WWW.EIMIR.COM – FREE Guide on Malaysia IT Security Threat Landscape

The SANS (SysAdmin, Audit, Network, Security) Technology Institute is coming down to Malaysia!

SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – Internet Storm Center.

The join forces between SANS and IMPACT(International and Multilateral Partnership Against Cyber-Terrorism) certainly has brought a long awaited Security Bootcamp in this SEA region.

Book now before it is too late and as usual early birds get the best price!

Security Courses: SANS Security Essentials Bootcamp Style: SEC-401
Course Fees
Fee If Paid By Jun17, 2009: USD3,525
Fee If Paid By Jul 1, 2009: USD3,625
Fee If Paid After Jul 1, 2009: USD3,875

Additional Options
Add Proctored GSEC USD499
Add OnDemand USD399

All amounts listed are in US dollars.

See below for the letter from Stephen Northcutt, the President of SANS Institute.

Dear Colleague,

With the SANS reputation and an eagerness to help you meet your training objectives, SANS is the best choice for IT security education. Let your colleagues and friends know about SANS IMPACT 2009. We look forward to seeing you there!

Stephen Northcutt
President
SANS Technology Institute, a postgraduate computer security college

Click here to register!

eimir Event IMPACT, SANS, security, training

Trend Micro issue a warning today as follows:

Dear All,

Please be advised of another Zero-Day attack affecting Microsoft Office Excel.

Please be careful with following action:

a. Do not open or save email attachment from Unknown or Untrusted sources.

b. Avoid opening or saving MS Excel files that you receive unexpectedly from trusted sources.

c. Practice extreme caution when browsing the internet or clicking on links in emails especially on “Untrusted websites”.

Impact:

An unspecified remote code-execution vulnerability has been identified in Microsoft Office Excel, which could be exploited by remote attackers to take complete control of an affected system, or cause the application to crash.

This issue affects all versions of Microsoft Office Excel, with a potential to allow arbitrary malicious code to run in the context of the user running the application and leads to a crash in Excel.

There is currently NO vendor-released patch available for all affected versions to address this threat.

However, malware containing exploits for this vulnerability will be detected as TROJ_MDROPPER.XR with OPR 5.861.00

Applications under Zero-Day Attack:

1. Microsoft Excel – http://www.microsoft.com/technet/security/advisory/968272.mspx (new)

2. Microsoft WordPad – http://www.microsoft.com/technet/security/advisory/960906.mspx

eimir Trend Micro Alert, AntiVirus, Trend Micro, Trojan

News Release Issued: February 25, 2009 11:00 AM EST

Trend Micro Leads in Antispam

Spam has become increasingly malicious and companies need better overall antispam to protect their business. In independent antispam tests, Trend Micro had the highest spam catch rate.

CUPERTINO, Calif., Feb. 25 /PRNewswire/ — In a comparative test of ten antispam products, both of the Trend Micro solutions tested received the highest antispam catch rates. Trend Micro InterScan™ Messaging Hosted Security had the highest catch rate at 96.71 percent, followed closely by Trend Micro InterScan™ Messaging Security Suite at 96.48 percent.

The test applied out-of-box configurations for all products so the results would mimic what a customer experiences when they first install the product.
No antispam training was conducted on any of the products tested. Although both Trend Micro products use the same antispam technologies, Trend Micro provides continual updates and tuning for its hosted service, explaining the
better catch rate upon deployment.

Both solutions are part of Trend Micro™ Enterprise Security, designed to provide immediate protection with less complexity and close the vulnerability window before damage is done. Given the dramatic rate of spam increase in the last few years, customers need this type of proactive security they can manage across their organizations.

The test, which was conducted by West Coast Labs over a six day period, included appliances by Barracuda, Fortinet, Ironport and McAfee; software programs by Microsoft, Sophos, Symantec, Trend Micro and Websense; and a SaaS offering by Trend Micro.

The products with the lowest detection rates were McAfee and Fortinet, with catch rates at less than 80 percent. The false positive rates were minimal across all solutions, except Microsoft, which recorded a significant false positive rate of 0.71 percent.

Richard Thomas, senior test engineer, West Coast Labs concluded that, “Overall, both of the solutions provided by Trend Micro for this test demonstrated better protection rates for end users using this live test set against the other solutions tested.”

