March 31, 2008
I will be presenting on the subject of why security shouldn’t take a back seat to virtualization on April 30th at the Wall Street Technology Association. This event is located at the Raddision Martinique in New York City.
http://www.wsta.org/events/security_in_a_virtualized_world_panel_discussion_and_forum/
Security Shouldn’t Take a Backseat to Virtualization
Ryan Sherstobitoff, Chief Corporate Evangelist
Companies are widely adopting server virtualization in an effort to improve operational efficiency and increase cost savings. While transitioning to this standardization across multiple platforms, security measures can oftentimes take a backseat, putting company assets at risk.
Cyber crime is at its highest level to date and industry experts estimate that 4,000 new malware strains surface on a daily basis. Hackers have become clever in creating root-kits that subvert the host operating system, and attacking all endpoints of the network. Better security controls need to be taken into consideration when deploying end-point protection for virtualized resources.
This presentation will educate attendees on:
· How to assess inadequacies when conducting security audits and if assets are already being compromised with undetected malware
· How to prevent the occurrence of malware infections on virtualized networks
· How to evolve security best practices to include better assessment methodologies that take into consideration crimeware innovations and locate unnoticed infection points
1 Comment | 
General, Malware | 
Permalink
Posted by Ryan Sherstobitoff
March 28, 2008
Over a five month period, Panda Security conducted several audits with a large state agency in the United States to assess the level of risk pertaining to hidden and undetected infection points. Due to the confidential nature of this customer, we cannot disclose the agency name. The information learned from this case is a great demonstration of how even the “well-protected” networks require more effective tools to fend off the latest generation of malware.
This agency by nature is obligated to enforce rigorous security policies to protect against unauthorized activity, especially when they are responsible for securing a large network of sensitive information. Some of the restrictions the agency enforces on its users include:
- Users have limited rights to the network
- Users can’t modify anything within the system directory
- Users must access the Internet through a secured proxy.
In such a secure environment, it should be extremely difficult for malware to cause any harm to the network. Unfortunately, even with these strict access rules, Panda Security found various dangerous intrusions in the agency’s network caused by malware.
The following case study covers an audit spanning more then 4,500 PCs with active, up-to-date anti-malware software from a leading vendor. These PCs were analyzed against a set criteria consisting of hidden active or latent malware along with their associated vulnerabilities.
For more information please see the attached study: Case Study
Leave a Comment » | 
Crimeware, General, Malware, Malware analysis | Tagged: cio, exploits, government, hacked sites, hacking, iframe, Malware analysis, pandalabs, study, virii, Virus | 
Permalink
Posted by Ryan Sherstobitoff
March 28, 2008
Recently I came across an interesting site (www.zoneh.com) that displays statistical information on web page defacement. It also shows information on the sites that were hacked and provides a mirror to them.
However; some of these “defacement” sites are questionable and some contain “iframe” exploits; in our case a malicious packer was included in one of the mirrored sites hacked.
This particular site belonged to a branch of the Brazilian Government.
When I clicked on the domain “xxx.pr.gov” on the title bar shown above I was redirected to a mirror in which the hacked site was displayed. Furthermore; the Panda Security permanent protection notified me of the potential iframe and packer trying to attack my machine (this is an example of using generic unpacking routines to detect malware using packers).
Further examination of the site shows an iframe tag that appears to be obfuscated and heavily garbled.
Hackers have become increasingly sophisicated and are using new techniques to evade anti-virus analysis. Packers are one of them.
Leave a Comment » | 
Malware analysis | Tagged: hacked sites, hacker, Malware analysis, page defacement, trojan, Virus, zone-h | 
Permalink
Posted by Ryan Sherstobitoff
March 26, 2008
Recently Panda Security was notified regarding an on-line scam currently in production claiming to offer Panda Security, McAfee, Symantec and Adobe products in addition to a product known as error mechanic.
The site www.pandasecuritysoftware.com and the following associated domains are part of this scam:
pandaantivirus2008.com
panda-antivirus-2008.com
pandasecurity2008.com
pandaantivirus-2008.com
panda-anti-virus.com
panda-2008.com
antivirus-panda-suite.com
panda-ib.com
panda-2008.com
panda-anti-virus.com
panda-antivirus-2007.com
panda-antivirus-2008.net
panda-bdl.com
panda-ib.com
panda-suite.com
pandaantivirus-2007.com
pandaantivirus-2008.com
pandaantivirus-ib.com
pandaantivirus2008.com
pandasecurity2008.com
pandashield.com
pandasuite2007.com
panda-bundle.com
pandabundle.com
pandasecuritysoftware.com
pandasecuritysoftware.net
Some words of caution: This site and the domains are not supported or in anyways affiliated with Panda Security and may contain hidden infections, therefore; we strongly advise to refrain from visiting any of these domains.
Fortunely our testing indicates that the potential malware reported to reside on these pages has been removed, thus, it is still recommended to perform a scan at www.nanoscan.com to be 100% you are not infected.
Furthermore; when making software purchases it is advisable to purchase from the recognized vendor’s web-site or from an authorized partner. Otherewise you may become a victim of ID Theft.
Leave a Comment » | scam | Tagged: anti-malware, panda security, pandalabs, scam, security, trojan, Virus | Permalink
Posted by Ryan Sherstobitoff
March 25, 2008
I came across this interesting article that talks about a Trojan; not any Trojan but a Trojan that automates PPC click-fraud that is currently targeting Google and Yahoo (http://www.securitypronews.com/news/securitynews/spn-45-20080312ClickFraudTrojanTargetsGoogleYahoo.html).
What’s interesting about click-fraud is the little amount of attention that it receives in the media in comparison to Identity Theft and the other horrors of the Internet. In fact you are more likely to see news on the latest and greatest zombie-bot net then click-fraud.
However; many companies who have paid good money for Pay-Per-Click (PPC) advertising are falling victim to false impressions due to the rising click-fraud movement in America.
According to Click Forensics the annual click-fraud rate has grown by 28.3%; that’s nearly a quarter of all on-line advertising http://www.clickforensics.com/Pages/ClickFraudIndex.aspx.
For the worst part bot-nets are being used to automate PPC clicks in order to ensure that the activity looks authentic.
So this leaves us with one question, is your PC part of a click-net.
2 Comments | Crimeware, click-fraud | Tagged: click-fraud, forensics, fraud, Malware, panda security, panda software, spam, trojan, Virus | Permalink
Posted by Ryan Sherstobitoff
