News

Wednesday, February 27, 2008

3 Million Malicious Web Pages Plague the Internet

SECURITY UPDATE
A Penton Media Property
February 27, 2008


If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-251997-0-0-0-1-2-207

----------------------------------------
ADVERTISEMENT
Shavlik Technologies

The Essential Guide to Creating an Environment for Sustaining Compliance

Compliance is not a single, point-in-time project. Mandates change,
systems change, businesses change. New mandates are created. This guide
will discuss compliance solutions that provide an important way to
reduce costs, while improving compliance and helping realize business
value from compliance efforts. The solution should help you:

* Improve your security posture
* Ensure that in making your organization more secure you're also
complying with multiple mandates
* Generate reports about your security posture that link back to
internal and external mandates, demonstrating you are in compliance

Download now to learn how to create an environment for sustaining
compliance.

http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-251998-0-0-0-1-2-207
----------------------------------------

IN FOCUS

--3 Million Malicious Web Pages Plague the Internet
by Mark Joseph Edwards, News Editor
Last week, in "Online Fraud Continues to Escalate" (URL below), I
presented an overview of data collected and analyzed by Cyveillance. You
recall that the data revealed several interesting statistics, including
that in fourth quarter 2007, 51 percent of phishing pages were hosted on
compromised servers.

www.windowsitpro.com/Windows/Article/ArticleID/98332/98332.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-251999-0-0-0-1-2-207)

Google released a report that reveals still more staggering figures.
From January through October 2007, Niels Provos and Panayiotis
Mavrommatis (both of Google), along with Moheeb Abu Rajab and Fabian
Monrose of Johns Hopkins University, subjected approximately 66.5
million Web pages to in-depth analysis, which revealed that more than
3.4 million malicious Web pages are plaguing the Internet with drive-by
downloads.

A drive-by download is a situation in which a computer becomes infected
with some sort of malware when its user simply visits a Web page. Such
infections typically take advantage of vulnerabilities in browsers,
browser components (typically add-ons), and OSs.

One question that might arise is this: If Google indexes billions of Web
pages, then why were only 66.5 million pages subjected to in-depth
inspection? The answer is both simple and complicated. Put simply, the
team sifted Google's multibillion-page haystack to find suspicious
needles by using a somewhat complex methodology. In short, the team used
automation to analyze page content for specific factors such as
"out-of-place" iFrames, iFrames that pulled content from known malware
sites, and obfuscated JavaScripts.

That led to the discovery of a huge pile of needles (66.5 million),
which were then further subjected to scrutiny in a second phase of
processing. The second phase involved building a big honeynet of virtual
machines running Windows, unpatched copies of Microsoft Internet
Explorer (IE), and various antivirus packages. That setup was combined
with various heuristics to determine whether a page was most likely
malicious as opposed to only being suspicious.

In the report, the team wrote that, "To limit false positives, we choose
a conservative decision criteria [sic] that uses an empirically derived
threshold to mark a URL as malicious. This threshold is set such that it
will be met if we detect changes in the system state, including the file
system as well as creation of new processes. A visited URL is marked as
malicious if it meets the threshold and one of the incoming HTTP
responses is marked as malicious by at least one anti-virus scanner. ...
Finally, a URL that meets the threshold requirement but has no incoming
payload flagged by any of the anti-virus engines, is marked as
suspicious."

The team was also able to map malware distribution networks. By
analyzing page content relationships, the team determined how pages fell
into a hierarchy. Landing sites led to malicious pages, and malicious
pages led to malware distribution sites.

The mapping revealed that approximately 181,700 sites host the 3.4
million malicious drive-by download pages discovered. The mapping also
revealed approximately 9,340 malware distribution sites behind those
pages. Eighty percent of all sites that contain drive-by downloads are
hosted in China and the United States, with China being by far the most
prevalent location. The percentages are similar for distribution sites.
China leads the pack, with the United States following in a distant
second place.

The report contains a ton of useful information and loads of statistics
that you will undoubtedly find incredibly interesting. For example, the
researchers revealed that "1.3 percent of the incoming search queries to
Google's search engine return at least one link to a malicious site."
The team also revealed that if someone visits a malicious URL with an
unprotected Windows system, an average of 8 executable files are
downloaded to the system, and in extreme cases, the number can be as
high as 60! If that's not valuable data to help bolster security
budgets, then I don't know what is.

