WWW.EIMIR.COM – FREE Guide on Malaysia IT Security Threat Landscape

During my visits to government ministries and agencies in Putrajaya, I often asked them about cloud computing. “Are you ready for cloud computing? Do you plan for cloud transitions in your RMK10 budget?”

Whether our government is ready or not, cloud usage has been transforming at the local commercial segment aggressively. Some of the local IT hub players like Jaring has seen this as the future for data provisioning. Jaring has launched the industry first cloud computing for public sector market last April. Jaring believes with their attractive grid offering, they expect more agencies will take the first step in moving towards the cloud.

While moving to the cloud creates security uncertainty, Trend Micro has step up and gave prominent assurance that government needs them when they plan to make the move. Partnering cleverly with VMware, the leader in virtualization technology, VMware enables the cloud transformation magic with cost cutting benefits.

Clearly with these 2 giants walking hand in hand together, they are giving confidence for government to think on moving to the cloud. The government decision to move depends on how fast and aggressive Trend Micro and VMware can educate the government to switch!

eimir Government cloud, Government, jaring, Malaysia, Trend Micro, vmware

Finally, there are several universities in America offering Master Programs in CyberSecurity. It shows that IT Security professions are in demand.
Gear up and let’s go back to school!

Click the link for articles from The New York Times for more information.

The New York Times: Wanted:Cyber Ninjas

eimir Uncategorized CyberSecurity

Good news folks! You can Tweet, ReTweet, or send me Direct Messages(DM) via Twitter. I am now Twitter enabled.

Get updated messages from me instantly!

eimir Uncategorized

Hackers are getting one step ahead of the universities here in Malaysia. Today, there are reports stating that student’s online application for public university has been tampered.
What got worst, it seems like it was an insider job, but no one can be blamed. I blame the weak online application system that stores all the students’ data.

Certainly, Trend Micro Web Application Security(WAS) can take care of this issue.

Taken from www.thestar.com.my
Saturday March 14, 2009
Students’ online application for public varsity tampered with

GOPENG: Three university hopefuls were shocked to find their online applications to public universities tampered with.

The former SMK Seri Teja students, who had just received their STPM results on Thursday, had all their eight choices filled with Islamic Studies.

To make matters worse, they were unable to amend the changes.

Chow Hon Mun, 21, said they could only make changes to the details on the online application website three times.

“I panicked when I could not make any changes and told my teachers about it,” said Chow when met at the Gopeng MCA service centre yesterday.

“My teachers then advised me to lodge a police report,” he said, adding that his first choice was engineering and that he had no intention of taking up Islamic Studies.

Chow added that recently he and his two friends had also received SMSes from an unidentified person who admitted to making the changes to their applications.

“I initially thought it was a prank but soon realised the person was telling the truth,” he said, adding that he was puzzled that the person had managed to procure confidential information about him and his two friends.

The other two victims were Chai Yick Loong, 21, and Ang Chun Heng, 20.

Chai said he wanted to take up an engineering course, and hoped the Higher Education Ministry could help them with their predicament.

Ang said he wanted to change the list back to his primary choices before the public university acceptance application ends on March 23.

“I hope the relevant authorities will upgrade the security system on the website so that it won’t be so easily hacked by people,” he added.

Gopeng MCA division chief Albert Chang said he would refer the matter to Deputy Higher Education Minister Dr Hou Kok Chung.

“We will help them gather all their result slips, application forms and official school letters and send the documents to Dr Hou through our education bureau,” said Chang.

He urged all public university hopefuls to check their online applications to ensure their forms were not tampered with.

eimir Education Government, security, Trend Micro, university

The SANS (SysAdmin, Audit, Network, Security) Technology Institute is coming down to Malaysia!

SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – Internet Storm Center.

The join forces between SANS and IMPACT(International and Multilateral Partnership Against Cyber-Terrorism) certainly has brought a long awaited Security Bootcamp in this SEA region.

Book now before it is too late and as usual early birds get the best price!

