cautionary tale for website revisions

2012-02-01T07:36:00.000-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

2/1/2012

DOD's Android effort begins to bear fruit
DOD's embrace of the Android operating system is just getting started. How did it begin?

Energy offers a website redesign cautionary tale

The Energy Department's recent Web redesign resulted in documents going missing. The reason for the disappearance could affect other agencies.
OMB calls on citizens for help on Shared IT Strategy
Bill would have feds feel the bite of missed contracting goals
SSA falls short of goal for retirees filing online -- again
OMB outlines progress on eliminating government waste
Survey: More feds choose telework for the time savings, not work-life balance
Steve Kelman's latest check-in with Chinese students

Presenting: The Federal 100 for 2012

Increasing Efficiencies in Government with a Managed Print Environment
Sponsored by HP

This paper examines some of the current problems surrounding printing in government agencies - and discusses how agencies solve these problems, even while on a tight budget.

Learn more

The STAND: Data Center Efficiency
Sponsored by: Brocade

Predicting data flow and capacity needs is increasingly difficult. What impact does this have on data center efficiency, and how can agencies cater for this in their optimization plans?

Learn more

Download resources

Storage virtualization tames the data beast
Research Sponsored By: CDW-G and EMC
Although new funding for agency IT systems might barely qualify as a trickle, the flood of data surging into agency storage systems shows no signs of abating. In just the past few years, agencies at the federal, state and local levels are dealing with 40 percent increases in storage demand. How are agencies supposed to handle storage for so much data while facing pressure to consolidate data centers? Storage virtualization is a critical piece to that puzzle, and most agencies are already adopting or exploring their options. Read More Here

Improving Federal Information Access Security with FIPS-Certified Solutions
Sponsored By F5 Networks
This paper explores how federal agencies can effectively control who has access to systems and information while still ensuring IT services and remotely-hosted applications remain readily available to valid users and government knowledge workers. Read more.

Confusion Guidance for Replacing Tape with Disk for Backups
Sponsored By Exagrid
When evaluating different approaches to replacing tape with disk, take the time to ask the right questions and understand the strengths and weaknesses of each alternative. Read more.

Is Your Network Ready for IT's New Role in the Federal Government
Sponsored By Cox Business
As the Federal government ushers in a new era of technology for agencies, IT managers must ensure their networks are prepared to meet the latest requirements. In this research report, learn what the top priorities are for IT managers over the next 12 to 18 months and how they are going to implement new initiatives. Read more.

Adobe Government Assembly: Free for Government!
Feb 8, Washington, DC
This year's robust program features public sector leaders and industry experts focused on the key issues of advancing citizen engagement, implementing innovative technologies and protecting critical information. Don't miss your opportunity to learn tactics for meeting today's challenges and for revolutionizing operations in your agency.
Register Now!

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

Presenting: The Federal 100 for 2012

2012-01-31T07:36:00.000-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

1/31/2012

Presenting: The Federal 100 for 2012
Our winners span a broad range of accomplishments across government and industry, military and civilian agencies, at home and abroad.

Think your contract win means guaranteed income? Not so fast.

Rescue your IT staff from data center management purgatory
Sponsored By: CDW-G and EMC

In a world full of sparsely used servers, storage devices and other hardware, IT administrators have plenty to do to keep all the systems humming along without incident. That job has become increasingly difficult, and federal, state and local agencies are aware of the demands that data center management places on their staff. However, your IT staff is not predetermined to chase server problems for eternity. Data center optimization can help ease server and storage management by consolidating systems on fewer devices, which demands less time from your IT administrators so they can handle other tasks that work toward an agency's mission.

Read More Here

How to show the ROI of data center optimization
The path to proving the return on investment of an optimization program isn't as slippery as many agency leaders believe. Here's why.
Rescue your IT staff from data center management purgatory
Among many other benefits, data center optimization should reduce the amount of time your IT staff spends managing servers.

Mission-Tailored As-A-Service Solutions

CSC's innovative as-a-service solutions help government deliver agile services, achieve worldwide mobility and reduce operating costs. Tailored to the needs of your agency, CSC's as-a-service solutions leverage commercial and public sector expertise in cybersecurity and managed services.

Learn more

Download resources

Continuous Monitoring for Government Agencies
Sponsored By Q1 Labs
The federal government is implementing FISMA 2.0 along with a continuous monitoring process to help agencies improve their security grades and lower overall risk. Learn how the QRadar Security Intelligence Platform provides the functions required as part of a continuous monitoring program including SIEM, risk management, log management, and network behavior analytics. Read more.

Making Critical Connections: Predictive Analytics in Government
Sponsored By IBM
Predictive analytics is enabling government agencies to detect patterns in large, complex datasets and make critical connections to minimize or eliminate potential threats to the public good. Read more.

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

TrendLabs | Malware Blog - by Trend Micro - 2 new articles

2012-01-31T02:17:00.001-06:00

Click here to read this mailing online.

Here are the latest updates for security-news@awsoda.net

"TrendLabs | Malware Blog - by Trend Micro" - 2 new articles

Search Monetization As a New Threat to the Mobile Platform
Facebook Valentine's Theme Leads to Malware
More Recent Articles
Search TrendLabs | Malware Blog - by Trend Micro
Prior Mailing Archive

Search Monetization As a New Threat to the Mobile Platform

Last week we came across a report about a Plankton variant embedded in various apps emerging in the Android Market. One of the samples we inspected is a puzzle game called Sexy Ladies-2.apk, which is detected as ANDROIDOS_PLANKTON.P along with many other apps related to it.

Other external reports tell of the millions of app downloads with similar suspect code, which led to coining it as the “largest Android malware outbreak ever”. In that report, the analyzed application is a puzzle game. It starts a service that can create a shortcut, get/set bookmarks, post device information to its server (including IMEI, brand, device, model, operating system, OS version, display metrics, locale), set notifications, and set browser homepage.

Our findings show us that this application can be categorized as adware since it appears to be simply used for advertisements. A more appropriate term may be “mobile app adware” with the SDK (software development kit) being used for legitimate download upfront revenues so that people can download them from various mobile app distribution sites. The app’s basic functionality is as was claimed: install a search shortcut and serve ads through that app. Its behavior does not send any private personal data to external server. In short, it turns out to be a monetizing ad service so that app developers can make more money from their free apps. This is basic search monetization.

“Mobile App Adware”

At this point this is a perfect example of “mobile app adware.” This is bolstered from the fact that the current business model is for an SDK integrated into the app and is used for legitimate download affiliate revenue. In today’s content-serving business and marketing model, this makes it practically the same as what is being done on desktop PCs.

Threat Response Engineer Erika Mendoza adds “taking ad networks into consideration, I think it makes more sense now that a lot of applications are bundled with code similar to this. This mobile adware is quite aggressive, but it still depends on the user if they consider this annoying behavior malicious.”

But researchers at Lookout Mobile Security don’t think that this behavior means it's a malware attack, rather, it is an “aggressive form of an ad network.” We agree with the claim that it isn’t malware per se, however, the issues regarding this involve how mobile information is gathered and stored. There are also potential privacy issues down the line which today users may not understand the possible ramifications of until much later.

It is common for any installed app to retain whatever install rights provided as well as whatever social network or interaction it is allowed. These settings can be retained even if the initial app is removed and reused as a default. In reality, with several hundred apps downloaded with varying purposes and with each mobile device having varying user set protection levels, there are just too many variables to track.

We will consistently provide information about the threat potential, however it’s up to the user’s consent to make an informed decision whether to proceed with downloading the app or not.

The Risks of Search Monetization for Mobile

Of course, there are a lot of potential issues with search monetization hitting the mobile platform. As previously discussed in our 12 Security Predictions for 2012 report, the smaller screens and limited user interface make it a bit more difficult even for the most tech-savvy researcher to figure out what’s going on in the background. This makes it even more difficult and impossible for a regular user to manage. With the recent reported privacy and information theft incidents last year, it is even more critical that users be aware who has their metadata (product preferences, search history, etc) and how its being managed, wherein right now, exists predominantly in the cloud.

Over and over, it’s been said that we are living in the post-PC era. One indication is that tablets were one of the most gifted things last holiday season. As such, this poses as a natural progression of where the money and people’s attention is: ads in the daily newspaper to magazine ads in the magazines, to cable TV, desktop PCs, and now on mobile devices. Who knows where search monetization could land next? Clearly, search monetization is here to stay.