Spam Volume Will Continue to Grow

According to TrendLabs(SM), 115 billion spammed messages are being sent every day. Ninety-nine percent of spam comes from compromised computers, including those with malicious communication to and from remote users. Spam is all about numbers as the more spam sent, the greater the chance users will click.
Spam will not go away but it will increasingly employ social engineering techniques to improve its conversion rates.

As one of the primary vehicles for spreading blended Web threats, spam has consistently risen over the years and the U.S. continues to be the “most spammed” country, receiving 22.5 percent of all spam, while Europe is the most spammed continent. While malicious spam attachments have been infecting users for years, 2008 saw a huge increase in spam that employed social engineering techniques as cybercriminals find new and corruptive ways in targeting victims for profit. Stopping malicious spam is critical in maintaining corporate network security and protecting essential business data.

Trend Micro InterScan Messaging Security Suite provides comprehensive spam, phishing, malware and virus protection, as well as flexible policy-based content filtering, and easy-to-use management tools to help monitor and control SMTP and POP3 traffic at the messaging gateway. It helps safeguard against the loss of intellectual property and confidential information, integrated with Trend Micro™ Email Encryption Gateway. In addition, InterScan Messaging Security minimizes server congestion, and helps maintain employee productivity. InterScan Messaging Security leverages Trend Micro Control Manager™, a platform-independent management tool, for centralized updating, consolidated reporting, and remote configuration capabilities.

Trend Micro’s hosted email security solution , InterScan Messaging Hosted Security stops spam, viruses, spyware, phishing and other email threats before they reach the corporate network, helping customers reclaim IT staff time, end-user productivity, bandwidth and mail server storage. As a hosted solution, it requires no hardware or software to install and maintain, and Trend Micro’s worldwide team of experts manages all hot fixes, patches, updates and application tuning to continuously optimize security and performance.

Third Parties Demonstrate the Value of Trend Micro™ Smart Protection Network

Trend Micro, in a separate test conducted by another lab, also exceeded competitors McAfee, IronPort, Websense, Blue Coat, SurfControl in blocking malicious URLs that are associated with Web threats. Utilizing Trend Micro’s Web reputation technology, which is part of the Trend Micro Smart Protection Network, provided up to 11 percent better protection than the next competitor.

In addition, a recent report found that Trend Micro Smart Protection Network helped reduce malware-related customer support calls by up to 75 percent. A cloud-client security architecture designed to stop Web threats, Trend Micro Smart Protection Network provides instant, real-time protection, and a smarter way to combat Web threats compared to traditional methods of protection.

West Coast Labs Test Methodology

West Coast Labs used their live corporate enterprise spam feed, multiplexed across each of the products, so that each solution received the same emails.
Testing was conducted over a total of six days with subsequent analysis.

For the West Coast Labs Executive Summary report, please visit:
http://go.trendmicro.com/antispamreport

eimir Trend Micro Spam, Trend Micro, West Coast Labs

This announcement translates into more opportunities to be created and impose healthy tender process, suitable for Malaysia Government to spend 1st and 2nd Stimulus package effectively.

See article below taken from NST, February 25, 2009.

Faster contract bid system, minus tender

KUALA LUMPUR: The government is implementing a system for contractors to quote a price for government jobs worth RM500,000 and below, doing away with the time-consuming tender process.
Deputy Prime Minister Datuk Seri Najib Razak said all projects that fall within the cost range would be awarded based on the quotations offered by contractors.

“This is to speed up implementation of government projects,” he said after the monthly Economic Planning Unit meeting.

eimir Government Government, Malaysia, Najib, tender

Article taken from www.thestar.com.my dated Feb 24, 2009

Circuit faults slow down surfing on Streamyx
By STEVEN PATRICK

PETALING JAYA: Streamyx broadband users will have to bear with sluggish surfing speeds until March 5 due to technical problems, according to Telekom Malaysia Bhd (TM).

TM said in a statement that there has been a disruption of TM’s Internet services since Feb 18 due to circuit faults on the Asia Pacific Cable Network 2 (APCN2) between Malaysia and the United States.

Due to this, customers using Internet services may now experience slow browsing while accessing content hosted in the United States, said the statement.