Security Courses: SANS Security Essentials Bootcamp Style: SEC-401
Course Fees
Fee If Paid By Jun17, 2009: USD3,525
Fee If Paid By Jul 1, 2009: USD3,625
Fee If Paid After Jul 1, 2009: USD3,875

Additional Options
Add Proctored GSEC USD499
Add OnDemand USD399

All amounts listed are in US dollars.

See below for the letter from Stephen Northcutt, the President of SANS Institute.

Dear Colleague,

With the SANS reputation and an eagerness to help you meet your training objectives, SANS is the best choice for IT security education. Let your colleagues and friends know about SANS IMPACT 2009. We look forward to seeing you there!

Stephen Northcutt
President
SANS Technology Institute, a postgraduate computer security college

Click here to register!

eimir Event IMPACT, SANS, security, training

Trend Micro issue a warning today as follows:

Dear All,

Please be advised of another Zero-Day attack affecting Microsoft Office Excel.

Please be careful with following action:

a. Do not open or save email attachment from Unknown or Untrusted sources.

b. Avoid opening or saving MS Excel files that you receive unexpectedly from trusted sources.

c. Practice extreme caution when browsing the internet or clicking on links in emails especially on “Untrusted websites”.

Impact:

An unspecified remote code-execution vulnerability has been identified in Microsoft Office Excel, which could be exploited by remote attackers to take complete control of an affected system, or cause the application to crash.

This issue affects all versions of Microsoft Office Excel, with a potential to allow arbitrary malicious code to run in the context of the user running the application and leads to a crash in Excel.

There is currently NO vendor-released patch available for all affected versions to address this threat.

However, malware containing exploits for this vulnerability will be detected as TROJ_MDROPPER.XR with OPR 5.861.00

Applications under Zero-Day Attack:

1. Microsoft Excel – http://www.microsoft.com/technet/security/advisory/968272.mspx (new)

2. Microsoft WordPad – http://www.microsoft.com/technet/security/advisory/960906.mspx

eimir Trend Micro Alert, AntiVirus, Trend Micro, Trojan

News Release Issued: February 25, 2009 11:00 AM EST

Trend Micro Leads in Antispam

Spam has become increasingly malicious and companies need better overall antispam to protect their business. In independent antispam tests, Trend Micro had the highest spam catch rate.

CUPERTINO, Calif., Feb. 25 /PRNewswire/ — In a comparative test of ten antispam products, both of the Trend Micro solutions tested received the highest antispam catch rates. Trend Micro InterScan™ Messaging Hosted Security had the highest catch rate at 96.71 percent, followed closely by Trend Micro InterScan™ Messaging Security Suite at 96.48 percent.

The test applied out-of-box configurations for all products so the results would mimic what a customer experiences when they first install the product.
No antispam training was conducted on any of the products tested. Although both Trend Micro products use the same antispam technologies, Trend Micro provides continual updates and tuning for its hosted service, explaining the
better catch rate upon deployment.

Both solutions are part of Trend Micro™ Enterprise Security, designed to provide immediate protection with less complexity and close the vulnerability window before damage is done. Given the dramatic rate of spam increase in the last few years, customers need this type of proactive security they can manage across their organizations.

The test, which was conducted by West Coast Labs over a six day period, included appliances by Barracuda, Fortinet, Ironport and McAfee; software programs by Microsoft, Sophos, Symantec, Trend Micro and Websense; and a SaaS offering by Trend Micro.

The products with the lowest detection rates were McAfee and Fortinet, with catch rates at less than 80 percent. The false positive rates were minimal across all solutions, except Microsoft, which recorded a significant false positive rate of 0.71 percent.

Richard Thomas, senior test engineer, West Coast Labs concluded that, “Overall, both of the solutions provided by Trend Micro for this test demonstrated better protection rates for end users using this live test set against the other solutions tested.”

