New Threat Trends Reported

New Threat Trends Reported
New Threat Trends Reported

Forwarded with permission from: Security UPDATE 


Webinar: Deploying Macs in the Enterprise 

Hosted Security: A solution for small and medium-sized businesses 

Protecting Mobile Users' Data 

=== CONTENTS ==================================================
IN FOCUS: New Threat Trends Reported

   - BigFix Launches Tightly Integrated Endpoint Security
   - Barracuda Networks Gobbles Up NetContinuum
   - BT Counterpane Offers Two New Managed Service Options
   - Recent Security Vulnerabilities

   - Security Matters Blog: CastleCops Endures a New Kind of Attack
   - FAQ: Delegate GPO Editing Permissions
   - From the Forum: Limiting Log-on Access to One User
   - Share Your Security Tips

   - Web Service Lets You Call to Authenticate
   - Product Evaluations from the Real World




=== SPONSOR: Centrify =========================================
Webinar: Deploying Macs in the Enterprise
   Join Centrify and a special guest from Apple at 10 a.m. Pacific on 
Tuesday, October 9 for this informative presentation. You'll learn how 
to lower the barriers to Mac adoption in the enterprise by seamlessly 
integrating Mac OS X systems with Microsoft Active Directory's 
authentication, access control and Group Policy services. This free 
event features top industry experts who will explain what IT managers 
need to know in order to deploy Macs securely, and manage them 
efficiently within an Active Directory environment. A live Q&A session 
will take place after the main program. 

=== IN FOCUS: New Threat Trends Reported ======================   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

As always, the trends in security administration are shifting, and 
companies should monitor those trends to keep up to speed on where they 
might need to pay special attention. Recently, three new security trend 
reports were released, and you should consider adding these to your 
more immediate reading list.

The first report is from Symantec, which released the Internet Security 
Threat Report Volume XII. The report (issued quarterly, at the first 
URL below) highlights the fact that, as we've seen, intruders are now 
more profit oriented than they were previously. That trend probably 
isn't going to diminish any time soon. Also as we've seen, intruders 
are turning to more sophisticated ways of breaching security, and those 
ways now include prepackaged intrusion kits such as MPack that can be 
purchased at "underground" sites on the Internet. You can learn more 
about MPack by reading the articles listed at the second URL below. 

Trends also include intruders infiltrating trusted or high-profile 
sites; a large percentage of those sites' users can then become 
infected with Trojan horses and other malware. There is of course a lot 
more to the report, so get yourself a copy and read it carefully. 

The second report comes from IBM Internet Security Systems (ISS). Cyber 
Attacks on the Rise: IBM X-Force 2007 Midyear Report reveals a couple 
of interesting trends. Malicious exploit developers have turned to 
providing "exploits as a service," as IBM refers to the trend, and 
leased exploits. These new pricing models lower the barrier to entry 
because individuals no longer have to buy an expensive exploit 

Another trend pointed out by both Symantec and IBM is the use of 
"downloaders," which when installed on a victim's computer, download 
and install other code, basically letting an intruder take a wide range 
of other actions. Symantec said that according to its data so far this 
year, "28 of the top 50 malicious code samples were staged 
downloaders." IBM says that downloaders were the most prevalent type of 
malware throughout 2006 and that so far in 2007, Trojans are the most 
prevalent, but the year isn't over yet. 

Another interesting bit of data from IBM's report is that the 
"percentage of vulnerabilities that can be exploited remotely has grown 
in the first half of 2007 to 90 percent versus 88 percent in 2006." 
Wow. You can get a copy of IBM's report at its ISS Web site at the URL 

Both Symantec and IBM point out that obfuscation is increasingly used 
in conjunction with Web-based attacks. That makes it slightly more 
difficult for researchers to get at the code behind an attack and puts 
a larger burden on companies whose products try to filter out such 
attacks. This leads indirectly to the third report, which is from 

Finjan's Web Security Trends Report (Q3 2007) points to canned Web 
applet code as a growing source of risk. Such code, typically referred 
to as Web widgets, is developed to perform a range of actions that 
usually insert content into a Web page. For example, there are widgets 
to pull in weather data and RSS feeds, provide a live chat box, and 
display schedules and reminders. Finjan's report says, "To give an idea 
of the number of widgets and gadgets available there are 3720 available 
on, 3197 on and 3959 on, many of 
these applications are already being used by millions of people." There 
are of course many places to obtain widgets, and Windows Vista even 
supports the use of widgets on the desktop. 

A problem with such widgets is that a third party could develop and 
widely distribute a seemingly harmless widget that actually has 
malicious intent. Furthermore, an honest third party could develop a 
widget that contains coding errors that could lead to attacks on 
innocent users. So be sure to get a copy of Finjan's report at the URL 
below and consider the risk posed to your network environment. 

=== SPONSOR: St. Bernard Software =============================
Hosted Security: A solution for small and medium-sized businesses
   Is effective security out of reach for your small or medium-sized 
business? Imagine having a team of IT experts who only focus on 
security as part of your staff. Download this white paper today and 
find out how you can eliminate your company's security risks. 

=== SECURITY NEWS AND FEATURES ================================
BigFix Launches Tightly Integrated Endpoint Security
   BigFix's new Endpoint Defender suite includes antivirus, 
antispyware, firewall, patch management, vulnerability assessment, and 
asset discovery features all targeted at midrange businesses. 

Barracuda Networks Gobbles Up NetContinuum
   Barracuda Networks completed its acquisition of Web application 
firewall maker NetContinuum and is banking on Payment Card Industry 
(PCI) compliance requirements to help drive sales. 

BT Counterpane Offers Two New Managed Service Options
   Managed security service provider BT Counterpane announced two new 
service offerings, both of which are powered by Qualys vulnerability 
scanning technology. 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at 

=== SPONSOR: Atempo ===========================================
Protecting Mobile Users' Data
   Traditional business backup solutions don't usually take into 
consideration the special case of the mobile or casually connected user 
and this makes it all too easy for these users to get lost in the 
shuffle of the daily support responsibilities of most IT departments. 
This Web seminar will provide you with ideas, suggestions, and 
solutions to the problems inherent in protecting and backing up the 
data used and generated by the mobile business user. 

=== GIVE AND TAKE =============================================
SECURITY MATTERS BLOG: CastleCops Endures a New Kind of Attack
by Mark Joseph Edwards, 
   Previously I wrote about how CastleCops and other security sites 
fell under Distributed Denial of Service (DDoS) attack. When these 
attacks were thwarted, the perpetrators turned to a more insidious type 
of attack. Learn more about this new attack, and get a long list of 
cool tools at 

FAQ: Delegate GPO Editing Permissions
by John Savill, 

Q: How do I delegate permissions for someone to edit a GPO?

Find the answer at 

FROM THE FORUM: Limiting Log-on Access to One User
   A forum participant writes that his office has a standard Windows 
domain environment with one machine that runs some shipping label 
software and that uses a general "community" logon. Recently, a few 
employees mistakenly logged onto this machine with their personal 
domain username, and it messed up the program running on that box. How 
can the participant lock down which domain users can log on to a 
specific computer. Join the discussion at 

   Share your security-related tips, comments, or problems and 
solutions in Security Pro VIP's Reader to Reader column. Email your 
contributions to If we print your submission, 
you'll get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS ================================================== by Renee Munshi, 

Web Service Lets You Call to Authenticate
   Positive Networks announced the release of PhoneFactor, a Web-based 
two-factor authentication service that turns a user's phone into an 
authentication device, replacing smart cards or tokens. The user can 
make a free call from anywhere in the United States to authenticate to 
VPN appliances, Citrix, or Microsoft Outlook Web Access (OWA). A Web 
SDK lets companies implement PhoneFactor with other Web or custom 
applications. The basic PhoneFactor service is free, but Positive 
Networks sells add-on features such as multiserver support, directory 
integration, international authentication, reporting and auditing, and 
support and product maintenance packages. For more information, go to 

   Share your product experience with your peers. Have you discovered a 
great product that saves you time and money? Do you use something you 
wouldn't wish on anyone? Tell the world! If we publish your opinion, 
we'll send you a Best Buy gift card! Send information about a product 
you use and whether it helps or hinders you to 

=== RESOURCES AND EVENTS ======================================   For more security-related resources, visit 

Gain insight into business intelligence and Microsoft application 
platform optimization (APO) solutions in this full-day business 
intelligence virtual conference on October 4, 2007. 

Get the facts about Microsoft Unified Communications and Exchange 
Server 2007 at one of six day-long workshops starting in mid-October. 
Don't miss out on your chance to attend in one of the following cities: 
Portland, Oregon; San Diego; Denver; Philadelphia; Atlanta; or Chicago. 
Visit our Web site for dates and details. 

In this Web seminar, David Chernicoff provides ideas, suggestions, and 
solutions to the problems associated with protecting and backing up the 
data used and generated by mobile and casually connected users. 

=== FEATURED WHITE PAPER ======================================
Learn how to protect and recover business-critical data and 
applications when recoverability matters. This white paper focuses on 
new ways to maintain Exchange uptime by using data protection, 
failover, and application availability. 

=== ANNOUNCEMENTS =============================================
Windows IT Pro: Buy 1, Get 1 
   With Windows IT Pro's real-life solutions, news, tips and tricks, 
and access to over 10,000 articles online, subscribing is like hiring 
your very own team of Windows consultants. Subscribe now, and get 2 
years for the price of 1! 

Save 50% Off Scripting Pro VIP 
   Scripting Pro VIP is the IT administrator's source for scripting 
information, tools, and downloadable code. Subscribers also get access 
to our editors to help answer technical questions, as well as a host of 
other unique benefits. Order now at an exclusive charter rate and save 

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and Security Pro VIP (second URL 

Subscribe to Security UPDATE at 

Be sure to add 
to your antispam software's list of allowed senders.

To contact us: 
About Security UPDATE content -- 
About technical questions -- 
About your product news -- 
About your subscription -- 
About sponsoring Security UPDATE -- 

View the Windows IT Pro privacy policy at 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - 

Site design & layout copyright © 1986-2015 CodeGods