Additionally, customers using Internet Protocol services such as Virtual Private Network (VPN) and other critical business applications linked to the United States may also experience some service degradation.

To alleviate the problem and ease the congestion, some links have been rerouted, TM said.

During restoration process, traffic to North America may experience minor degradation while traffic to other countries would not be affected.

eimir Web Internet, Streamyx, TM

I would like to inform you that we have received new updates from Trend Micro Global Update Center.

Topic: Buffer Overflow Issue in Certain Versions of Adobe Acrobat and Acrobat Reader May Cause Remote Code Execution

Advisory Release Date: February 23, 2009

Vulnerability Details

A vulnerability has been found in version 9.0.0 and earlier of the Adobe Acrobat family of applications that may cause the program(s) to crash, as well as allow a remote user to execute malicious code on an affected system.

It exploits a vulnerability in a non-JavaScript function call; however JavaScript is also used to successfully execute malicious code. Disabling JavaScript will prevent code execution, but not crashes of Adobe Acrobat.

Known reports of the said are currently only isolated to Windows user/ no reports yet of know and verified cases with (Linux and OS X Platforms).

Malware exploits a zero-day vulnerability

This Trojan is a specially crafted .PDF file that exploits a zero-day vulnerability in Acrobat Reader Version 8.x and 9.0.

The said vulnerability causes the application to crash and could potentially allow an attacker to take control of the affected system.

Differing variants of this file drop various malware onto the affected system. Below are some of the malwares detected by Trend Micro that are dropped malwares by this PDF:

BKDR_NETCL.A

EXPL_EXECOD.A

JS_SHELLCOD.JS

TROJ_AGENT.ZWQA

TROJ_FAKEAV.LKQQ

Affected Software

· Adobe Acrobat Pro 9.0.0 and earlier versions

· Adobe Acrobat Pro Extended 9.0.0 and earlier versions

· Adobe Acrobat Reader 9.0.0 and earlier versions

· Adobe Acrobat Standard 9.0.0 and earlier versions

As of this time, no patch exists for this vulnerability. A patch for Acrobat and Acrobat Reader versions 9.0.0 is expected by March 11, 2009. Patches for earlier versions will follow.

Please consult the official Adobe security bulletin for details on these patches.

Recommendation:

For Enterprise Customers, Active Directory Administrators can implement a registry alteration which can be done via Startup Script from the Group Policy Editor and/or Security Settings. This would enable the users to roll out the solution across the network in a shorter period of time.

Manual Editing on Adobe Application

Click:Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

GPO based to disable JavaScript for Adobe Acrobat Reader
HKEY_CURRENT_USER

Adobe Acrobat Reader:

Software\Adobe\Acrobat Reader\x.0\JSPrefs

Adobe Acrobat:

Software\Adobe\Adobe Acrobat\x.0\JSPrefs

Setting the DWORD “bEnableJS” to 0 will disable JavaScript.

See attachment for the txt copy (reg.txt) of the registry alteration.

Preventive Action

· Keep your Trend Micro products up-to-date with the current pattern files (All detections are currently available in our Official Pattern)

· Use caution when opening email attachments or when using peer-to-peer file sharing, instant messaging, or chat rooms

· Encourage the wide use of WRS functionality and IWSS to filter compromised sites which are delivering the exploit to the said vulnerability.

· Prevent Internet Explorer from automatically opening PDF documents.

· Disable the displaying of PDF documents in the web browser. This can be disabled in the General preferences dialog (Edit, Preferences, Internet, and un-check “Display PDF in browser”).

· Use caution when opening untrusted PDF files.

(*Some of the recommendations and preventive actions above came from US-CERT)

Additional Information

http://blog.trendmicro.com/portable-document-format-or-portable-malware-format/

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPIDIEF%2EIN&VSect=T

eimir Adobe Acrobat Reader, Adobe, Alert, pdf, Remote Code Execution, Trend Micro, Trojan

I bumped on one interesting web site from Malaysia selling Garmin products, www.GarminAsia.com. Catchy domain, nice graphic, web 2.0 enabled, e-commerce ready and plenty more features to play around with.

I was able to spend around 10 minutes chatting to the owner of GarminAsia.com, Mr. Adam Malek using the chat-enabled feature in his web site. I pretended to be the anonymous customer, asking stupid questions on Garmin and so on. He was super nice and answered all my lame questions without hesitations.