Spam Volume Will Continue to Grow

According to TrendLabs(SM), 115 billion spammed messages are being sent every day. Ninety-nine percent of spam comes from compromised computers, including those with malicious communication to and from remote users. Spam is all about numbers as the more spam sent, the greater the chance users will click.
Spam will not go away but it will increasingly employ social engineering techniques to improve its conversion rates.

As one of the primary vehicles for spreading blended Web threats, spam has consistently risen over the years and the U.S. continues to be the “most spammed” country, receiving 22.5 percent of all spam, while Europe is the most spammed continent. While malicious spam attachments have been infecting users for years, 2008 saw a huge increase in spam that employed social engineering techniques as cybercriminals find new and corruptive ways in targeting victims for profit. Stopping malicious spam is critical in maintaining corporate network security and protecting essential business data.

Trend Micro InterScan Messaging Security Suite provides comprehensive spam, phishing, malware and virus protection, as well as flexible policy-based content filtering, and easy-to-use management tools to help monitor and control SMTP and POP3 traffic at the messaging gateway. It helps safeguard against the loss of intellectual property and confidential information, integrated with Trend Micro™ Email Encryption Gateway. In addition, InterScan Messaging Security minimizes server congestion, and helps maintain employee productivity. InterScan Messaging Security leverages Trend Micro Control Manager™, a platform-independent management tool, for centralized updating, consolidated reporting, and remote configuration capabilities.

Trend Micro’s hosted email security solution , InterScan Messaging Hosted Security stops spam, viruses, spyware, phishing and other email threats before they reach the corporate network, helping customers reclaim IT staff time, end-user productivity, bandwidth and mail server storage. As a hosted solution, it requires no hardware or software to install and maintain, and Trend Micro’s worldwide team of experts manages all hot fixes, patches, updates and application tuning to continuously optimize security and performance.

Third Parties Demonstrate the Value of Trend Micro™ Smart Protection Network

Trend Micro, in a separate test conducted by another lab, also exceeded competitors McAfee, IronPort, Websense, Blue Coat, SurfControl in blocking malicious URLs that are associated with Web threats. Utilizing Trend Micro’s Web reputation technology, which is part of the Trend Micro Smart Protection Network, provided up to 11 percent better protection than the next competitor.

In addition, a recent report found that Trend Micro Smart Protection Network helped reduce malware-related customer support calls by up to 75 percent. A cloud-client security architecture designed to stop Web threats, Trend Micro Smart Protection Network provides instant, real-time protection, and a smarter way to combat Web threats compared to traditional methods of protection.

West Coast Labs Test Methodology

West Coast Labs used their live corporate enterprise spam feed, multiplexed across each of the products, so that each solution received the same emails.
Testing was conducted over a total of six days with subsequent analysis.

For the West Coast Labs Executive Summary report, please visit:
http://go.trendmicro.com/antispamreport

eimir Trend Micro Spam, Trend Micro, West Coast Labs

This announcement translates into more opportunities to be created and impose healthy tender process, suitable for Malaysia Government to spend 1st and 2nd Stimulus package effectively.

See article below taken from NST, February 25, 2009.

Faster contract bid system, minus tender

KUALA LUMPUR: The government is implementing a system for contractors to quote a price for government jobs worth RM500,000 and below, doing away with the time-consuming tender process.
Deputy Prime Minister Datuk Seri Najib Razak said all projects that fall within the cost range would be awarded based on the quotations offered by contractors.

“This is to speed up implementation of government projects,” he said after the monthly Economic Planning Unit meeting.

eimir Government Government, Malaysia, Najib, tender

Article taken from www.thestar.com.my dated Feb 24, 2009

Circuit faults slow down surfing on Streamyx
By STEVEN PATRICK

PETALING JAYA: Streamyx broadband users will have to bear with sluggish surfing speeds until March 5 due to technical problems, according to Telekom Malaysia Bhd (TM).

TM said in a statement that there has been a disruption of TM’s Internet services since Feb 18 due to circuit faults on the Asia Pacific Cable Network 2 (APCN2) between Malaysia and the United States.

