WWW.EIMIR.COM – FREE Guide on Malaysia IT Security Threat Landscape

Hackers are getting one step ahead of the universities here in Malaysia. Today, there are reports stating that student’s online application for public university has been tampered.
What got worst, it seems like it was an insider job, but no one can be blamed. I blame the weak online application system that stores all the students’ data.

Certainly, Trend Micro Web Application Security(WAS) can take care of this issue.

Taken from www.thestar.com.my
Saturday March 14, 2009
Students’ online application for public varsity tampered with

GOPENG: Three university hopefuls were shocked to find their online applications to public universities tampered with.

The former SMK Seri Teja students, who had just received their STPM results on Thursday, had all their eight choices filled with Islamic Studies.

To make matters worse, they were unable to amend the changes.

Chow Hon Mun, 21, said they could only make changes to the details on the online application website three times.

“I panicked when I could not make any changes and told my teachers about it,” said Chow when met at the Gopeng MCA service centre yesterday.

“My teachers then advised me to lodge a police report,” he said, adding that his first choice was engineering and that he had no intention of taking up Islamic Studies.

Chow added that recently he and his two friends had also received SMSes from an unidentified person who admitted to making the changes to their applications.

“I initially thought it was a prank but soon realised the person was telling the truth,” he said, adding that he was puzzled that the person had managed to procure confidential information about him and his two friends.

The other two victims were Chai Yick Loong, 21, and Ang Chun Heng, 20.

Chai said he wanted to take up an engineering course, and hoped the Higher Education Ministry could help them with their predicament.

Ang said he wanted to change the list back to his primary choices before the public university acceptance application ends on March 23.

“I hope the relevant authorities will upgrade the security system on the website so that it won’t be so easily hacked by people,” he added.

Gopeng MCA division chief Albert Chang said he would refer the matter to Deputy Higher Education Minister Dr Hou Kok Chung.

“We will help them gather all their result slips, application forms and official school letters and send the documents to Dr Hou through our education bureau,” said Chang.

He urged all public university hopefuls to check their online applications to ensure their forms were not tampered with.

eimir Education Government, security, Trend Micro, university

Trend Micro issue a warning today as follows:

Dear All,

Please be advised of another Zero-Day attack affecting Microsoft Office Excel.

Please be careful with following action:

a. Do not open or save email attachment from Unknown or Untrusted sources.

b. Avoid opening or saving MS Excel files that you receive unexpectedly from trusted sources.

c. Practice extreme caution when browsing the internet or clicking on links in emails especially on “Untrusted websites”.

Impact:

An unspecified remote code-execution vulnerability has been identified in Microsoft Office Excel, which could be exploited by remote attackers to take complete control of an affected system, or cause the application to crash.

This issue affects all versions of Microsoft Office Excel, with a potential to allow arbitrary malicious code to run in the context of the user running the application and leads to a crash in Excel.

There is currently NO vendor-released patch available for all affected versions to address this threat.

However, malware containing exploits for this vulnerability will be detected as TROJ_MDROPPER.XR with OPR 5.861.00

Applications under Zero-Day Attack:

1. Microsoft Excel – http://www.microsoft.com/technet/security/advisory/968272.mspx (new)

2. Microsoft WordPad – http://www.microsoft.com/technet/security/advisory/960906.mspx

eimir Trend Micro Alert, AntiVirus, Trend Micro, Trojan

News Release Issued: February 25, 2009 11:00 AM EST

Trend Micro Leads in Antispam

Spam has become increasingly malicious and companies need better overall antispam to protect their business. In independent antispam tests, Trend Micro had the highest spam catch rate.

CUPERTINO, Calif., Feb. 25 /PRNewswire/ — In a comparative test of ten antispam products, both of the Trend Micro solutions tested received the highest antispam catch rates. Trend Micro InterScan™ Messaging Hosted Security had the highest catch rate at 96.71 percent, followed closely by Trend Micro InterScan™ Messaging Security Suite at 96.48 percent.

The test applied out-of-box configurations for all products so the results would mimic what a customer experiences when they first install the product.
No antispam training was conducted on any of the products tested. Although both Trend Micro products use the same antispam technologies, Trend Micro provides continual updates and tuning for its hosted service, explaining the
better catch rate upon deployment.

Both solutions are part of Trend Micro™ Enterprise Security, designed to provide immediate protection with less complexity and close the vulnerability window before damage is done. Given the dramatic rate of spam increase in the last few years, customers need this type of proactive security they can manage across their organizations.

The test, which was conducted by West Coast Labs over a six day period, included appliances by Barracuda, Fortinet, Ironport and McAfee; software programs by Microsoft, Sophos, Symantec, Trend Micro and Websense; and a SaaS offering by Trend Micro.

The products with the lowest detection rates were McAfee and Fortinet, with catch rates at less than 80 percent. The false positive rates were minimal across all solutions, except Microsoft, which recorded a significant false positive rate of 0.71 percent.

Richard Thomas, senior test engineer, West Coast Labs concluded that, “Overall, both of the solutions provided by Trend Micro for this test demonstrated better protection rates for end users using this live test set against the other solutions tested.”

Spam Volume Will Continue to Grow

According to TrendLabs(SM), 115 billion spammed messages are being sent every day. Ninety-nine percent of spam comes from compromised computers, including those with malicious communication to and from remote users. Spam is all about numbers as the more spam sent, the greater the chance users will click.
Spam will not go away but it will increasingly employ social engineering techniques to improve its conversion rates.

