Astaro Security Gateway – Home User UTM

Got an old PC and a couple network interface cards lying around?  Do you want a pretty decent all-in-one security system for your home network?  Astaro Security Gateway (formerly Astaro Security Linux) is an all-in-one network security gateway providing Unified Threat Management with a firewall, intrusion protection, antivirus, spam protection, URL filtering, and a VPN gateway.

Features include a modern packet filter, intrusion detection and prevention, portscan detection, content filtering, virus detection for email and Web traffic, profile handling, L2TP, IPSec, SSL, and PPTP VPN tunneling, spam blocking, proxies for HTTPS, HTTP, FTP, POP3, SMTP, DNS, VoIP, SOCKS, and Ident, logging, and reporting. 

It supports Ethernet, VLAN, PPP, PPPoE, PPPoA, Cable Modem, IPv6, QoS, Link Aggregation, and WAN-Uplink-Load balancing in routing, and bridge mode. The WebAdmin GUI, Install Wizard, Change Tracking, Printable Configuration, and Up2Date service make it easy to install, manage, and maintain.

It sets up in less than an hour, and works incredibly well.  Check it out.  http://www.astaro.com/products/astaro-security-gateway-software-appliance

Canadian Government Under Attack

The Canadian government is under attack, apparently from China, giving foreign hackers access to highly classified information and forcing at least two key departments off the internet, according to CBC reports.  The attack was first detected in early January.  Hackers took over control of government computers belonging to top officials, most likely through drive-by web attacks or Trojan horse programs.  A spear-phishing email campaign was launched targeting executives and their staff with provocative messages containing malicious links or attachments.  Social engineering attacks were also used once the email system was compromised, asking staff to reveal passwords to key networks.  Once the attack was detected, security officials shut down all internet access in both affected departments in an attempt to stop the information leakage.  The containment effort left thousands of public servants without internet access.  Service has slowly been returning to normal since the attack.

The attacks were traced back to computer servers in China, but there is no way of knowing for certain if the hackers are Chinese, or using China to cover their tracks.  The Canadian government initially issued a statement dismissing it all as an “attempt to access” federal networks.  It has refused to release any further information.

CBC has confirmed that the attackers successfully penetrated computer systems at two main economic nerve centres, the Finance Department and Treasury Board, apparently taking control of computers in the offices of senior executives as part of a scheme to steal passwords that unlock entire government data systems.  It is unclear whether the attackers were able to compromise other networks and sensitive data.  The government is trying to keep the security breach under tight wraps.

 CBC Report

‘Night Dragon’ Espionage Report

Hackers working in China broke into the computer networks of five multinational oil and gas companies, stealing bidding plans and other critical information, McAfee said in a report.   The attacks have been dubbed “Night Dragon” and the report did not identify the companies that were hacked.  The report did say that another seven or more had also been compromised, but may not have had data stolen.

This issue “speaks to quite a sad state of our critical infrastructure security.  These attacks have involved social engineering, spear-phishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive information.

“These were not sophisticated attacks.  Yet they were very successful in achieving their goals,” said Dmitri Alperovitch, McAfee’s VP of threat research.  The hackers got into the computers either through public websites or through infected emails sent to company executives.  The Night Dragon attacks work through methodical and progressive intrusions.

These basic activities were performed by the Night Dragon operation:

Continue reading →

Roll Your Own Facebook Malware

Malware distributors are selling a $25 toolkit to anyone interested in creating and distributing malicious Facebook apps, according to Websense Security Labs.

You don’t even have to have development experience, you just need to follow the instructions and a working malicious Facebook application is at your disposal.  The do-it-yourself toolkit offers a malware template for distributing the app, directs users to click-fraud accounts, and pushes Facebook users to fake surveys to steal their personal information.  This commoditization of Facebook targeted malware is further evidence that social networks are a target rich environment for criminals bent on identity theft and personal information attacks.

 Websense researchers have linked the toolkit, called TinieApp, to 2 recent rogue app attacks that appeared on Facebook over the past week.

Super Bowl, Valentines Spam Begins

I have received plenty of spam lately, promising to share “the best ads ever” and left overs from the Super Bowl, just in case I missed them, and also some special messages from the ones that seem to love me the most for Valentines Day.  Expect to see a lot of this cruft all year round as these dirt bags attempt to social engineer you into visiting their sites, executing their scripts and downloading the malicious garbage that allows them to acess your resources.