Everyone should be concerned about installing any app on their phones. Your phone stores data, and depending on the level of which you’ve patched it, the best defense anyone has is to be aware of the sort of information you put out.

Post from: TrendLabs | Malware Blog - by Trend Micro

Search Monetization As a New Threat to the Mobile Platform

• Email to a friend • Article Search • View comments • Track comments • •

Facebook Valentine's Theme Leads to Malware

It’s never too early to get ready for Valentine’s day, it seems, even when it comes to malicious attacks. Recently, I came across a scam in Facebook that leverages the upcoming occasion.

The said attack begins with a post on affected users’ wall inviting other users to install a Valentine’s theme into their Facebook profile.

Once users click on this post, they are redirected to another page that urges them to install the said theme. Note that this attack only works on either Google Chrome or Mozilla Firefox browsers.

Clicking the Install button on the page will prompt the download of the malicious file, FacebookChrome.crx which Trend Micro detects as TROJ_FOOKBACE.A. When executed, TROJ_FOOKBACE.A executes a script that is capable of displaying ads from certain websites.

It also installs itself on the on the users' browsers as an extension named Facebook Improvement |Facebook.com.

Once this malicious browser extension is installed, it will monitor the users' browsing activities and redirect their page to a survey page asking them for their mobile number. Users who clicked on the post using Internet Explorer (IE) will be redirected to the same survey, without them being asked to download anything.

Upon further analysis, we discovered that the attack is much more effective if the users are employing either Google Chrome or Mozilla Firefox. It resembles a legitimate extension download, thus requiring less user interaction than in the case where Internet Explorer is used (in which case the user is redirected to surveys).

With the focus of the attack mainly built around the concept of pretending to be a valid Chrome extension, we can reasonably conclude that Chrome users are the main target of this particular attack, with the IE redirection as more of an afterthought. But while there may be browser activity monitoring involved, TROJ_FOOKBACE.A does not seem to have any information theft techniques. It fits the criteria of a clickjacking attack more, where it automatically ‘likes’ several Facebook pages as well as automatically posts a message on the affected user’s wall.

The fact that the attack itself is focused on Chrome and Firefox may mean that cybercriminals are targeting extension-compatible browsers, as well as going after more popular browser choices. This is not the first attack of its kind, but considering that extension-capable browsers are coming to the forefront now, it serves as a warning to all of us that this may be a continuing a trend that the malicious entities of the Internet are going to follow in the foreseeable future.

Trend Micro protects users from this attack via Trend Micro™ Smart Protection Network™ that detects the malicious file and blocks all related malicious URLs.

Post from: TrendLabs | Malware Blog - by Trend Micro

Facebook Valentine’s Theme Leads to Malware

• Email to a friend • Article Search • View comments • Track comments • •

Is government ready for cloud procurement? | How to avoid Google risks

2012-01-30T07:38:00.001-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

1/30/2012

Is government procurement ready for the cloud?
Cloud computing can present unfamiliar territory for government acquisition officials.

Google privacy impact on feds becomes clearer
Google offers tips for minimizing the risk of its new privacy changes, but experts still caution federal users.
Chopra to step down
Cloud computing expected to spur job creation
Energy Department to establish new cyber center
NARA could miss deadline for declassification project
Feds join fight to protect your privacy
Navy prepares to award contract for shipboard computer networks

Agencies: Stop abusing simplified acquisitions
Small-biz advocate Raul Espinosa says agencies skirt rules designed to create contracting set-asides.

Learn more about cloud-optimized networks

Deliver data center-class reliability and scalability to the edges of the network and into the cloud. Brocade. The leader in cloud-optimized networking for the federal government. Helping build network foundations that ensure federal data center consolidations.

When the mission is critical, the network is Brocade .

Unused, dust-gathering software is a symptom of poor IT management
Poor software management techniques add up to billions in wasted investments.
Rescue your IT staff from data center management purgatory
Among many other benefits, data center optimization should reduce the amount of time your IT staff spends managing servers.

Learn more about cloud-optimized networks

Deliver data center-class reliability and scalability to the edges of the network and into the cloud.Brocade. The leader in cloud-optimized networking for the federal government.Helping build network foundations that ensure federal data center consolidations.

When the mission is critical, the network is Brocade .

Download resources

Secure Virtualization with sVirt
Sponsored By Red Hat
Virtualization improves scalability, uptime, and use of limited resources. With its unique architecture and NSA-developed security, Red Hat Secure Virtualization (sVirt) is the industry's most comprehensive security solution for virtualization.
Read more.

Data Center Optimization
Sponsored By CDW-G
Under pressure to consolidate data centers, many government IT managers are focusing on hardware utilization. From state and local governments to the Defense Department and civilian agencies, IT managers are feeling the pressure to squeeze more capacity out of their servers, storage devices and other expensive pieces of hardware. In this research report, learn how several techniques can help agencies maximize their IT investments, including data center optimization and server virtualization. Read more.

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

TrendLabs | Malware Blog - by Trend Micro - Top APT Research of 2011 (That You Probably Haven’t Heard About)

2012-01-28T02:00:00.001-06:00

Click here to read this mailing online.

Here are the latest updates for security-news@awsoda.net

"TrendLabs | Malware Blog - by Trend Micro" - 1 new article

Top APT Research of 2011 (That You Probably Haven't Heard About)

Throughout 2011, I am sure that you have heard of the compromise of RSA, in which the stolen data regarding RSA's Secure ID appears to have been used in subsequent attacks and that there were many more victims other than RSA. You’ve probably also heard of ShadyRAT, which demonstrated the longevity of command and control infrastructure as well as Nitro and Night Dragon which showed that some attackers focus on specific industries.

You’ve probably also heard of Trend Micro’s research of the Lurid attacks which showed that the attackers are interested in non-US targets but more importantly, such attacks should be seen as “campaigns” and not isolated attacks.

But what about all the great APT related research that you probably haven't heard about?

Here is my personal Top 10 11:

The “Contagio Dump” and “Targeted Email Attacks” Blogs – Mila Parkour and Lotta Danielsson-Murphy have been posting information that fuels much of the research in this area. While malicious binaries are often available for analysis, the content of the socially engineered email is often elusive. These blogs have been providing a unique insight into the realm of targeted attacks.
The CyberESI Blog – The team at CyberESI has been posting detailed analysis (and I mean detailed) of some of the most prolific malware families. In my view, their analysis has set the bar for reverse engineering in this area.
Htran –Joe Stewarts research on Htran was over shadowed by the ShadyRAT report but I think it was the most innovative research papers this year because it tackled the attribution problem by looking behind the source IP's of attacks to reveal the actual location of the attackers.
Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains – Hutchins, Cloppert, and Amin explain how to track the phases on an attack and group multiple incidents into a “campaign”. This is a must-read for anyone tracking APT.
“1.php” – This report by Zscaler on a particular campaign thoroughly maps out and analyzes the command and control infrastructure (C&C) and presents the results in a way that is actionable for defenders. Moreover, it contains insightful commentary on information disclosure in this area.
APT Secrets in Asia – Xecure's presentation at this year's BlackHat demonstrated their research in clustering malware into groups based on common attributes. I really like the clustering technology they are working on as well as the term they introduced “NAPT” (Non-Advanced Persistent Threat).
M-Trends – This report by Mandiant is an excellent overview of the attackers' methodology as well as remediation strategies. In addition, it contains Mandiant's work on investigating persistence mechanisms, particularly “DLL search order hijacking.”
Sykipot – AlienLabs documented the trends in targeting (UCAVs) surrounding the Sykipot campaign as well as exploits, malware and command and control infrastructure used by the attackers.
"What is an APT without a sensationalist name?" – Seth Hardy's presentation at SecTor provided a much needed critical look at the hype surrounding APT along with a detailed technical analysis of a particular malware “SharkyRAT”.
“Moli Hua” – Greg Walton documented an attack on journalists that leveraged Facebook and an MHTML exploit for Gmail that allowed attackers to add their own email addresses as “delegated accounts”.
“My Lovely Wood” – This paper by Frankie Li provides a detailed technical analysis of malware used in a targeted attack.

