A recent article in SearchSecurity.com, “Hackers to sharpen malware, malicious software in 2010″, points to increasing sophistication in cybercriminals’ use of social networking sites. Robert Westervelt writes:

In an effort to sustain growth and pick up new users, more social networks are opening up their architecture to allow third-party applications. Cybercriminals can take advantage of this by developing applications out of the social network environment to target users. In addition, access to social network APIs gives attackers a roadmap to vulnerabilities in legitimate third-party applications and a way to tap into user accounts.

Changes in this environment means that businesses will be more pressed than ever to set policies around the use of social networks on company IT resources and this won’t be popular. It will be made all the more difficult by the fact that social networks aren’t just for personal use any more. More businesses than ever are engaging in social media and using it to connect to customers, provide service, and promote their company.

Expect web site access control, application whitelisting and software asset management solutions to play an even more important role than ever on corporate networks. It will be essential that businesses both understand and control what applications their employees are using to defend against an increasingly prevalent threat.

• Sept 1, 2009 – IIS FTP flaw announced with exploit code
  Microsoft kicked off the month by confirming the publication of exploit code for the IIS FTP vulnerability that could allow remote code execution on affected systems. The vulnerability affected systems running the IIS web server and was particular dangerous to FTP servers that had anonymous accounts for uploads.
• Sept 3, 2009 – Apple shows it continues to have more security problems than its ads would lead you to believe
  Apple released security patches for Java that fixed 15 documented security vulnerabilities. The most serious vulnerability allowed unauthorized Java applets to gain escalated privileges.
• Sept 5, 2009 – Microsoft announces patches will fail to include fix for IIS flaw
  The patch that was released following the announcement of the IIS exploit code did not contain a fix for that problem. Despite the severity of the problem, the complexity involved with producing, testing and distributing a patch to a serious security vulnerability prevented Microsoft from quickly fixing the hole in their operating system. At this same time, limited attacks were beginning to show up against those servers.
• Sept 9, 2009 – Microsoft announces SMB2 vulnerability affecting Windows Vista and Windows Server 2008
  Yet another zero-day vulnerability was announced without an immediate fix. Some security experts debated the impact of this vulnerability with many thinking this could set the stage for a Vista worm.
• Sept 11, 2009 – Clampi botnet continues to be a problem
  Online banking credentials continue to be targeted and stolen online by this dangerous botnet.
• Sept 17, 2009 – Security researchers demonstrate a remote exploit of the SMB2 vulnerability capable of spawning a worm
  The vulnerability was originally announced as a denial of service vulnerability and now was shown to have the potential to propagate a worm.
• Sept 17, 2009 – Botnets being used for click fraud
  Computerworld reported that the “bahama botnet” was being used to create fraudulent clicks to be used for affiliate marketing fraud.
• Sept 18, 2009 – Microsoft releases fix/workaround to SMB2 vulnerability
  The day after researchers announced remote exploitation code for the SMB2 vulnerability that could lead to a worm, Microsoft issued a fix that essentially turned off the service until a patch could be issued. They also indicated that this could have a performance impact until they produced the patch.
• Oct 1, 2009 – Antiphishing Working Group announces that phishing websites and rogue anti-virus software sites are dramatically on the rise.
  Coordinated attacks to trick users into infecting their PC with malware are booming. Phishing websites and fake anti-virus software both work to direct users to bogus sites where they become infected with malware.

All in all, this past month was more evidence that our reactive patching and signature based endpoint security strategy is coming to an end of its useful lifespan. The discussion has already begun at conferences and among the analysts as to what will become the new de facto endpoint security standard. Signs point strongly to a whitelisting solution playing a prominent role in this transition.