Definition file update for Ad-Aware - combating Viruses, Spyware, Malware, Rogue software, Worms and Adware.
Updated definitions:
====================
Win32.Trojan.Agent
Win32.Adware.ScreenSaver
MD5 checksum: aaw2009-excluded-build-150.739.aawdef: 64579c6d066c88b113ebf9b0542d0a6f
Definition file update for Ad-Aware - combating Viruses, Spyware, Malware, Rogue software, Worms and Adware.
Updated definitions:
====================
Win32.Trojan.Agent
Win32.Adware.ScreenSaver
MD5 checksum: aaw2009-excluded-build-150.739.aawdef: 64579c6d066c88b113ebf9b0542d0a6f
While our recent post focuses on the prevalence and/or risk of inadequately trained staff potentially creating problems in the core IT infrastructure with their own personal devices, or BYOD, it seems others here at RSA are concerned with preventing the exact same thing, but from a different angle. I attended one “lighting round” talk by Rob Malan of Arbor networks and Aaron Turner with N4struct, where they outlined steps enterprises can take toward stopping scammers exfiltrating data, or possibly targeting key individuals’ mobile devices, which might be used to gain critical competitive data, for financial gain, potential espionage, or snooping on top execs in your organization.
So how would the crooks do it? Good question. It seems that hackers have managed to figure out how to create a hacked GSM base station “tower” with some low cost hardware – about $5,000 worth – that can emulate a tiny rogue tower, potentially tricking users’ GSM mobile devices into communicating with the fake network, before forwarding the traffic on to the real one. In this way, some of the data transmitted by the device, including potentially sensitive data, can be captured for later use, and/or transmitted back to the mothership for the scammers. Though the talks centered around GSM, Mr. Turner said other technologies like CDMA are not immune from scams either.
So how do you stop rogue mobile devices from compromising your communication? Turns out many organizations are looking at technology that will map out a baseline “signature level map” of all the wireless communication in their organization, so they’ll know when something goes wrong. This way, if a rogue device starts some shenanigans, you’ll know.
Another benefit from watching for spectrum spikes comes from monitoring for data exfiltration via 3G-enabled tiny servers which were demonstrated elsewhere at the show, but that Mr. Turner has seen in his testing in the wild. The tiny camouflaged rogue servers – no bigger than a printer power supply – could be quietly installed in areas with access to your core data. These servers come with 3G wireless access dongle provisions that allow remote access via ssh, and can be used to exfiltrate data, often at preset times every day. So if you already have a baseline for all your wireless profile, you can watch for uncharacteristic spikes in 3G traffic, at 3 a.m. every day, for example.
But how would a BYOD user know something’s wrong? One telltale that you might be connecting inadvertently to a rogue tower is that your service suddenly drops out of 3G or 4G to a lower level. A sudden connection downgrade like this, where you historically have had 3G connectivity can signal a potential rogue tower. Also, if you historically have had a “dead spot” in coverage at your site, and suddenly a connection shows up, it might be worth a closer look.
Also, for users traveling overseas, Mr. Turner said certain regions have a not-so-stellar record at protecting users from spying at the carrier level, so it’s a good idea to use alternate communication, especially, he said, in Southeast Asia, Latin America and the Middle East.
As part of the Bring Your Own Device (BYOD) security blogs we’ll be rolling out, the emphasis will surround education. The takeaway from these two presentations is that users will need education on how to avoid being scammed by rogue towers by knowing what telltale signs to look for. Also, IT must be aware of their wireless profile for their organization, so they can notice when their data might be at risk, silently sneaking out over the airwaves.
The scammers’ motivations run the range from discovering trade secrets and insider financial information about your organization, to directly scamming the mobile devices for financial gain through premium SMS scams and others. How prevalent is it? Right now, the activity seems localized around “high value targets” like your senior staff, and those with specific access to key information the scammers are looking for. After all, the scammers have to spend some money and do some planning to pull it all off, and more traditional scams like phishing are much cheaper. But if scammers can know an insider trading secret that allows them to purchase stock before a major announcement, the potential profit from the stock spike could easily pay for their efforts. Also, capturing information on a key invention that can give competitors the edge in the marketplace, can make the efforts worth it. One thing is sure, that as the price for the technology to scam using wireless technologies drops, the barriers of entry will as well, so expect scammers to be snooping around soon, if they haven’t already.
Hat tip to Mr. Malan and Mr. Turner for their presentations, they were very informative
On 29/02/12 At 03:36 PM
Originally posted at News - Digital Media
Definition file update for Ad-Aware - combating Viruses, Spyware, Malware, Rogue software, Worms and Adware.