Post from: TrendLabs | Malware Blog - by Trend Micro

Top APT Research of 2011 (That You Probably Haven’t Heard About)

• Email to a friend • Article Search • View comments • Track comments • •

Panetta fires first shot in DOD budget showdown

2012-01-27T07:35:00.000-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

1/27/2012

Panetta fires first shot in defense budget showdown
Get ready for the future's leaner Defense Department.

The STAND: Data Center Efficiency
Sponsored by: Brocade

What are the biggest technology and/or operational barriers to optimal efficiency in the typical data center?

Learn more

How to relieve the pressure of data center consolidation
Optimization mixes multiple tactics that have proven to be effective at boosting server efficiency and trimming data center costs.
Mobile movement infiltrates the health IT world
Roughly three-quarters of U.S. physicians have joined the mobile revolution, and apps are popping up to help patients interact with doctors and other health care providers.

Adobe Digital Government

2012 Adobe Government Assembly
February 8, 2012
The National Press Club - Washington, D.C.
FREE Registration for Government

Register Now!

Download resources

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

TrendLabs | Malware Blog - by Trend Micro - Malware Leveraging MIDI Remote Code Execution Vulnerability Found

2012-01-27T01:59:00.001-06:00

Click here to read this mailing online.

Here are the latest updates for security-news@awsoda.net

"TrendLabs | Malware Blog - by Trend Micro" - 1 new article

Malware Leveraging MIDI Remote Code Execution Vulnerability Found

Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003). (Ed. Note: addressed in MS12-004)

The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, consequently allowing remote attackers to execute arbitrary code.

In the attack that we found, the infection vector is a malicious HTML which we found hosted on the domain, hxxp://images.{BLOCKED}p.com/mp.html. This HTML, which Trend Micro detects as HTML_EXPLT.QYUA, exploits the vulnerability by using two components that are also hosted on the same domain. The two files are: a MIDI file detected as TROJ_MDIEXP.QYUA, and a JavaScript detected as JS_EXPLT.QYUA.

HTML_EXPLT.QYUA calls TROJ_MDIEXP.QYUA to trigger the exploit, and uses JS_EXPLT.QYUA to decode the shellcode embedded in HTML_EXPLT.QYUA’s body. Below is a screenshot of HTML_EXPLT.QYUA's code. Notice the highlighted parts where it calls the MIDI and JavaScript components:

Upon successfully exploiting the vulnerability, it decodes and executes the decoded shellcode. This shellcode then connects to a site to download an encrypted binary:

This binary is then decrypted and executed as a malware detected as TROJ_DLOAD.QYUA. We’re still conducting further analysis on TROJ_DLOAD.QYUA, but so far we’ve been seeing some serious payload, including rootkit capabilities.

Meanwhile, as the routines stated above happens in the background, the affected users remains unsuspecting and sees the following:

Microsoft has already issued an update to address this vulnerability during the last patch Tuesday, so our first advice to users is to patch their system with the Microsoft security update here. It affects Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2. We’d like to reiterate that this is a publicly disclosed exploit. As such, we can expect similar attacks in the future.

On the other hand, Trend Micro customers are already protected from this by the Trend Micro™ Smart Protection Network™, which blocks the related malicious files and URLs.

We will update this blog entry once more information is available.

Update as of January 26, 2011, 7:50 a.m. (PST)

Trend Micro Deep Security shields this vulnerability using the specified rules. For more information on the Deep Security rules, users can visit our vulnerability page here.

Post from: TrendLabs | Malware Blog - by Trend Micro

Malware Leveraging MIDI Remote Code Execution Vulnerability Found

• Email to a friend • Article Search • View comments • Track comments • •

Say goodbye to some favorite technologies | Google's new rules raise new worries

2012-01-26T07:36:00.000-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

1/26/2012

Technology on the outs in 2012
Some technology standbys will get their walking papers this year.

Google's new privacy policy raises new worries for feds
New policies concerning Google's collection and use of user data should have feds taking a close look at their use of the company's services.
Agencies that miss small-biz goals could face penalties
DISA sees opportunity in commercial cloud mandate
DOD still falters on auditabilty, Congressional panel says

Why career feds are needed now more than ever

Where saving the planet and saving money intersect
Research Sponsored By: CDW-G and EMC

Server virtualization has the power to make life much easier for IT administrators and managers. Among government managers, the most recognized benefit of virtual servers is smarter, more efficient utilization of resources. But besides greater hardware utilization efficiency, agencies also can meet increasingly important green initiatives while also saving money. Server virtualization helps agencies reduce costs from hardware purchases and the power and cooling costs that come with making all that hardware run reliably in a data center.

Read More Here

DOD, VA recalibrate the model for health records
The Defense and Veterans Affairs departments are integrating their EHR programs via open-source coding that promises to give service members one record that will follow them their entire career.
Where saving the planet and saving money intersect
When it comes to cutting energy costs in data centers, what's good for the government is also good for the environment.

Data-Enabled Government. How Well Is Our Personal Information Protected
Sponsored by HP

This paper examines the key issues surrounding the use and protection of personal data and draws on in-depth interviews with experts working on the front lines of public sector data management.

Read more

Download resources

Federal IT: Consolidating Your Data Securely in a Cloud
Sponsored By EMC
The decision on how to execute a consolidation will depend on the applications an agency has, their varying levels of importance, their connection to one another and the agency's environment. Learn more about the progress being made in data center consolidation and cloud migration in this brief. Read more.

Integrated and Automated Budget, Program and Performance Reporting
Sponsored By IBM
Read this paper to learn how IBM Cognos FSR with TM1 helps budget and finance teams to automate the generation of complex, process driven reports while maintaining the agency's current business processes and disclosure management requirements. Read more.

Adobe Government Assembly: Free for Government!
Feb 8, Washington, DC
This year's robust program features public sector leaders and industry experts focused on the key issues of advancing citizen engagement, implementing innovative technologies and protecting critical information. Don't miss your opportunity to learn tactics for meeting today's challenges and for revolutionizing operations in your agency.
Register Now!

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

TrendLabs | Malware Blog - by Trend Micro - How Private Is My Online Information?

2012-01-26T01:57:00.001-06:00

Click here to read this mailing online.

Here are the latest updates for security-news@awsoda.net

"TrendLabs | Malware Blog - by Trend Micro" - 1 new article

How Private Is My Online Information?

At a time when the web is flooded with user information and entire platforms are built and run on sharing just about every piece of information about oneself, you have to wonder, “Are we really living in the post-privacy era?”

For 2012, we believe that the new social networking generation will redefine privacy. Our concept of online privacy constantly changes along with various shifts in technology. Providing information has become so convenient that most people no longer know how much information they reveal and to whom.

With Data Privacy Day coming up, it's high time that people all over the world become aware about best online privacy practices. Though most of you may already know, social networking sites track your movements and store valuable information such as photos, links, videos, and everything else they make public. As you increasingly go online for personal transactions like shopping and banking, you're bound to wonder just how much information you actually expose online.

The end of online privacy and an era of extreme openness may be the only inevitable conclusion unless you know the implications that the cyberlinked world brings. You should realize that along with the convenience that the Internet brings comes great responsibility. Despite the fact that Data Privacy Day is currently only observed in the United States and Canada, this should not hinder raising awareness on online privacy on a global level.

For more information on online privacy, please read our latest TrendLabs Digital Life e-Guide, Be Privy To Online Privacy.

Trend Micro is an official data privacy champion for this year’s Data Privacy Day.

Post from: TrendLabs | Malware Blog - by Trend Micro

How Private Is My Online Information?

• Email to a friend • Article Search • View comments • Track comments • •

Presidential politics and the tech agenda | Android devices bound for classified networks

2012-01-25T07:38:00.001-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

1/25/2012

Election preview: The Oval Office and the tech agenda
How much will the winner of the next election change the government's technology direction?

DOD to allow Android on classified networks
Forthcoming security standards are expected to allow the use of certain mobile devices on DOD's secure networks.
Top 4 management tips for federal managers
Modernize legacy systems or replace them: The debate continues
Small business advocate raises reverse auction concerns
Technology education funding includes overlaps, possible duplication
NARA faulted for Internet connection outage that affected staff and public
Anonymous hacks FTC website OnGuardOnline.gov

How to relieve the pressure of data center consolidation
Sponsored by: CDWG and EMC

Under pressure to consolidate data centers, many government IT managers are focusing on hardware utilization. From state and local governments to the Defense Department and civilian agencies, IT managers are feeling the pressure to squeeze more capacity out of their servers, storage devices and other expensive pieces of hardware. Several techniques can help agencies maximize their IT investments, including data center optimization and server virtualization.