If you have doubts on online payments, he can personally meet you up to complete the transactions. Truth, GarminAsia.com will go to that extend to satisfy their customers!

This is the future of e-commerce in Malaysia! I strongly recommend you www.GarminAsia.com who plans to get one of the coolest gadget on earth. Visit them today!

eimir Web Garmin, GPS, Internet

Symantec is conducting an event on Veritas, their backup solution on Feb 26, 2009 at Le Meridien Hotel, Kuala Lumpur.

YOU ARE INVITED!
Complete Data Protection.
Powered by Disk.
Centered around Recovery.

WHEN:
8.30am – 12pm
26 February (Thursday)

WHERE:
The Sultan Ballroom 1, Level 6,

Le Meridien Kuala Lumpur

Jalan Stesen Sentral,

Kuala Lumpur Sentral,

50470 Kuala Lumpur

RSVP:
Contact: Ms Melissa
Tel: 03-7805 1700
Fax : 03-7804 6560
Email: symantec_KL@siriuscom.com.my

New technologies – disk, deduplication, virtualization, automation – are developed to protect and manage your data cost effectively. These technologies provide you the best value when they are working in synergy and able to meet your company’s service level agreements.

The Veritas NetBackup Platform offers comprehensive protection and a single console for the management of all backup and recovery operations from remote offices to the data centre. Advanced reporting on backup and recovery operations enables service-level management of all protected data.

Join us on 26 February to find out how Symantec can enable any point in time recovery and reduce the impact on your complex and heterogeneous data centre infrastructure.

It’s time to show the business value of IT to your management.

Your Value from Symantec
1) Timely protection & recovery for all of your data, systems and locations
2) Disk solutions that improve reliability, recovery, and costs across environments
3) Continuous data protection eliminates strain on data centre

Copyright © 2008 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. All product information is subject to change without notice.

eimir Symantec backup, Symantec, Veritas

The moment all Trend Micro OfficeScan users are waiting for. Finally the OSCE 10.0 is here for beta testing.
Final Release ETA: 2H 2009

NEW! OfficeScan Client/Server Edition (OSCE) 10.0 Beta Program Stage 3 January 16th – March 12th

Dear Valued Customer,

Trend Micro would like to invite you to be in our OfficeScan 10 Beta III program.

OfficeScan 10.0 is the first Trend Micro product to adopt the innovative Cloud Client File Reputation technology. The Cloud Client architecture offers more immediate protection and eliminates the management burden of pattern deployment. It also significantly reduces the overall client footprint. On top of this innovative Anti-Malware approach, Device Access Control, and OfficeScan Application Protection are also included to combat today’s threat landscape in every aspect.

Apart from Anti-Malware solutions, management improvements and the integration with Enterprise IT-management infrastructure are key elements of this new version. The tight integration with Active Directory permits role based administration and Security Compliance reporting.

Key reasons on why customer should participate

Trend Micro Enterprise Security powered by our Smart Protection Network provides the following to stay ahead of content security threats.

1 Cloud Client File Reputation

· With CCFR technology, the OfficeScan client provides more immediate protection with negligible pattern management effort and a lighter footprint.

· Administrators can decide to use either cloud based scanning or traditional scanning technology

2 Web Reputation configuration improvements

· Added granularity, allowing the assignment of Web Reputation policy at various layers of the OfficeScan client tree.

3 Device Access Control

· Capability to granularly control the access and use of fixed and removable devices, such as USB storage

4 Windows Server 2008 Support

· OfficeScan client and OfficeScan management server are fully supported on Window Server 2008 (excluding server core and Hyper-V for now)

To participate:

If you do not have a beta portal account, register here. After registering, please await approval from the Beta Team (approval is within 24 hrs), after receiving approval via email, login to the beta portal and sign up for the Trend Micro OfficeScan Client/Server (OSCE) 10.0 Beta III Program.

If you have a beta portal account, please login and sign up for the Trend Micro OfficeScan Client/Server (OSCE) 10.0 Beta III Program Beta.

If you have a beta portal account but forgot your ID and PW, request a reminder

Sincerely,
Your Friends at Trend Micro

eimir AntiVirus AntiVirus, Trend Micro