• Modern persistence hooks into the OS – Make it very difficult to remove without damaging the host OS.
• Ability to use a low level API calls to carve out new disk volumes totally hidden from the infected victim, making traditional disk forensics impossible or difficult.
• Sophisticated and stealthy modification of resident system drivers to allow for kernel-mode delivery of malicious code.
• Advanced Antivirus bypassing mechanisms.
• Anti Forensic Technology – ZeroAccess uses low level disk and filesystem calls to defeat popular disk and in-memory forensics tools.
• Serves as a stealthy platform for the retrieval and installation of other malicious crimeware programs.
• Kernel level monitoring via Asynchronous Procedure Calls of all user-space and kernel-space processes and images, and ability to seamlessly inject code into any monitored image.

If those elements do not scare you, then consider this information from the same article:

Symantec reports that 250,000+ computers have been infected with this rootkit. If 100% of users pay the $70 removal fee, it would net a total of $17,500,000. As it is not likely that 100% of users will pay the fee, assuming that perhaps 30% will, resulting $5,250,000 in revenue for the RBN (Russian Business Network) cybercrime syndicate.

There’s real money changing hands with malware today. It is no longer script kiddies or basement geeks getting jollies with causing issues on a few computers.

Thanks for reading & let’s continue to be good network citizens and track down & prosecute those that are not.

Thanks for reading & let’s continue to be good network citizens!

The example given: An HTML file is saved along with a copy of a file called EXPLORE.EXE. The HTML file is opened and has a URI link embedded with the address file://. This will cause the browser to attempt to open EXPLORE.EXE from the local folder.

The current Microsoft workarounds for the DLL vulnerability only apply to DLL’s, not EXE’s.

See this news posting for additional information.

Information security continues to be a struggle against function, features and stopping bad things from happening. What are your thoughts about where this is going?

Thanks for reading & let’s continue to be good network citizens!

I find this article humorous but at the same time frustrating with the comment about current threats:

… the top hacking methods of cross-site scripting and SQL injection had not changed in the past six years.

“One, it tells me that the bad guys go with what they know, and two, it says the developers aren’t listening”

How should this message be delivered to developers? Why are these threats still showing up in the top 5? If you are a developer or a CISO, let me and other ITKE readers know how you handle these security issues. Thanks for reading and let’s continue to be good network citizens.

Well, time to pull out my PasswordCard and begin using my 29-character password. What other suggestions do you have for other ITKE readers? Thanks for reading and let’s continue to be good network citizens!

Thanks for stopping by IT-Trenches. Let me and other ITKE readers know of any other good infosec resources you have come across. Let’s continue to be good network citizens!

The three game-changing themes presented are:

• Tailored trustworthy spaces -Security tailored to the needs of a particular transaction rather than the other way around.
• Moving target -Systems that move in multiple dimensions to disadvantage the attacker and increase resiliency.
• Cyber economic incentives -A landscape of incentives that reward good cybersecurity and ensure crime doesn’t pay.

The idea of these themes is that what has been done in the past is not really working. Cybersecurity thinking and actions needs to change. The theme of Tailored trustworthy spaces is very much like the proposals I have presented in my blog before about having trusted network connections and strongly managed information flow rules with monitoring and violation detection. The Moving target theme suggests that the targets should be harder for the attacker to reach and compromise. The targets become more costly to attack. The Cyber economics theme proposes that it is important to gain more understanding about data ownership, the market for data, incentives for socially responsible actions and the loss/risks due to attacks. The Cyber economics theme is critical for organizations to be able to make effective cybersecurity decisions to manage risks.

I urge you to take a look at the presentation from the event at a minimum. This research effort seems worth following and hopefully will result in better cybersecurity management strategies and risks understanding. I heard someone say that we can’t stay ahead of the cybercriminals, but we can stay close behind and build better security based on what we do understand. Another way of saying this could be, “Nothing is foolproof to a sufficiently talented fool.”

Will you be participating in this cybersecurity game-changing research? Share your thoughts with me and other ITKE readers. Thanks for reading and let’s continue to be good network citizens!

I proposed some options in 2009:

Should computers be “licensed” or “permitted” to be on the internet to reduce threats to unsuspecting users? That’s a thought for you… what governing body would issue these computer use permits? What would the rate infrastructure be like – based on processor/memory or bandwidth? Where would the permit fees go? Would there be some internet oversight body that uses the fees to have inline malware filters?

Would these still be valid options? I mean there is real money involved with the losses due to malicious software. Who is responsible for the loss? Is it the non-technical home user who does not keep their system updated because they do not know what to update? And if they do update it, how do they know the update source is credible? How many times have you gone to a website (think Facebook) and see that your Flash software needs updated? This is an example of a prime target for malvertisers. What would you suggest? Leave some feedback for me and other ITKE readers.

Thanks for reading and let’s continue to be good network citizens!

I agree that information security awareness is a great thing, but how much valuable content can you communicate in such short bursts? Is the information communicated going to make a difference in the ability of a consumer to protect themselves and their systems? Is it going to improve or degrade the ability of information security professionals to do their jobs of protecting assets against threats and reduce risk? Is this similar to all of the medical websites available on the internet, has it improved the health of patients and their ability to speak with doctors?

Your thoughts are welcome. Please share them with me and other ITKE readers. Thanks for reading and let’s continue to be good network citizens.

A PasswordCard is a credit card size piece of paper which has symbols, characters and colors. You simply choose a symbol on the top row, choose a colored row and then use the characters shown to select the appropriate length of password. In the example shown below, I chose the Spade symbol then chose the green row and 8 characters for the password:$kKCSVQm. This is very simple to use and can be easily carried or posted without risk (unless the user marks their passwords in some manner).

Choose a symbol, a color and the number of characters

The string of numbers and letters across the bottom of the card is an identification code for this specific card. Each user’s card can be unique. If the card is damaged or lost, you can go back to the PasswordCard website and regenerate the same card if you have kept a record of this code.

Let me and other ITKE readers know if you use PasswordCard or any similar solution for secured passwords. Thanks for reading & let’s continue to be good network citizens.