Read More Here

4 ways to save green by going green
Agencies can unearth significant savings by tapping some of Earth's useful resources.
What you need to know before moving to a virtual desktop
Virtualization can make life much easier for the IT team, but it does present special considerations that agencies should not overlook.

7 Effective Tips for Securing Sensitive Documents from Internal Breaches
Sponsored by HP

Join us for this critical webcast to hear what improved solutions are available to government personnel and contractors to restrict unauthorized access to sensitive data.

Learn more

Download resources

Adobe Government Assembly: Free for Government!
Feb 8, Washington, DC
This year's robust program features public sector leaders and industry experts focused on the key issues of advancing citizen engagement, implementing innovative technologies and protecting critical information. Don't miss your opportunity to learn tactics for meeting today's challenges and for revolutionizing operations in your agency.
Register Now!

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

TrendLabs | Malware Blog - by Trend Micro - Towards A More Secure Industrial Control Systems Security Posture

2012-01-25T02:29:00.001-06:00

Click here to read this mailing online.

Here are the latest updates for security-news@awsoda.net

"TrendLabs | Malware Blog - by Trend Micro" - 1 new article

Towards A More Secure Industrial Control Systems Security Posture

ICS (Industrial Control Systems) Networks have been really big news lately, due to a spate of vulnerabilities, high-publicized breaches, and various other security concerns.

ICS Networks are defined as networks or collections of networks that consist of elements that control and provide telemetry data on electromechanical components. Such components include valves, regulators, switches, and other electromechanical devices that one may find in various industries such as oil and gas production, water processing, environmental control, electrical power generation and distribution, manufacturing, transportation, and many other industrial settings.

Without getting into detail for each particular industry segment, each of these ICS environments share a common fate —- they are not "traditional" IT network environments and should not be treated as such. Most ICS networks share similar security challenges because of this uniqueness. These challenges are made more complex by the interaction of ICS elements with physical industrial components.

Failure to properly control or restrict access to these elements can lead to catastrophic accidents. Many of the industrial systems managed by these elements are considered "critical infrastructure (CI)" and require a much more specialized security architecture than traditional IT environments.

Supervisory Control and Data Acquisition (SCADA) networks can be defined as the network layer that immediately interfaces with ICS networks as well as host systems that control and monitor elements of ICS networks.

SCADA/ICS networks differ from other networks only in the network elements, management platforms, and sensitivity. All-in-all, they suffer from exactly the same threats as other networks, but with even more potentially catastrophic outcomes.

The biggest issue with SCADA/ICS security is that the ICS community has (for the most part) enjoyed living in a “bubble” for many years – they used proprietary protocols, on specialized & proprietary platforms, on dedicated slow-speed communications infrastructure (even some dial-up), and were completely disconnected from other networks (e.g. the Internet).

Now, the SCADA/ICS community is grappling with the security issues of using commodity hardware and software (e.g. Microsoft Windows), being connected to other external networks (enterprise networks and ultimately the Internet), a chaotic & uncontrolled vulnerability disclosure regime (ICS vulnerabilities being targeted for exploitation), and all other manner of threats that the rest of the general IT security industry has been dealing with for many years.

Yes, some ICS network operators are behind the curve, and yes, some are overwhelmed by these circumstances. But the overall SCADA/ICS community is improving it’s security posture more and more every day.

I have put together a tech note white paper Entitled “Towards a More Secure Posture for Industrial Control Systems“ which briefly discusses some basic beneficial security architecture elements for this environment.

This paper illustrates what I believe should be considered required elements in every ICS network integration effort. It also covers best practices when integrating with SCADA and existing organizational networks as well as the rationale for and importance of each component of the suggested architecture. It is not intended to be an all-inclusive guide for ICS/SCADA security, but rather just a high-level overview of some basic architectural elements which can increase the security posture of an ICS deployment.

Post from: TrendLabs | Malware Blog - by Trend Micro

Towards A More Secure Industrial Control Systems Security Posture

• Email to a friend • Article Search • View comments • Track comments • •

US-CERT Current Activity - Denial-of-Service Malware Campaign

2012-01-24T16:59:00.000-06:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Denial-of-Service Malware Campaign

Original release date: January 24, 2012 at 5:35 pm
Last revised: January 24, 2012 at 5:35 pm

US-CERT is aware of public reports of ongoing distributed
denial-of-service attacks against entities in the government and
private sector. According to the reports, these attacks are being
attributed to the hacker group Anonymous.
US-CERT encourages users and administrators to do the following to
reduce the risk associated with this and other malware campaigns:
* Do not open attachments in email messages from unknown sources.
* Install anti-virus software and keep virus signatures files up to
date.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for information on social engineering attacks.
* Refer to the Recovering from Viruses, Worms, and Trojan Horses
document for additional information on how to recover from
malware.
* Refer to the Continuing Denial of Service Threats Posed by DNS
recursion (v2.0) (pdf) document and Understanding
Denial-of-Service Attacks document for additional information on
denial-of-service attacks.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf>

<http://www.us-cert.gov/cas/tips/ST05-006.html>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

<http://www.us-cert.gov/cas/tips/ST04-015.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#anonymous_activities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTx83hz/GkGVXE7GMAQKeOwf/egqLKxOXFFhWQ7RUscTIunAvOWTfPeNf
CwLr+TXC4bfye7+N+zcexML58d0odHOUhuTPSlNNzMQAJz0bMc4qFtRX9wsryEDk
eR5lM5cHcuw6jsBHOADxEJlM537SZAYVtDuEgQMd3Af0hBaKLyN3G2Vw6UrseiIS
IhJMA28QNN3bDvWc5UoKdhLXutP3SCwDDvA2jcGgndnenmfkh0ErK2JG85TDoNm2
DkJpahzK2rSmyhsuzoQ8RV/dewnQc0IlM5itREujVpqsMZDL3ID3CnQt+NKKlE6K
93IOTq8sSPt4d81KeQREho9DbvqZXLJVnOOiHCERa1WOSGfg/BowLQ==
=j5/N
-----END PGP SIGNATURE-----

US-CERT Current Activity - Google Releases Chrome 16.0.912.77

2012-01-24T12:21:00.000-06:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Google Releases Chrome 16.0.912.77

Original release date: January 24, 2012 at 1:03 pm
Last revised: January 24, 2012 at 1:03 pm

Google has released Chrome 16.0.912.77 for Linux, Mac, Windows, and
Chrome Frame to address multiple vulnerabilities. These
vulnerabilities may allow an attacker to execute arbitrary code or
cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google
Chrome Release blog entry and update to Chrome 16.0.912.77

Relevant Url(s):
<http://googlechromereleases.blogspot.com/2012/01/stable-channel-update_23.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29&utm_content=FeedBurner>

====
This entry is available at
http://www.us-cert.gov/current/index.html#google_releases_chrome_16_02

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTx72lz/GkGVXE7GMAQJC/wgAhTjHq0tcdHltnHQwNXlY48yRQXwVncL1
nAPu5tv9+C7EYJ3TSjMSsNSfg6LijZILNavcIMaUEIjvhzFJaOjF+jUF937lsGgp
GlKClGHaaQOwny7JL0Jlja0VUDTBMhqWE2NrzQRGM5Y7mvu6isXUGeAvawHxFq0x
WrzoOJGg8N7Ft096V9Teb6wfQ0yIDhXJSZddgLKPynYyFQDFjb4EijWNAmGvnncN
ZcxOjk5n8QB8ZsVfAYLu3CS7ZIEcFqsV1++TyuRSeggXUAn4ccuXWWazpS0NA9I5
J6ZmDt5rjMQth/hHK82jC4vkjebw3XxUvTocVnQN0rOhHuQavtxncw==
=dxYz
-----END PGP SIGNATURE-----

US-CERT Current Activity - Symantec pcAnywhere Hotfix

2012-01-24T11:21:00.000-06:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Symantec pcAnywhere Hotfix

Original release date: January 24, 2012 at 11:30 am
Last revised: January 24, 2012 at 11:30 am

Symantec has released an update for pcAnywhere to address multiple
vulnerabilities for the following software versions running on
Windows:
* pcAnywhere 12.5 SP3
* pcAnywhere Solutions 7.1 GA, SP 1, and SP 2

