According to the article, “Coming soon: ‘Clash of the Banking Trojans’,” a malware programmer plans to release a program known as “Ares”. The malicious software is “a small, lightweight executable that can evade antivirus and be easily placed into PDFs and other exploitable files.”

Despite these unique features, what distinguishes Ares from other malware is a module platform that enables criminals to customize and update it to meet their specific needs. In a post on a criminal online forum, the developer said Ares gives a buyer of the malicious code something other programs don’t — a choice.

“I actually consider this more of a platform which is customized to each buyers liking. This is what draws a line between Ares and other bots.”

While Ares remains only a threat, if released, security experts say the new Trojan could pose a serious danger as it rolls out in numerous versions and targets different businesses. However, systems protected by CoreTrace’s BOUNCER application whitelisting solution need not worry. No matter how the program is customized, BOUNCER proactively blocks all attempts the malicious code makes to run on a system, thereby beating down any new customizable malicious software such as Ares and other malware variants that try to execute on a machine.

In the article, “88 percent of firms show Zeus botnet activity,” RSA’s FraudAction Anti-Trojan services analyzed data stolen by Zeus from infected computers that included IP addresses and emails that belonged to the corporations. Among the stolen data found on the sites where infected computers drop the stolen data was compromised email addresses from about 60% of the firms.

With such a high percentage of botnet activity hitting Fortune 500 companies, it just goes to show that even the biggest, theoretically most advanced companies from a security standpoint are not immune to being hit by infectious malware.

It all circles back to a recent posting on what we’re doing today to improve our cyber defenses. In the blog, “Repercussions, not legislation, key to improving nation’s cyber defenses,” I mentioned that we need to get out of the status quo network security practices and techniques that are flawed, and start thinking in a more proactive manner. Until we do, our systems will remain at risk of hidden malicious code and malware attacks designed to snoop and steal our sensitive data, whether we know it or not.

Without further delay, here are the stories that caught my eye in November:

• Apple issues a massive security patch of its own – In November Apple issued a patch that fixed 58 holes as reported by Threatpost. The days of Apple being immune to security compromise are over. The combination of phishing and browser based attacks should make Mac users concerned and will soon drive security solutions adoption on those systems.
• Microsoft is back with it’s own large security patch – Microsoft fixed 15 separate vulnerabilities with 6 security updates in November. This is the same old story as previous months, but at least it wasn’t the record 13 updates hit in October.
• Microsoft reported an increase in worm infections, but decrease in scareware antivirus – Worm infections were up over 98% since the last Microsoft Security Intelligence report and it appears that Conficker bears a good part of the blame. Researchers believe that it is still being spread by USB keys with autoexecute capabilities. Scareware numbers are down where a user is tricked into visiting a site that says they are infected and then prompted to download “protection” from the malware.
• More news of botnet operators utilizing social networks to avoid detection – Searchsecurity.com reported that botnet writers are turning to Google and social networks. Popular social networking sites like Facebook and Twitter are increasingly prominent in security news for both spreading infection and providing a means of command and control for organized malicious software writers.
• Four people were sentenced in the UK for attacks on online banks – This is something I would like to see more of. It is a rare occurrence when cyber criminals are actually tracked down and brought to justice. Last month four individuals who were syphoning money from online accounts were caught and sentenced.
• CSO online had a nice detailed story about the fight against botnets – CSO published a nice seven page story about the individuals and organizations who research and combat botnets. It’s an interesting and informative read.
• Windows 7 is revealed to have flaw that allows DoS attacks – A flaw in the OSs Server Message Block (SMB) could be used to crash the system and could be activated when a user visits a malicious website.

There were several other interesting stories, but the fact remains that endpoints are under attack and we are in a continual catch up game with our current endpoint security.

A recent article in SearchSecurity.com, “Hackers to sharpen malware, malicious software in 2010″, points to increasing sophistication in cybercriminals’ use of social networking sites. Robert Westervelt writes:

In an effort to sustain growth and pick up new users, more social networks are opening up their architecture to allow third-party applications. Cybercriminals can take advantage of this by developing applications out of the social network environment to target users. In addition, access to social network APIs gives attackers a roadmap to vulnerabilities in legitimate third-party applications and a way to tap into user accounts.

Changes in this environment means that businesses will be more pressed than ever to set policies around the use of social networks on company IT resources and this won’t be popular. It will be made all the more difficult by the fact that social networks aren’t just for personal use any more. More businesses than ever are engaging in social media and using it to connect to customers, provide service, and promote their company.

Expect web site access control, application whitelisting and software asset management solutions to play an even more important role than ever on corporate networks. It will be essential that businesses both understand and control what applications their employees are using to defend against an increasingly prevalent threat.

The complaint is that 60 Minutes didn’t do their homework and that there is no proof that the actual outage was caused by hackers. I won’t get dragged into that dispute here, but I would like to address the conclusion that some have made that hacking in general is overstated.

To those who work in the security industry and say that the cyber threat to both Government and private systems is over hyped, my answer is have they even been paying attention? Both foreign governments and organized online crime have been carrying out attacks with specific purposes with increasing frequency and the evidence is all around us.

Here are some examples:

• From 60 Min story – U.S. Government loses over a terabyte of sensitive information:

  “In 2007 we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor,” Lewis said. “Some unknown foreign power, and honestly, we don’t know who it is, broke into the Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA. They broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information.”

• Hackers steal over 130 million credit card numbers online – In August Albert Gonzales was indicted for stealing over 130 million credit card numbers from Heartland and other online businesses.

• Clampi trojan steals bank login information – Cnet posted a good article on the organized use of trojan horses to monitor our online activity and steal our credentials when we visit one of over 4600 banking sites.

• Bahama botnet used to drive online click fraud – From a recent eWeek article:

  Click Forensics, which has been reporting on click fraud data and trends for over four years now, released its figures for Q3 2009 this week. According to the latest figures, botnet-driven traffic accounted for 42.6 percent of all the empty ad traffic between the beginning of July and the end of September 2009.

  The results represents a significant increase in such activity, more than doubling botnet-driven click fraud compared to the same period in 2007 and gaining from the 27.5 percent reported for the same quarter in 2008.

These aren’t random infections from worms. This is organized hacking with a purpose. These are just a few real examples of our systems under attack and there are far more that simple searches will reveal. Our online systems are targets plain and simple and the security of our power grid is serious business.

If there is one thing that I hope people get from the 60 minutes story it’s that we need to understand the threats that exist out there and take the steps to mitigate that risk before a serious attack takes place. We have to remember that all significant threats can be considered FUD before they happen. When it comes to protecting our critical infrastructure I hope we don’t stick our head in the sand.