Category Archives: Security Active

Rogue Security Software Report by Symantec

I think most people are becoming more and more familiar with the so called “Rogue Security Software” , if not an good example that has been popular this year was the AV program AntivirusXP. A user will download a product like this looking for some free AntiVirus software, or perhaps via a popup telling the user they have an infection. This software then gets on the machine and claims your machine is in really bad shape, but for a few quid all can be put right.

Needless to say, apparently the developers of this type of software are duping a fair amount of users into coughing up some cash, and making potentially some serious money. I personally have not had any time to do some serious investigation into this, but I was recently given a copy of Symantec’s research into Rogue Security Software, good timing huh 🙂

In total, Symantec has detected over 250 distinct rogue security software programs.    During the period
of this report, from July 1, 2008, to June 30, 2009, Symantec received reports of 43 million rogue security
software installation attempts from those 250 distinct samples. Of the top 50 most reported rogue
security software programs that were analyzed for this report, 38 of the programs were detected prior to
July 1, 2008. The continued prevalence of these programs emphasizes the ongoing threat they pose to
potential victims despite efforts to shut them down and raise public awareness.

I found this report really interesting, some of the findings I wouldn’t say are surprising to me, but it really does confirm that the general users still has a long way to go in even basic security education.

Some of the highlights for me that I thought was interesting, is just how many installation attempts were detected, I mean 43 million isn’t a small number by any standards, and then when you look at the possible payout per installation you can see why this is a worthwhile exercise to these guys. They obviously also spend a lot of time and effort to ensure that their products are highly ranked in search engines to further guarantee a successful hit, if only I could work out such good SEO 🙂

Symantec have also come up with some interesting stats on the possible financial impact to victims of this software, ranging from $30 – $100. I guess these depends on how badly there system was supposedly infected. As usual the US and UK were most impacted (we don’t do to bad for a small island do we), but its interesting to read affiliate networks have been setup to sell this stuff on. I guess it makes sense, I wonder how many of the affiliate networks are non voluntary.

Symantec-Region-Rogue-Stats

Symantec-Cost-Rogue

I recommend you spare the few mins to have a read of this 14 page report, and perhaps share it with those you know who have fallen victim to this (I know a few who have more than once:( ).

If you would like to take a read of this report, you can down it here in pdf.

Adobe Zero Day…. Its like the duracell bunny

Earlier on this month we had yet another Adobe Reader Zero Day, its really becoming a common theme this year and who knows when its going to end.

Adobe are once again telling users to disable javascript to protect yourself from attack, now this just seems to be the ongoing standard response. Many customers I work with do not need or use the javascript functionality anyway so I recommend its disabled permanently. So some turn it off, and then turn it back on again when a patch is released, because for some reason they think its safe and another zero day isn’t just around the corner.

So my question has to be, who does actually need the javascript functionility? I have met very few individuals and organisations, so why not have this disabled as a standard and put the reliance on the user to enable with a caveat (it might mess you up).

I think Adobe make some good products, but they just seem to be having some issues with secure coding or something. Perhaps the tools are not being used the way they were intended I dont know, so why not do something about it.

I am by no means a PDF expert so I am not really the best person to comment, but I know a man who is. Didier Stevens is the master, just check out his blog.
Didier will be speaking to us on the first episode of the eurotrash security podcast.

Dissecting The Hack Community

I wanted to put a quick post out to invite you guys to check out a new community that has been set up by excellent buddy Jayson Street called Dissecting The Hack.

I dont want to get into the discussion of what happened with regards to The F0rb1dd3n Network, you can read about that elsewhere and on the site. I do want to focus on the positive message that the book was getting accross through a great story.

So to keep upto date with what happening, and contribute to this new community, share thoughts and opinions then please check out the site.

RSA Security Bloggers Meet Up 2009 London – A Success – Thanks to All

Tuesday night in the Fountains Abbey in London at 7:30PM the first official RSA Security Bloggers Meet Up in the UK kicked off, and it was a great success.

The event was sponsored by Qualys, IronKey and ISACA, and it was thanks to them that we were able to provide an excellent buffet, an open bar, T-Shirt and USB key for every registered attendee. Over 30 people attended the event, everyone comment to me on what a success they thought the event was, the great opportunity to meet with new people and those they had only spoken to online. They also appreciated the relaxed atmosphere, and good discussions.

I am really pleased how the event panned out, and we had people there until 11PM when we had to pack up and head off.
I would like to thanks Kevin Riggins, Mel Johnson and I think it was Tomasz Miklas (sorry I am rubbish with new names) for helping to get everything setup before the official kick off.

I also want to thank Mel again from eclat marketing and Neil Stinchcombe from Eskenzi for all their help with organising sponsorship for the event.

I like others had a really great time, and will be more than happy to set this type of event up again in the future, so watch this space. A quick pointless stat, Stella and Guinness where the most drunk beverages of the evening 🙂

Security Bloggers Meet Up 2009

Registered Attendes got a bag with a T-Shirt, Sticker, and 1GB USB Memory Stick.

Goodies

T-Shirt Back

Below are a few pictures from the event taken by Xavier Mertens who blogs at Rootshell, thanks for taking these.

Links to some of the peoples blogs who attended the event below:

Infosec Ramblings | Help Net Security | BH Security Watch | Craig Balding’s Blog | IT Security Expert | Root Shell | NAC Blog | Ira Winkler | PCI DSS Blog | Rothke Blog | CTRL ALT DEL | Stefan Tanase’s Blog | Infosec Cynic | CNIS Mag | Heise | H-Online

Chris Nickerson – Red and Tiger Team Testing – BruCon 2009

This is the third and final of my 3 videos recorded at BruCon 2009. Sorry its taken so long, I had some upload issues due to size, so this needs to be in two parts.
This is the excellent presentation from Chris Nickerson on Red and Tiger Team Testing.

Abstract: The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?

To find out, we must do as Sun Tzu taught. “Think like our enemy!” That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn’t it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads… literally. It is only a matter of time before corporations fall from the raw effectiveness and lack of preparedness for this all too common attack.

Also to learn more about Chris and what hes up to check out his website and Exotic Liability.

Chris Nickerson – Red and Tiger Team Testing Part 1 – BruCon 2009 from Dale Pearson on Vimeo.

Chris Nickerson – Red and Tiger Team Testing Part 2 – BruCon 2009 from Dale Pearson on Vimeo.

Presentation Slides – Click Here

:: Please do not copy this video without written permission of Security Active or Chris Nickerson | Linking to is fine ::

Security Bloggers Meet Up in just a few days

Security Bloggers Meet Up 2009

This is just a quick reminder that this coming Tuesday the 20th October 2009 at 7:30PM the first official Security Bloggers Meet Up will be happening in London.

FountainsAbbey

The Security Bloggers Meet Up is an ideal place to meet with fellow Security Bloggers, Podcasters and Journalists. There is still a short amount of time to RSVP to bloggermeetup [at] securityactive.co.uk if you are interested in attending.

The event is kindly being sponsored by Qualys, IronKey and ISACA, and its thanks to these guys we will have all food and drink provided (within reason 🙂 ) and possibly a door prize or two.

Please take some time out of your busy schedule to visit our sponsors site and find out about their latest product offerings and services.

I look forward to seeing you all there, and lets hope its the first of many to come in the future.

See you soon.