US-CERT encourages users and administrators to review the Symantec
pcAnywhere hot fix and apply any necessary updates to help mitigate
the risk.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://clientui-kb.symantec.com/kb/index?page=content&pmv=print&impressions=&viewlocale=&id=TECH179526>

====
This entry is available at
http://www.us-cert.gov/current/index.html#symantec_pcanywhere_hotfix

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTx7ofj/GkGVXE7GMAQJPxwgAq4DNr2tFdFCKRWx3O4xSwQzXmV8STGTP
n0/SlZUFtGLlJ0nGLSG7P0jTrogH3zJW2NJXrSRuguHUENpr2MOHYr/1mBBfkf/f
rxi2lEFq9ZXZkeuv6YKDOhnC/By4ii2RfQbYXl2Q8qDM0trScqqS/rhpAojg3dlC
w4C4wych0Q987zWD/i/x5jn7qc/0bGasOkzgvKB42RSV8Uu5+KgF6xHyLW8KkRp8
SEbeaGwGpoBrKLJcbuGJzlatYQe2SV2GSgho+jenvnhJEx3JD1PX2g4qA5gxtooV
XiHadBMSis9IatrVEP9mQFRj5zBQhU2DkM3JUmxlj7WUOEpPEzwQXA==
=62mw
-----END PGP SIGNATURE-----

2012's workforce goes virtual | The end of the Gov 2.0 boom?

2012-01-24T07:36:00.000-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

1/24/2012

2012: The rise of the virtual workforce
2012 will see a more intense focus on building a 'hyper-productive, hyper-available' federal workforce.

Gov 2.0 boom over, but the work continues
Having picked all the low-hanging fruit in the form of Facebook, Twitter and mobile apps, federal agencies will be more targeted in their social media approaches in 2012.
Justice wireless network struggling, IG says
Obama to miss budget deadline again
Agencies limit GSA in analyzing travel program
Industry group warns against mandates for small-biz opportunities
Analysis: How to cut intell budgets smartly
Military health records system suffers outage after software upgrade
Innovation center to tackle government tech problems

Data-Enabled Government. How Well Is Our Personal Information Protected
Sponsored by HP

This paper examines the key issues surrounding the use and protection of personal data and draws on in-depth interviews with experts working on the front lines of public sector data management.

Read more

Telehealth boom could break down distance barriers
The proliferation of cheaper and faster Internet access should encourage the spread of telehealth, but financial incentives are lacking.
An industry insider discusses data center efficiency.
Agency data centers are the biggest cost in government IT but given the explosive growth in data that needs to be managed and the ever-increasing demands for IT services, they are also the most important assets.

Download resources

How to relieve the pressure of data center consolidation
Sponsored by: CDWG and EMC
Under pressure to consolidate data centers, many government IT managers are focusing on hardware utilization. From state and local governments to the Defense Department and civilian agencies, IT managers are feeling the pressure to squeeze more capacity out of their servers, storage devices and other expensive pieces of hardware. Several techniques can help agencies maximize their IT investments, including data center optimization and server virtualization. Read More Here

Cloud: What an Enterprise Must Know
Sponsored By Cisco
Read this paper to gain insights about the benefits, barriers, and options for cloud computing. Learn how to develop a cloud strategy that promotes IT efficiency and agility while maintaining security, quality of service, and regulatory compliance. Read more.

Adobe Government Assembly: Free for Government!
Feb 8, Washington, DC
This year's robust program features public sector leaders and industry experts focused on the key issues of advancing citizen engagement, implementing innovative technologies and protecting critical information. Don't miss your opportunity to learn tactics for meeting today's challenges and for revolutionizing operations in your agency.
Register Now!

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

How Facebook's new features could sting you | Acquisition: The high cost of a bargain

2012-01-23T07:38:00.001-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

1/23/2012

Facebook 'invisible' sharing worries privacy advocates
New Facebook features could share your information without your knowledge, expert fears.

IT acquisition: Pay less now, more later
Acquisition officials, wary of budget scrutiny, are finding it difficult to resist the temptation of low pricing, whatever the long-term costs.
Defense IT: Preparing for the worst and other survival strategies in 2012
Throw away the clock
White House sets up official page on Google Plus
New cloud task force seeks caucus members' involvement
DARPA seeks games to test weapons systems
DARPA commissioning ad-hoc smart phone network
Disaster recovery goes virtual

Storage virtualization tames the data beast
Sponsored by: CDWG and EMC

Although new funding for agency IT systems might barely qualify as a trickle, the flood of data surging into agency storage systems shows no signs of abating. In just the past few years, agencies at the federal, state and local levels are dealing with 40 percent increases in storage demand. How are agencies supposed to handle storage for so much data while facing pressure to consolidate data centers? Storage virtualization is a critical piece to that puzzle, and most agencies are already adopting or exploring their options.

Read More Here

4 ways to save green by going green
Agencies can unearth significant savings by tapping some of Earth's useful resources.
Storage virtualization tames the data beast
Armed with tools such as deduplication and storage tiering, agencies have a fighting chance to get control over the rush of data flowing into storage systems.

Adobe Digital Government

2012 Adobe Government Assembly
February 8, 2012
The National Press Club - Washington, D.C.
FREE Registration for Government

Register Now!

Download resources

Early Signs of Progress: Federal Data Center Consolidation
Sponsored By Cisco
Read this Government Business Council brief on the Federal Data Center Consolidation Initiative and get a six-month status report on agencies' progress toward meeting its requirements for closure of 800 data centers by 2015. Read more.

2011 Dresner Advisory Services Wisdom of Crowds BI Market Study
Sponsored By Actuate
Review the results of the "2011 Dresner Advisory Services Wisdom of Crowds BI Market StudyTM." Howard Dresner, report author and worldwide authority on BI, shares the latest market trends and insight and reviews Actuate's score and position in the market. Read more.

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

How agencies imperil FedRAMP | More Facebook changes heighten sharing risk

2012-01-20T07:35:00.000-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

1/20/2012

Agencies' needs could imperil FedRAMP
The specific requirements some federal agencies have could undercut the standardized approach of the Federal Risk Authorization Management Program, industry experts say.

Facebook's Open Graph unleashes auto-sharing
Yet another group of major changes are coming to Facebook, which recently introduced the Timeline format change, and now has added more than 60 new ways to automatically share information.
E-gov satisfaction at high levels, report says
Where does DOD enterprise e-mail really stand?
Can I shoot your avatar?
Blue Button ready for all feds
Defense cloud plans still up in the air
More feds use mobile devices for work than expected
VA kicks off acquisition training program for wounded vets

The STAND: Data Center Efficiency
Sponsored by: Brocade

What are the biggest technology and/or operational barriers to optimal efficiency in the typical data center?

Learn more

How to show the ROI of data center optimization
The path to proving the return on investment of an optimization program isn't as slippery as many agency leaders believe. Here's why.
Mobile movement infiltrates the health IT world
Roughly three-quarters of U.S. physicians have joined the mobile revolution, and apps are popping up to help patients interact with doctors and other health care providers.

How to relieve the pressure of data center consolidation
Sponsored by: CDWG and EMC

Under pressure to consolidate data centers, many government IT managers are focusing on hardware utilization. Several techniques can help agencies maximize their IT investments, including data center optimization and server virtualization.

Learn more

Download resources

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

TrendLabs | Malware Blog - by Trend Micro - The Ins and Outs of One-Click Billing Fraud

2012-01-20T02:56:00.000-06:00

Click here to read this mailing online.

Here are the latest updates for security-news@awsoda.net

"TrendLabs | Malware Blog - by Trend Micro" - 1 new article

The Ins and Outs of One-Click Billing Fraud

What is this “one-click billing fraud” (also “one-click fraud”) all about?

Contrary to the name, you need more than just one click to become a victim. This type of attack primarily targets users who want to view adult videos.

Users either go to video-sharing websites or adult blogs in order to watch adult videos online. Links to these sites are also spread via spam, blog comments, and social media. Once users stumble upon one-click fraud sites, users click around to explore the site.Eventually, users are asked to download a program in order to watch a certain video. In reality, however, either no video will be played on the user system, or just a few seconds of it. Instead, the user will be confronted by multiple windows that ask the user to click an item on the screen to view the video in its entirety.After this, they will reach a point where they can “download” the video. What ends up being downloaded is the main one-click fraud malware. These malware are often of the HTML/HTA (HTML Application), JS, and VBS file types, among other file types.. They are also detected by Trend Micro as HTAPORN or PORNY variants, among others.