Updated definitions:
====================
Win32.Backdoor.Agent
Win32.Backdoor.Delf
Win32.Trojan.Agent
Win32.Trojan.Pakes
Win32.Trojan.Small
Win32.TrojanDownloader.Agent
Win32.TrojanDownloader.Small
Win32.TrojanPWS.OnlineGames
Win32.Worm.VB
Win32.Worm.Autorun
Win32.Trojan.BHO
Win32.TrojanSpy.Zbot
Win32.Trojan.Searches
Win32.Backdoor.Small
Win32.Trojan.Inject
Win32.TrojanDownloader.Injecter
Win32.TrojanDownloader.Dadobra
Win32.Trojan.Obfuscated
Win32.Trojan.Tiny
Win32.TrojanDownloader.Fraudload
Win32.TrojanSpy.Banbra
Win32.Backdoor.Sinowal
Win32.Worm.AutoIt
Win32.Backdoor.Gbot
Win32.Trojan.Lebag
Win32.TrojanRansom.BHO
Win32.TrojanDownloader.CodecPack
Win32.Trojan.Fraudpack
Win32.Trojan.Tdss
Win32.Trojan.FakeAV
Win32.Trojan.Genome
Win32.P2PWorm.Palevo
Win32.TrojanSpy.Agent
Win32.TrojanDropper.Fraudrop
Win32.TrojanRansom.Blocker
Win32.Trojan.Swizzor
Win32.Trojan.Hrup
Win32.Adware.Gamevance
Win32.TrojanDropper.Clons
Win32.TrojanDownloader.Lipler
Win32.Trojan.Vbkrypt
Win32.Trojan.Vilsel
Win32.Backdoor.Floder
Win32.TrojanDropper.TDSS
Win32.Backdoor.Papras
Win32.Adware.ScreenSaver
Win32.TrojanSpy.SpyEyes
MSIL.Trojan.Agent
Win32.Trojan.Pirminay
Win32.TrojanDownloader.DNSKrab
Win32.Backdoor.Yoddos
Win32.TrojanSpy.carberp
Win32.Backdoor.PuCodex
Win32.TrojanPWS.Alipay
Win32.Trojan.Jorik
Win32.IMWorm.Sohanad
Win32.Trojan.Diple
Win32.Trojan.Menti
Win32.Trojan.Virtumonde
Win32.TrojanDropper.Dapato
Win32.Trojan.Yakes
Win32.Backdoor.Darkhole
Win32.TrojanDropper.Injector
Win32.TrojanRansom.Foreign
Win32.Worm.Ngrbot
Win32.Trojan.Tipp
Win32.TrojanDropper.Daws
MD5 checksum: aaw2009-excluded-build-150.736.aawdef: 3edf11fa34a5dab19481935bd916694e
Authors: Stephen Spector & Dave Asprey
The user’s going to pick dancing pigs over security every time. — Bruce Schneier
In order for enterprise IT organizations to adopt public and hybrid clouds, a cloud service provider’s security controls must meet or exceed the standards set forth by the organizations themselves. In addition to Dell’s world-class cloud security provided by Dell SecureWorks, Dell has partnered with Trend Micro to provide an incremental level of security encryption technology through Trend’s DeepSecurity Solution.
From the initial planning and design stage, product managers and engineers from both companies have collaborated to ensure that security is “built-in” for the public vCloud DataCenter solution. Having security features designed in from the start, allows Dell to not only provide a secure, enterprise public cloud, but also mitigates the security fears/risks of migration and/or extension of an organization’s existing environment into the vCloud DataCenter solution. As data encryption is a crucial part of any data privacy and compliance program, the lessons learned from this process will be leveraged to provide Dell’s next generation of community clouds for verticals such as healthcare, education, and federal.
Encryption key management in the cloud simply doesn’t work the way it does in enterprise data centers. Most companies do encrypt at least some of their critical data in the cloud, but they leave holes when it comes to encryption key management in the cloud. This is unacceptable especially in highly regulated environments.
The trend micro secure cloud encryption key management service helps Dell vCloud DataCenter customers to have the highest levels of data security by enabling the most effective cloud key management techniques. With secure cloud, Dell customers can set policies that define when an encryption key will be released from Trend Micro’s secure key management solution. This new layer of data security prevents cloud specific security problems such as an illegally copied Virtual Machine Image containing credentials that could compromise a key server.
It also provides a way of proving data destruction. IT auditors often look for ways to prove that data was destroyed in accordance with policy. In a cloud solution, however, data moves from drive to drive and it is very difficult to show physical destruction of the drives. By making sure data is encrypted all the time using secure keys, IT managers from verticals such as healthcare, education, and federal can rest assured that their data is effectively secured and that they will be able to show an auditor that there is no existing copy of regulated data on a cloud that shouldn’t be there.
Together, Dell and Trend Micro have created a secure cloud to meet the critical security demands of enterprise customers. To learn more, visit the Dell vCloud DataCenter website at http://dell.to/sK9h7I or Trend Micro’s cloud security site at http://www.trendmicro.com/us/enterprise/challenges/cloud-virtualization/index.html.