If you receive an e-card from someone that you know, call them or send them an email BEFORE you open the email.  From someone that you don’t know, let me introduce you to the big DELETE key…  Some of the emails are fully loaded to auto-execute their payload, others require you click a link.  Do not trust this very popular and effective vector of attack.

EXAMPLE:

From: Valentines-E-Cards@lbEbW.com [mailto:Valentines-E-Cards@lbEbW.com]
Sent: Monday, February 07, 2011 1:06 PM
To: some_address@hotmail.com
Subject: Someone has just sent you an e-Card![Secret Admirer] has just sent you an e-Card!

To view and respond to your e-Card Click Here!<link_removed>

Beware Toxic Resumes

The US Internet Crime Complaint Center issued a warning that hackers are searching the internet for online job postings, and responding with booby-trapped resumes.  Recently, more than $150,000 was stolen from a US business via unauthorised wire transfer as a result of an e-mail attachment that contained malware.  In that particular case, the malware was embedded in an e-mail response to a job posting the business had placed on an employment website.  The malware allowed the attacker to obtain the online banking credentials of a person authorised to conduct financial transactions within the company.

http://www.securitynewsdaily.com/resume-malware-targets-hiring-departments-0441/

Smart Device Security @ CES

Smart device security firm Mocana co-hosted this year’s Amphion Forum with Symantec at the Consumer Electronis Show.  The Forum was a closed-door executive roundtable, exploring the threats and opportunities presented by the proliferation of connected, non-PC devices, bringing together executives from Citrix, Freescale, Google, IBM, Intel, Motorola as well as academia, research firms and the government sector. 

Continue reading →

Spam Levels Drop Significantly

Over the 2010 holiday season, spam levels dropped drastically, according to information from Symantec’s Paul Wood.  Symantec’s spam honeypots report the lowest volume since rogue ISP McColo was shut down in November 2008.  As shown below, the amount of spam worldwide has dropped dramatically since 25th December 2010.

Figure 1 – Global spam volumes

The main cause of this drop is a from a huge, yet mysterious, reduction in output from the Rustock botnet, the most dominant spam botnet of 2010.  Two other major botnets, Lethic and Xarvester have also reportedly ceased to generate significant spam.  MessageLabs Intelligence has seen virtually nothing from Lethic since the 28th, and Xarvester since the 31st of December.

I know this won’t last, and the next spam run is probably seconds away, but a nice reprieve for those overworked Exchange Servers!

Symantec

SecureList – Internet Fraud for Dummies

As long as there are people with money, fraud will exist.  It can be found everywhere and the Internet is no exception.  As the conclusion of an online article by Kaspersky says, it is found in email, on social networks, and on various websites.  Over the years, criminals have invented new tactics, but the scams are ultimately the same.  The only protection users can expect comes through awareness and self-preseravtion in the virtual space. 

I must thank Darya Gudkova for writing such a comprehensive overview of online fraud, Kaspersky Labs for sponsoring and maintaining the SecureList website, and hope that you find the advice and information in this article helpful, especially as we head towards another high-risk holiday season.

Internet Fraud for Dummies

WebSense 2010 Threat Report

WebSense has published its 2010 Threat Report.  I have only just started reading the report, but the page that it is posted on provides these highlighted findings, affirming that while broad threats continue, focused, targeted attacks are on the rise:

• 111.4% increase in the number of malicious websites from 2009 to 2010
• 79.9% of websites with malicious code were compromised legitimate sites
• 34% of malicious Web/HTTP attacks included data-stealing code
• 52% of data-stealing attacks were conducted over the Web
• 89.9% of all unwanted emails during this period contained links to spam sites and/or malicious websites
• The US and China continued to be the top 2 countries hosting crimeware and receiving stolen data during 2010
• The Netherlands has found its way into the top 5 countries hosting crimeware and receiving stolen data
• Searching for breaking news represented a higher risk (22.4%) than searching for objectionable content (21.8%)
• 23% of real-time search results on entertainment lead to a malicious link
• 40% of all Facebook status updates have links and 10% of those links are either spam or malicious

The Websense report also analyzes recent headline-grabbing attacks such as Aurora, Stuxnet, and Zeus, and others for malicious and data stealing code.  Also featured are statistics on the top five hosts of data-stealing code, a deep analysis of social Web content and threats, and an in-depth link analysis of top social networks.

Get the full report from here!