Once on the system, the one-click fraud malware on user systems will display some sort of alarming, obnoxious, and impossible-to-ignore alert, such as the following:In earlier versions, it was impossible to close the windows. However, because this was recognized as a symptom of one-click fraud later versions no longer did this. These alerts will all say the same thing: demand that the user pay to see the adult video. The most common payment method offered is direct deposit to bank accounts.Amounts involved can be significant, but always only up to 100,000 yen (approximately 1300 US dollars). This might be because Japan banking rules do not allow transactions that go beyond 100,000 yen.

Has this threat evolved?

Traditionally, these kinds of threats were confined to the desktop. Last year, however, we first found these sorts of attacks hitting mobile platforms as well. When we encountered these attacks in late August, they did not require or use any sort of app: trying to view a video would lead to a website where the user would be told how to pay. At this time, billing fraud couldn’t use the sorts of tactics (pop-ups, annoying alerts, etc.) that was already known to desktop variants.

More recently, we have seen malicious apps be used as well. Just as in the desktop attack, these latest attacks now use malicious apps as well. This causes alerts to show up on the phone every five minutes, making the alerts much more annoying, increasing the possibility that users will pay up.

To make the attack even more convincing, the app also displays information about the user, and threatens to send it to a remote user if the victim does not pay the given amount.

How many users are affected by this attack? Where are they located?

One-click fraud is essentially unknown outside of Japan. Within Japan, however, it is frequent enough that government agencies keep track of cases that have been filed with their offices. Typically, around 400 new cases are reported every month. It is certain, however, that many other cases go unreported—users may be afraid of going to law enforcement.

It has been suggested that the reason these attacks work is because it succeeds so well in instilling shame and guilt, embarrassing users enough that they will be forced to pay.

Are there any other attacks like this in other countries? What are the differences between these attacks?

Conceptually, there are similarities between one-click fraud and scareware/FAKEAV attacks found elsewhere. In both cases, users are paying money to get something they want: “antivirus software” in the former, and pornography in the latter. Ransomware attacks are broadly similar as well, although that is more a situation of avoiding something highly undesirable (loss of data).

In addition, the tactics that one-click fraud uses are very similar to ZLOB/fake video codec attacks in the past. These attacks also entice victims with videos, but they will need to download a codec (which is the malware) in order to view them.

There are two key differences between one-click fraud and similar attacks. Firstly, the money involved is much higher: users are scammed out of up to 100,000 yen. Contrast this to scareware attacks, which often are priced below $100.

This first factor directly influences the second: it is highly unusual for this category of scams for the payment to be made via direct deposit. This may be attributed to the larger amount of money involved, as well as a desire to avoid automated fraud detection schemes.

What can users do to protect themselves?

In general, searching for pornography online will always raise the risk for users, because cybercriminals are keenly aware how many people are looking for it and plan their attacks accordingly. However, for one-click fraud, a key sign of trouble is the multiple hoops that the user must pass through before being able to download the “video”. If users encounter such a situation, they are strongly advised to proceed with caution.

Trend Micro blocks both the websites and files associated with these sort of attacks with Trend Micro™ Smart Protection Network™. Web Reputation Technology blocks malicious URLs before entering users’ systems, while File Reputation Technology checks the reputation of each file against an extensive database before permitting user access.

Users are also protected on their mobile phones with Trend Micro Mobile Security, a complete security solution for tmobile devices. Trend Micro Mobile Security is powered by the Trend Micro™ Smart Protection Network™.

Here are some more links about this threat:

For more information about one-click billing fraud, view our infographic here.

Post from: TrendLabs | Malware Blog - by Trend Micro

The Ins and Outs of One-Click Billing Fraud

• Email to a friend • Article Search • View comments • Track comments • •

US-CERT Current Activity - Best Practices for Recovery from the Malicious Erasure of Files

2012-01-19T14:53:00.000-06:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Best Practices for Recovery from the Malicious Erasure of Files

Original release date: January 19, 2012 at 3:43 pm
Last revised: January 19, 2012 at 3:43 pm

Cyber criminals can damage their victim's computer systems and data by
changing or deleting files, wiping hard drives, or erasing backups to
hide some or all of their malicious activity and tradecraft. By
wiping, or "zeroing out," the hard disk drives, which overwrites good
data with zeroes or other characters, the criminals effectively erase
or alter all existing data, greatly impeding restoration. This sort of
criminal activity makes it difficult to determine whether criminals
merely accessed the network, stole information, or altered network
access and configurations files, Completing network restoration
efforts and business damage assessments may be also hampered.

The FBI and DHS encourages businesses and individuals to employ
mitigation strategies and best practices such as:
* Implement a data back-up and recovery plan to maintain copies of
sensitive or proprietary data in a separate and secure location.
Backup copies of sensitive data should not be readily accessible
from local networks.
* Regularly mirror and maintain an image of critical system files.
* Encrypt and secure sensitive information.
* Use strong passwords, implement a schedule for changing passwords
frequently, and do not reuse passwords for multiple accounts.
* Enable network monitoring and logging where feasible.
* Be aware of social engineering tactics aimed at obtaining
sensitive information.
* Securely eliminate sensitive files and data from hard drives when
no longer needed or required.

The US-CERT web page at www.us-cert.gov hosts a wide range of tips,
best practices, and threat information for business and home users.

Relevant Url(s):
<http://www.us-cert.gov/>

====
This entry is available at
http://www.us-cert.gov/current/index.html#best_practices_for_recovery_from

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTxiC3T/GkGVXE7GMAQKznAf+LS2BvhICVi5RnQVBClbXNcOnU2OK8tv+
DkmHuzss7Pp4R+SIKX7rUGlKs/eAj/v/uclLhbpONe+xN0cdya640C/AhucWf6P1
TevkJYfP9/tCr3IcgoBR13T/MfobExbiCQ4ISrsQEwmtckEHsYziXu2XoAGblDqw
jBjRqGhRBCiprMk+mcKXqaUObMwVQiHDLW94vP58t6KIYtCjhHrZwVw1NJ5UcIGs
EasaimuEC9A4K6k3Lx08DoLFwhs1ZolIMAIryI6xND//1r/nIxX96MvoPrJxACeG
d10mbM8lmiOz6AbrihUeIzp7glHZDjuOlsl5jgxHiEMVINahA5FLwA==
=UtB2
-----END PGP SIGNATURE-----

TrendLabs | Malware Blog - by Trend Micro - 4 new articles

2012-01-19T09:42:00.001-06:00

Click here to read this mailing online.

Here are the latest updates for security-news@awsoda.net

"TrendLabs | Malware Blog - by Trend Micro" - 4 new articles

Kyoto Prefectural Police Arrest Suspects Related to One-Click Billing Fraud
Trend Micro Reiterates Position on SOPA
The Koobface Saga
Start 2012 Right: Resolve To Stay Safe Online [INFOGRAPHIC]
More Recent Articles
Search TrendLabs | Malware Blog - by Trend Micro
Prior Mailing Archive

Kyoto Prefectural Police Arrest Suspects Related to One-Click Billing Fraud

On January 18th, 2012, the Kyoto Prefectural Police’s cyber police division announced an arrest for suspects charged with violating the Cybercrime Law in Japan. The violation allegedly involves the creation and use of one-clickware in one-click billing fraud schemes. Initial reports say that 6 people were arrested and that damages amount to approximately JPY12,000,000 (around US$148,800).

The one-click billing fraud scheme tricks victims into registering and paying for a certain service after being falsely led to a specific website. We reported about a similar attack recently in the Malware Blog.

According to the announcement, the suspected cybercriminals set malicious programs which they promoted to users. Upon visiting certain websites, including sites with adult content, users who click on the 'play' button to display a movie end up executing a file instead.

There are 118 confirmed sites related to the one-click billing fraud. We cannot give any more details than what the Kyoto Prefectural Police announced, however, we collaborated with them to analyze the program used in this attack.