To learn more, get a copy of the team's 22-page report in PDF format at
the URL below.
research.google.com/archive/provos-2008a.pdf
(http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252000-0-0-0-1-2-207)

----------------------------------------
ADVERTISEMENT
Dell

The Essential Guide to Exchange 2007 Storage Sizing

Whether you're familiar with Exchange storage sizing already or coming
to it fresh, proper storage sizing continues to be critical to the
success and long-term health of your Exchange 2007 deployment. Mistakes
in storage sizing can be difficult and costly to fix, and there's a lot
of confusion and myths floating around. In this guide, I'll explain the
fundamental concepts underlying Exchange storage sizing, explore the
relationship between storage performance and capacity, and show you
which factors you need to consider as you're planning your Exchange 2007
storage deployment.

http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252001-0-0-0-1-2-207
----------------------------------------


SECURITY NEWS AND FEATURES

--OpenDNS Launches User-Driven Web Filter
OpenDNS opened up access to its new domain tagging system that lets
users decide how sites should be categorized. The categorizations can
then be used to control Web access.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252002-0-0-0-1-2-207

--GadgetTrak Releases Device Tracking Software for Windows
GadgetTrak's new device tracking software for Windows eliminates the
middle man.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252003-0-0-0-1-2-207

--Symantec Offers Online Backups for SMBs
Symantec launched two new online backup solutions, both of which should
be attractive to small and midsized businesses.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252004-0-0-0-1-2-207

--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at
www.windowsitpro.com/departments/departmentid/752/752.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252005-0-0-0-1-2-207)


GIVE AND TAKE

--SECURITY MATTERS BLOG: cDc Releases Goolag Scanner
by Mark Joseph Edwards
Cult of the Dead Cow (cDc) released Goolag Scanner, a tool that helps
people find vulnerabilities in Web sites by using data gleaned from
Google.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252006-0-0-0-1-2-207

--FAQ: Automate Windows Server Role and Feature Installation
by John Savill
Q: How do I use the answer file to automate role and feature
installation?

Find the answer at
www.windowsitpro.com/Article/ArticleID/98052
(http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252007-0-0-0-1-2-207)

--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in
Security Pro VIP's Reader to Reader column. Email your contributions to
r2r@securityprovip.com (mailto:r2r@securityprovip.com). If we print your
submission, you'll get $100. We edit submissions for style, grammar, and
length.


PRODUCTS

--IPsec VPN Client
by Renee Munshi
NCP Engineering released a new version of Secure Entry Client for 64-bit
Windows XP. Secure Entry Client, an IPsec VPN client, also supports
certificates with 4,096-bit key lengths and offers the OTP Mobile
2-factor authentication solution. OTP Mobile by T-Systems and T-Mobile
calculates a one-time password for the VPN when a user presses a button
on his or her mobile phone. Secure Entry Client now supports 32- and
64-bit Windows Vista and Windows XP, Windows 2000, Windows Mobile, and
Windows CE and is compatible with IPsec VPN gateways from SonicWALL,
NETGEAR, Cisco Systems, Check Point Software Technologies, and others.
For more information, go to
www.ncp.de/index.php?id=187&L=1
(http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252008-0-0-0-1-2-207.


RESOURCES AND EVENTS

Today's hackers are going after your enterprise data using tools and
services provided by a sophisticated, fast-growing criminal support
industry. Even more surprising--and worrying--is how ineffective today's
standard enterprise security practices are at stopping these
sophisticated attacks. Attend this Web seminar to learn how high-tech
criminals compromise your computers and profit by putting your
enterprise's confidential information up for sale.
www.windowsitpro.com/go/seminars/Bit9/ConfidentialData/?code=022008er
(http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252009-0-0-0-1-2-207)

Extended Validation (EV) is a new standard in SSL certificates that
assists in building consumer confidence. This white paper explains what
drove the development of this standard, discloses how the standard
addresses contemporary security challenges, and delves into the
integration of EV certificates into new high-security browsers such as
Internet Explorer 7.0.
www.windowsitpro.com/go/wp/thawte/evssl/?code=022008E&R
(http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252010-0-0-0-1-2-207)

Implementing and automating effective email retention policies are
absolutely essential.
However, it's tough to know whether your retention policies dovetail
effectively with today's complex regulations, standards, and guidelines
for maintaining business records. Attend this Web seminar to learn how
to solve your thorniest email management, retention, and compliance
challenges.
www.windowsitpro.com/go/seminars/MessageOne/retention/?partnerref=022008er
(http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252011-0-0-0-1-2-207)


FEATURED WHITE PAPER

The explosion of electronically stored information and email has
pressured IT organizations to manage their data more effectively. An
automated archiving solution offers companies a way to capture a variety
of data types and manage the data for compliance and litigation
readiness. This white paper looks at 10 best practices that enable IT to
plan, evaluate, and implement an enterprise archiving solution.
www.windowsitpro.com/go/wp/quest/archiving/?code=022008e&r
(http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252012-0-0-0-1-2-207)


ANNOUNCEMENTS

Check out all the info-packed publications offered by Windows IT Pro!
If you're receiving the HTML version of this email newsletter, click
"Our Publications" in the menu bar; otherwise, click the link below:
store.pentontech.com/index.cfm?s=1&cid=18000306&promotionid=18003253&code=
(http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252013-0-0-0-1-2-207)

CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252014-0-0-0-1-2-207

http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252015-0-0-0-1-2-207

You are subscribed to this newsletter as boy.blogger@gmail.com

Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252016-0-0-0-1-2-207.

To unsubscribe:
http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252017-0-0-0-1-2-207&list_id=803&email=boy.blogger@gmail.com&message_id=2905

Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.

To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252018-0-0-0-1-2-207

About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://ct.email.windowsitpro.com/rd/cts?d=33-2905-803-202-62923-252019-0-0-0-1-2-207

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2008, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive