In a month known for love, February was filled with more heartbreaking stories of security problems and problematic fire drill patching. Is it me, or does it seem like everybody’s experiencing security compromises stemming from patching flaws and vulnerabilities within their system? Instead of resulting in more secure networks, what these and other recent stories point out is that malware only highlights the fact that existing desktop security isn’t working properly. Check out some of the top stories from February 2010.
Security patches cripple Windows XP computers
Windows customers were up in arms over a Microsoft security patch that left their PCs locked down with the notorious Blue Screen of Death. This was yet another glaring example of the problems organizations experience when rolling out patches quickly.
In a follow-up article to Microsoft’s patching problems, evidence suggested that a rootkit infection was behind problems Windows users experienced after installing several security updates. According to the computer expert who discovered the infection:
“This particular rootkit can be very difficult to detect. Atapi.sys is an important driver for all Windows systems and it loads very early during the boot process, so infecting this file can make it very hard to detect or remove the rootkit before it loads.”
Zeus Trojan found on 74,000 PCs in global botnet
It was reported that over 74,000 computers at nearly 2,500 organizations around the world were compromised over the past year and a half in a botnet infestation designed to steal login credentials to bank sites, social networks and email systems. While Operation Aurora had its own success with popular networks internationally, the number of corporate and government systems infected paled in comparison to the Zeus Trojan.
The Wall Street Journal reported that Merck, Cardinal Health, Paramount Pictures and Juniper Networks were among the targets in the attack.
To make matters worse, a competing crimeware toolkit called SpyEye is waging a turf war against the mighty Zeus bot. For $500, aspiring rival cybercriminals can use the tool to uninstall Zeus from an infected system and keep SpyEye running on the system to steal credit cards and email accounts. Talk about cyber gang warfare.
Malicious PDF files comprised 80% of all exploits in 2009
In the often-seen case where hackers gravitate to the most popular Internet applications, it was reported that rogue PDFs accounted for 80% of all exploits by the end of 2009. And much like other leading technology companies, Adobe continues to patch several critical vulnerabilities in Adobe Reader and Adobe Acrobat for Windows, Mac and Linux.
Google teams up with NSA to fight cybercrime
As a result of Operation Aurora, The Washington Post reported that Google has teamed up with the National Security Agency (NSA) to help the Internet research firm defend itself and its users from future attacks. The Director of National Intelligence call the Google attacks a “wake-up call,” and that cyberspace cannot be protected without a “collaborative effort that incorporates both the U.S. private sector and our international partners.”
Unfortunately, what we are continuing to see in early 2010 is that patching and other traditional antivirus software are failing to adequately defend our systems. In fact, if anything they appear to be causing more problems. Organizations are better off focusing on ways to effectively stop Web-malware and malicious code from executing in the first place. This is where a solution such as application whitelisting can defend even flawed networks from running malware within their operation systems. If it’s not an authorized application, it does not run in the system. It’s that simple.
As always, I thank you for stopping by to read this blog. I hope it continues to bring to light some of the important issues we all face as security professionals. Come back soon.