Problems with One-Click Billing Fraud and What the Future Holds

There seems to be no end to one-click billing fraud. Today, doing a quick search on Google using the keyword “one-clickware” leads you to more than a million pages talking about this malware. One of the reasons for its recent prevalence is that it is easy to modify files in one-clickware to avoid being detected by security software. Cybercriminals behind one-click billing fraud are able to check if security companies can detect their programs and modify these files accordingly

This then sets the cat-and-mouse chase between the police and cybercriminals once more. Unfortunately, it seems that the bad guys are taking the lead here. Traditional security software that rely on pattern matching technology would find it difficult to defeat this game effectively. In the same vein as targeted attacks, cybercriminals utilizing the one-click fraud are advantageous as the files are easily modified. All they need to do is change a few lines of code and then AV software won’t be able to detect it anymore.

Using the new technology such as reputation and cloud can definitely help remedy this situation. But is there any real fundamental solution to stop this endless game of cat and mouse?

We think one possible solution is to stop producing one-clickware. More arrests will also contribute to putting a stop to new incarnations of this Japan-specific threat.

Post from: TrendLabs | Malware Blog - by Trend Micro

Kyoto Prefectural Police Arrest Suspects Related to One-Click Billing Fraud

• Email to a friend • Article Search • View comments • Track comments • •

Trend Micro Reiterates Position on SOPA

The controversial Stop Online Piracy Act (SOPA) has received a lot of attention of late, with parties ranging from the White House to Rupert Murdoch. Opposition to SOPA has been particularly fierce online, with many sites “blacking out” on January 18 as a form of protest against the bill. The biggest site that will take part in these protests is Wikipedia. Google is also taking part; they have indicated that they will display a link on their front page showing the tech giant’s opposition to the bill.

We reiterate our position on this matter, which we first stated on this blog a month ago. We remain concerned about provisions in the law that could seriously compromise DNSSEC, which will play a key part in future cybersecurity strategy. At the very least, by ensuring the secure transfer of DNS data from servers to end users, DNSSEC will make man-in-the-middle and cache poisoning attacks much more difficult. DNSSEC may also be used as the foundation for further tools and techniques that will aid in greater online security

We endorse the position of the White House, which we quote below:

We must avoid creating new cybersecurity risks or disrupting the underlying architecture of the Internet. Proposed laws must not tamper with the technical architecture of the Internet through manipulation of the Domain Name System (DNS), a foundation of Internet security. Our analysis of the DNS filtering provisions in some proposed legislation suggests that they pose a real risk to cybersecurity and yet leave contraband goods and services accessible online. We must avoid legislation that drives users to dangerous, unreliable DNS servers and puts next-generation security policies, such as the deployment of DNSSEC, at risk.

Post from: TrendLabs | Malware Blog - by Trend Micro

Trend Micro Reiterates Position on SOPA

• Email to a friend • Article Search • View comments • Track comments • •

The Koobface Saga

Just as the saying goes that there are many ways to skin a cat, threat investigation can also be done a handful of different ways, employing various expertise, especially when dealing with a threat employing several pieces of malware and a relatively robust C&C infrastructure.

But even though methodologies may change, whether through reverse engineering or analysis of the botnet infrastructure, the goal of understanding what the threat is all about is the number one priority.

Trend Micro is fortunate enough to have several experts under its fold who are able to attack the challenge using different means. And we are proud to say that our technical analysis and due diligence in monitoring Koobface activities made us understand the botnet intimately, and enabled us to respond and apply the appropriate solution to protect our customers.

Koobface at Its Peak

At its peak, Koobface was popularly known as the malware propagating through the (then) steeply rising social network Facebook, but of course, it was more than that.

Back in 2008-2009, Facebook was just becoming the dominant social network that it is now, and was just starting to distance itself from the likes of Myspace, Twitter, Friendster, myyearbook, etc.

Our first research paper about Koobface provided detailed overview that Koobface was not only exclusively propagating on Facebook, and that it also utilized the other social networks popular during that time. We also presented that once a system is infected by the Koobface malware, additional pieces of malware are installed into the system, which are then used to either monetize infected user traffic, or use the affected machine as part of the Koobface C&C infrastructure.

Koobface and Its C&C

Our findings led us to the second research paper, which delved deeper into the C&C infrastructure and communication. Here, we were able to discover the various levels of control available for the Koobface gang – from the fine grained control of social engineering messages to be spammed by the infected user, to the various components, accounts, infrastructure and commands available to the Koobface gang.

It was also during this phase that we were able to decipher the C&C protocol and commands and monitor the botnet activities. We discovered the Facebook and Google accounts they control, debunked the theory that the Koobface gang is employing cheap workers in India to crack CAPTCHAS, and came to the realization that we are security professionals fighting against real people behind the Koobface bot – as takedown attempts and detection measures were circumvented a few hours/days after discovery.

But we couldn’t consider our research done if we weren’t able to figure out what this is all about. Nobody gives that much time and effort for nothing, so the question that remained was – what’s in it for the Koobface gang?

The Monetization of Koobface

We found out the answer to this question and presented our findings through the third part of our research paper, as we were able to gather proof that the Koobface gang is involved in criminal activities such as FakeAV installation, clickfraud, information stealing and online dating.

It was also at this point when we reached out to the greater security community for intelligence sharing and collaboration. An operation as big as Koobface needs the expertise of other researchers, investigators and involved parties for mitigation. So we reached out to independent investigators such as Jan Droemer, involved parties such as Facebook and Google, and even researchers employed by competitors Kaspersky and Sophos. Of course, several law enforcemenst were also put in the loop.

The Evolution of Koobface

During all these years, we are proud to say we here at Trend Micro has shown the effort and diligence to keep Koobface on our radar. Our fourth report on Koobface details how the Koobface gang changed the C&C architecture, modified the malware binaries, and improved the backend services in order to become more resilient to takedowns and evade simplistic blocking/detection solutions.

Koobface Draws More Blood

As further evidence of Trend Micro's commitment to this effort, we released our fifth installment of our Koobface research just last month, detailing how the Koobface gang adjusted to strict security checks by Facebook, by making use of Twitter and Blogspot (instead of Facebook) and TDS (Traffic Direction Systems) to divert and monetize user Internet traffic and maintain the gang's cash flow.

Premature Disclosure

We did these things while working with the appropriate channels and withholding ourselves from revealing sensitive information that will interfere with on-going operations by various law enforcement.

However, this sensitive information regarding one of the Koobface operators were prematurely published by a blogger without coordination with the community involved. This happened before any of the desired results (i.e. arrests) happened. The slow pace of the LE investigation is understandable – the standards of evidence are much higher for LE that they eventually have to go to court. This necessarily takes time.

Let's hope that the current situation would serve as a 'last push' for LE, so that this whole "Koobface saga" will end up with the arrests of the perpetrators, and the dismantling of their infrastructure – a success story like what happened in Operation Ghost Click.

Trend Micro researchers Jonell Baltazar, Ryan Flores, Joey Costoya and Nart Villenueve all devoted significant amounts of time and effort in tracking the Koobface threat.

You may also check this report developed by our friends from Sophos together with independent security researcher Jan Droemer.

Post from: TrendLabs | Malware Blog - by Trend Micro

The Koobface Saga

• Email to a friend • Article Search • View comments • Track comments • •

Start 2012 Right: Resolve To Stay Safe Online [INFOGRAPHIC]

While it’s always important to take care of our physical bodies in order to enjoy long, fruitful lives with our families and loved ones, we also believe that we must exert as much effort in taking care of our digital selves as well. We came up with these three reminders users can adopt to keep their online health in check:

Use your common sense. The adage, “If it’s too good to be true, it probably is,” is applicable both in the real world and on the Internet. Using common sense is your first line of defense online. People who are after you or your money abound on the web via all kinds of scams.

Try to maintain a junk-free online diet. You are what you eat or, in this case, you are what you browse. The Internet has its own brand of “unhealthy food” in the form of shady, suspicious, or risqué sites. Common examples of these are online gambling, adult sites, and illegal file-sharing portalsSuch sites are not only inappropriate to some users, these are also very common malware sources. In fact, in one instance, over 137,000 systems were infected in just one month because their users visited a single adult site that secretly hosted malware.

Love your online persona. There is such a thing as oversharing and if you’re not careful, the things you say or do online can be used against you. One example is sharing that you're alone at home, especially if you're underage, which could attract burglars, robbers, and other unsavory folks. Also, always keep a cool head when sharing personal things online. Users should always ask themselves if anything they're sharing could pose threats not only to their own reputation but also to their safety and those around them.

These three simple reminders, as well as other helpful activities to secure your data, reputation, and devices, will certainly help protect users from the worst that cybercriminals can do. For more information about these tips, view our infographic here. Make sure to share this infographic to your friends and family as well.

Post from: TrendLabs | Malware Blog - by Trend Micro

Start 2012 Right: Resolve To Stay Safe Online [INFOGRAPHIC]

• Email to a friend • Article Search • View comments • Track comments • •

OMB effort shapes consolidation plans | DHS joins Defense cybersecurity program

2012-01-19T07:35:00.000-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

1/19/2012

OMB anti-duplication effort to inform reorg strategy
OMB seeks to catalogue duplicative services and functions across government.

DHS takes key role in DOD cybersecurity program
DHS' new role marks a milestone for the data-sharing effort as it grows past pilot-program status.
FedStyle: How to dress for success
IRS spending $320M on website improvements
Internet piracy bills stall as public outcry builds
Reader: Tight budget will increase service quality
White House summer jobs program offers technology training

How to relieve the pressure of data center consolidation
Sponsored by: CDWG and EMC

Under pressure to consolidate data centers, many government IT managers are focusing on hardware utilization. Several techniques can help agencies maximize their IT investments, including data center optimization and server virtualization.

Learn more

Where saving the planet and saving money intersect
When it comes to cutting energy costs in data centers, what's good for the government is also good for the environment.
How better intell keeps US warfighters ahead of the opposition
As the Defense Department wrings as much extra spending as possible out of its budget, DOD continues to emphasize C4ISR programs that can deliver critical intelligence and data to warfighters in the field.

Federal Gov't Breakfast Seminar--Disaster Recovery and The Cloud

Join experts from NetIQ and Strickland Consulting at this complimentary breakfast seminar in Washington DC. Explore how cloud based disaster recovery and virtualization are changing the face of disaster recovery planning in your Federal agency. Space is Limited.

Register Today!

Download resources

Data Loss Prevention: When Mobile Device Management Alone Isn't Enough
Sponsored By Good Technology
Many businesses are turning to mobile device management (MDM) solutions to better secure, manage, and support the variety of mobile devices their employees use. In many instances, MDM alone is not enough to protect against data loss and leakage. This paper introduces Good for Enterprise-and its unique approach to managing security on mobiles, including data loss prevention features. Read more.

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

US-CERT Current Activity - Oracle Releases Critical Patch Update for January 2012

2012-01-18T10:21:00.000-06:00

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Oracle Releases Critical Patch Update for January 2012

Original release date: January 18, 2012 at 10:58 am

Oracle has released its Critical Patch Update for January 2012 to address
78 vulnerabilities across multiple products. This update contains the
following security fixes:

* 2 for Oracle Database Server
* 1 for Oracle Fusion Middleware
* 3 for Oracle E-Business Suite
* 1 for Oracle Supply Chain Products Suite
* 6 for Oracle PeopleSoft Products
* 8 for Oracle JD Edwards Products
* 17 for Oracle Sun Products Suite
* 3 for Oracle Virtualization
* 27 for Oracle MySQL

US-CERT encourages users and administrators to review the January 2012
Critical Patch Update and apply any necessary updates to help mitigate the
risks.

Additional information regarding CVE-2012-0110 can be found in US-CERT
Vulnerability Note VU#738961.

Relevant Url(s):
<http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html>

<http://www.kb.cert.org/vuls/id/738961>

==== This entry is available at
http://www.us-cert.gov/current/index.html#oracle_releases_critical_patch_update16

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTxbxbD/GkGVXE7GMAQJc4Af/cuIu9SaJg6/FnQ8TskKrSzy+LWC4UOWU
evl1wew1aUywaQBQslHjwJRxADEDM/RdoJAD0AeEF9efBDN8pgp5daOZjPJfX1P8
YodugJTpUjLTrdTuQs/uMGI1vfZ6YseTSOM90MagigBW6/aHI9IYXj7RYPfHu/FI
Q2knsv9FD2YoR3OFSSH+dRF/NLDasEPvP8OoKvS3j4GfyB62RxxmrkLRqBFophda
7fbDM/OwccmJQpnBxCDKKWKA/aA9xZ8tvglvyaarOMHYQqtbxhbVdq7RLGsfHh9F
yCrCmdolPTDUVo5XvuMRwWVsH9STpTZ4ht1wPjIHdHcS7Hvc3rQc9Q==
=KmSz
-----END PGP SIGNATURE-----

New details show larger scope of agency reorg plan | DISA's streamlining strategy revealed

2012-01-18T07:38:00.000-06:00

Having trouble viewing this e-mail? Click here to view as a Web page.

CLOUD & VIRTUALIZATION | GOVERNMENT 2.0 | MANAGEMENT & WORKFORCE | SECURITY | TELEWORK

1/18/2012

Obama reorganization could affect at least 12 agencies
White House consolidation plan is more expansive than the six agencies first identified.

DISA details streamlining plan for 2012

DISA is taking aim at enterprise capabilities, beginning immediately with combining offices to streamline and focus on cybersecurity as a priority.
Former federal CIO Vivek Kundra joins industry
How real is the threat of disgruntled feds jumping to industry?
Resource centers boost competition for secret contracts
Zients to become acting OMB director
White House schedules Tweetup during SOTU
A fast lane to the cloud

How to show the ROI of data center optimization
Research Sponsored By: CDW-G and EMC

Although many agency managers understand the value of data center optimization, they often find it more difficult to clearly express the return on investment that agencies will receive. It's not cheap to consolidate data centers, which could require new investments in technology and training for IT staff members to install and maintain the new equipment. In the midst of budget austerity, that presents a problem for agency IT managers who must focus on the expenses of right now even if they could lead to savings down the line.

Read More Here

How dog food can improve accountability and compliance
The Food and Drug Administration is working with a private organization on a project that reveals the potential power of linking information sharing with accountability.
Rescue your IT staff from data center management purgatory
Among many other benefits, data center optimization should reduce the amount of time your IT staff spends managing servers.

The STAND: Data Center Efficiency
Sponsored by: Brocade

What tools do agency data center managers need to manage for the greatest efficiency?

Learn more

Download resources

Federal Computer Week
1105 Government Information Group
8609 Westwood Center Drive, Suite 500
Vienna, VA 22182-2215
703-876-5100


	Federal Computer Week Daily News Editor - Michael Hardy \| Online Editor-in-Chief - Susan Miller 1105 Government Information Group President - Anne A. Armstrong \| Vice President, Group Publisher - Jennifer Weiss 1105 Media President/CEO - Neal Vitale

	Copyright 2012 1105 Media Inc. Federal Computer Week newsletters may only be redistributed in their unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. This message was sent to: security-news@awsoda.net

Security News Collected by AWSODA-SYSTEMS

House busy with small-biz bills | An artful take on fed pay debate

TrendLabs | Malware Blog - by Trend Micro - Mobile Threat Landscape: A Decade Later

"TrendLabs | Malware Blog - by Trend Micro" - 1 new article

More Recent Articles

US-CERT Current Activity - Apple Releases Multiple Security Updates

Cloud skeptics by the numbers | The next tech destined for the dustbin?

Download resources

US-CERT Current Activity - Mozilla Releases Firefox 10 and 3.6.26

DOD's Android efforts paying off | A cautionary tale for website revisions

Download resources

Presenting: The Federal 100 for 2012

Download resources

TrendLabs | Malware Blog - by Trend Micro - 2 new articles

"TrendLabs | Malware Blog - by Trend Micro" - 2 new articles

More Recent Articles

Is government ready for cloud procurement? | How to avoid Google risks

Download resources

TrendLabs | Malware Blog - by Trend Micro - Top APT Research of 2011 (That You Probably Haven’t Heard About)

"TrendLabs | Malware Blog - by Trend Micro" - 1 new article

More Recent Articles

Panetta fires first shot in DOD budget showdown

Download resources

TrendLabs | Malware Blog - by Trend Micro - Malware Leveraging MIDI Remote Code Execution Vulnerability Found

"TrendLabs | Malware Blog - by Trend Micro" - 1 new article

More Recent Articles

Say goodbye to some favorite technologies | Google's new rules raise new worries

Download resources

TrendLabs | Malware Blog - by Trend Micro - How Private Is My Online Information?

"TrendLabs | Malware Blog - by Trend Micro" - 1 new article

More Recent Articles

Presidential politics and the tech agenda | Android devices bound for classified networks