Due to this, customers using Internet services may now experience slow browsing while accessing content hosted in the United States, said the statement.

Additionally, customers using Internet Protocol services such as Virtual Private Network (VPN) and other critical business applications linked to the United States may also experience some service degradation.

To alleviate the problem and ease the congestion, some links have been rerouted, TM said.

During restoration process, traffic to North America may experience minor degradation while traffic to other countries would not be affected.

eimir Web Internet, Streamyx, TM

I would like to inform you that we have received new updates from Trend Micro Global Update Center.

Topic: Buffer Overflow Issue in Certain Versions of Adobe Acrobat and Acrobat Reader May Cause Remote Code Execution

Advisory Release Date: February 23, 2009

Vulnerability Details

A vulnerability has been found in version 9.0.0 and earlier of the Adobe Acrobat family of applications that may cause the program(s) to crash, as well as allow a remote user to execute malicious code on an affected system.

It exploits a vulnerability in a non-JavaScript function call; however JavaScript is also used to successfully execute malicious code. Disabling JavaScript will prevent code execution, but not crashes of Adobe Acrobat.

Known reports of the said are currently only isolated to Windows user/ no reports yet of know and verified cases with (Linux and OS X Platforms).

Malware exploits a zero-day vulnerability

This Trojan is a specially crafted .PDF file that exploits a zero-day vulnerability in Acrobat Reader Version 8.x and 9.0.

The said vulnerability causes the application to crash and could potentially allow an attacker to take control of the affected system.

Differing variants of this file drop various malware onto the affected system. Below are some of the malwares detected by Trend Micro that are dropped malwares by this PDF:

BKDR_NETCL.A

EXPL_EXECOD.A

JS_SHELLCOD.JS

TROJ_AGENT.ZWQA

TROJ_FAKEAV.LKQQ

Affected Software

· Adobe Acrobat Pro 9.0.0 and earlier versions

· Adobe Acrobat Pro Extended 9.0.0 and earlier versions

· Adobe Acrobat Reader 9.0.0 and earlier versions

· Adobe Acrobat Standard 9.0.0 and earlier versions

As of this time, no patch exists for this vulnerability. A patch for Acrobat and Acrobat Reader versions 9.0.0 is expected by March 11, 2009. Patches for earlier versions will follow.

Please consult the official Adobe security bulletin for details on these patches.

Recommendation:

For Enterprise Customers, Active Directory Administrators can implement a registry alteration which can be done via Startup Script from the Group Policy Editor and/or Security Settings. This would enable the users to roll out the solution across the network in a shorter period of time.

Manual Editing on Adobe Application

Click:Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

GPO based to disable JavaScript for Adobe Acrobat Reader
HKEY_CURRENT_USER

Adobe Acrobat Reader:

Software\Adobe\Acrobat Reader\x.0\JSPrefs

Adobe Acrobat:

Software\Adobe\Adobe Acrobat\x.0\JSPrefs

Setting the DWORD “bEnableJS” to 0 will disable JavaScript.

See attachment for the txt copy (reg.txt) of the registry alteration.

Preventive Action

· Keep your Trend Micro products up-to-date with the current pattern files (All detections are currently available in our Official Pattern)

· Use caution when opening email attachments or when using peer-to-peer file sharing, instant messaging, or chat rooms

· Encourage the wide use of WRS functionality and IWSS to filter compromised sites which are delivering the exploit to the said vulnerability.

· Prevent Internet Explorer from automatically opening PDF documents.

· Disable the displaying of PDF documents in the web browser. This can be disabled in the General preferences dialog (Edit, Preferences, Internet, and un-check “Display PDF in browser”).

· Use caution when opening untrusted PDF files.

(*Some of the recommendations and preventive actions above came from US-CERT)

Additional Information

http://blog.trendmicro.com/portable-document-format-or-portable-malware-format/

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPIDIEF%2EIN&VSect=T

eimir Adobe Acrobat Reader, Adobe, Alert, pdf, Remote Code Execution, Trend Micro, Trojan