[H]ardNews 6th Edition - Paranoia Edition

Disturbing Results:

SecurityPark reports on a study conducted by ScanSafe indicating that spyware accounts for up to 8% of all outbound web traffic on some of their pilot spyware screening service networks. They point to our old but constantly morphing adversary the CWS Trojan as a prime culprit.

Spyware applications are becoming more and more stealthy in their ability to hide their outbound “covert” channels among the magnitude of normal web traffic coming in and out of the enterprise firewall. The trouble is that a firewall can’t distinguish the difference between legitimate and hostile port 80 traffic, thus creating a significant security vulnerability.”

Sued & Gagged:

Wired News tells the tale of Mike Lynn a security researcher formerly with Internet Security Systems and how he has now come to the point he is under investigation by the FBI, sued by Cisco and his former employer and gagged from further discussion of his flaw discovery.

Both companies knew in advance about Lynn's plan to talk and originally supported it. But at the last minute, the companies tried to halt the presentation or force Lynn to allow Cisco representatives to speak as well. They threatened Lynn with a lawsuit if he talked and made good on that threat after his appearance, when they filed a restraining order to prevent him from saying anything else about the flaw.

Free Hosting Nexus:

ZDNet Australia relates how WebSense have identified web sites that offer free hosting services are being employed to both store and distribute malware.

"These fraudulent, free personal Web sites have an average lifespan of two to four days, making them difficult to trace. Some of the sites may be created with automated shared hacking software… others are built to appear more legitimate. For example, one of the sites included music that accompanied a greeting-card message which runs while your computer is being infected," said Hubbard.

Like Money In The Bank:

PhysOrg points to a 2005 study conducted by Carnegie Mellon University and financed by the Department of Homeland Security which found the greatest risk to banks still come from insiders, with 49% of security breaches going to their credit. But then cite:

Still, the risk from spyware itself is significant, because 90 percent of spyware traversing the Internet is written for criminal purposes, according to Kaspersky Lab, an international anti-virus developer with an office in Woburn, Mass. "An entire industry exploded in 2004 as virus writers and hackers became increasingly involved with criminals to create malicious code," said Steve Orenberg, Kaspersky Lab's president.

Process Monitoring:

TechNewsWorld looks at Process Monitoring, and how as the scale increases or the user sophistication decreases its utility value falls. Not surprising, process monitoring is but a layer in a defense strategy, though one I personally find invaluable.

Process Monitoring can be useful once a computer has been quarantined or isolated as a cause of disruption, he indicated it is seldom a priority for enterprise IT users and administrators, who have grown somewhat accustomed to malware running on their machines. "It's just about prioritization, frankly, and they're just not going to dig too deep," he said. "It may be even more difficult [if they do]," he added. "It gets to be a complete mess, and who's got the time to get into that?"

Hunting File Format Flaws:

With the last round of Windows Security Updates two of which where critical and related to file format flaws reports Cnet. Security researchers and very likely Black Hats are more closely reexamining these extremely insidious exploits, that can in the case of image files simply require viewing for a system to be compromised.

There could be a significant increase in the discovery of such flaws. iDefense, a security intelligence company, is making available tools that let researchers automate the discovery of file format vulnerabilities. The company released the tools Thursday in conjunction with Black Hat.

Smart Spam Hunter:

NewScientist expounds on what a team from IBM and Cornell University are proposing as a solution for spam. Software that learns to identify the routes taken by spam employing SMTP Path Analysis.

The SMTP Path Analysis algorithm "learns" by examining the string of internet protocol (IP) addresses included in both spam and legitimate email headers. When a new message arrives, it is then able to judge, with relative accuracy, whether it is legitimate or, in fact, unwanted spam.

64-Bit Risks:

InternetNews.com looks at the potential risks 64-bit computing pose. And covers the release of Eset's NOD32 64Bit on Tuesday.

There have been no serious 64-bit-specific attacks to date, though Symantec intercepted the first known virus targeting 64-bit Windows. According to the company, W64.Shruggle.1318 was a fairly simple "proof-of-concept" virus programmed to attack 64-bit Windows executables on AMD64 systems.