As one of the primary vehicles for spreading blended Web threats, spam has consistently risen over the years and the U.S. continues to be the “most spammed” country, receiving 22.5 percent of all spam, while Europe is the most spammed continent. While malicious spam attachments have been infecting users for years, 2008 saw a huge increase in spam that employed social engineering techniques as cybercriminals find new and corruptive ways in targeting victims for profit. Stopping malicious spam is critical in maintaining corporate network security and protecting essential business data.

Trend Micro InterScan Messaging Security Suite provides comprehensive spam, phishing, malware and virus protection, as well as flexible policy-based content filtering, and easy-to-use management tools to help monitor and control SMTP and POP3 traffic at the messaging gateway. It helps safeguard against the loss of intellectual property and confidential information, integrated with Trend Micro™ Email Encryption Gateway. In addition, InterScan Messaging Security minimizes server congestion, and helps maintain employee productivity. InterScan Messaging Security leverages Trend Micro Control Manager™, a platform-independent management tool, for centralized updating, consolidated reporting, and remote configuration capabilities.

Trend Micro’s hosted email security solution , InterScan Messaging Hosted Security stops spam, viruses, spyware, phishing and other email threats before they reach the corporate network, helping customers reclaim IT staff time, end-user productivity, bandwidth and mail server storage. As a hosted solution, it requires no hardware or software to install and maintain, and Trend Micro’s worldwide team of experts manages all hot fixes, patches, updates and application tuning to continuously optimize security and performance.

Third Parties Demonstrate the Value of Trend Micro™ Smart Protection Network

Trend Micro, in a separate test conducted by another lab, also exceeded competitors McAfee, IronPort, Websense, Blue Coat, SurfControl in blocking malicious URLs that are associated with Web threats. Utilizing Trend Micro’s Web reputation technology, which is part of the Trend Micro Smart Protection Network, provided up to 11 percent better protection than the next competitor.

In addition, a recent report found that Trend Micro Smart Protection Network helped reduce malware-related customer support calls by up to 75 percent. A cloud-client security architecture designed to stop Web threats, Trend Micro Smart Protection Network provides instant, real-time protection, and a smarter way to combat Web threats compared to traditional methods of protection.

West Coast Labs Test Methodology

West Coast Labs used their live corporate enterprise spam feed, multiplexed across each of the products, so that each solution received the same emails.
Testing was conducted over a total of six days with subsequent analysis.

For the West Coast Labs Executive Summary report, please visit:
http://go.trendmicro.com/antispamreport

eimir Trend Micro Spam, Trend Micro, West Coast Labs

I would like to inform you that we have received new updates from Trend Micro Global Update Center.

Topic: Buffer Overflow Issue in Certain Versions of Adobe Acrobat and Acrobat Reader May Cause Remote Code Execution

Advisory Release Date: February 23, 2009

Vulnerability Details

A vulnerability has been found in version 9.0.0 and earlier of the Adobe Acrobat family of applications that may cause the program(s) to crash, as well as allow a remote user to execute malicious code on an affected system.

It exploits a vulnerability in a non-JavaScript function call; however JavaScript is also used to successfully execute malicious code. Disabling JavaScript will prevent code execution, but not crashes of Adobe Acrobat.

Known reports of the said are currently only isolated to Windows user/ no reports yet of know and verified cases with (Linux and OS X Platforms).

Malware exploits a zero-day vulnerability

This Trojan is a specially crafted .PDF file that exploits a zero-day vulnerability in Acrobat Reader Version 8.x and 9.0.

The said vulnerability causes the application to crash and could potentially allow an attacker to take control of the affected system.

Differing variants of this file drop various malware onto the affected system. Below are some of the malwares detected by Trend Micro that are dropped malwares by this PDF:

BKDR_NETCL.A

EXPL_EXECOD.A

JS_SHELLCOD.JS

TROJ_AGENT.ZWQA

TROJ_FAKEAV.LKQQ

Affected Software

· Adobe Acrobat Pro 9.0.0 and earlier versions

· Adobe Acrobat Pro Extended 9.0.0 and earlier versions

· Adobe Acrobat Reader 9.0.0 and earlier versions

· Adobe Acrobat Standard 9.0.0 and earlier versions

As of this time, no patch exists for this vulnerability. A patch for Acrobat and Acrobat Reader versions 9.0.0 is expected by March 11, 2009. Patches for earlier versions will follow.

Please consult the official Adobe security bulletin for details on these patches.

Recommendation:

For Enterprise Customers, Active Directory Administrators can implement a registry alteration which can be done via Startup Script from the Group Policy Editor and/or Security Settings. This would enable the users to roll out the solution across the network in a shorter period of time.

Manual Editing on Adobe Application

Click:Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

GPO based to disable JavaScript for Adobe Acrobat Reader
HKEY_CURRENT_USER

Adobe Acrobat Reader:

Software\Adobe\Acrobat Reader\x.0\JSPrefs

Adobe Acrobat:

Software\Adobe\Adobe Acrobat\x.0\JSPrefs

Setting the DWORD “bEnableJS” to 0 will disable JavaScript.

See attachment for the txt copy (reg.txt) of the registry alteration.

Preventive Action

· Keep your Trend Micro products up-to-date with the current pattern files (All detections are currently available in our Official Pattern)

· Use caution when opening email attachments or when using peer-to-peer file sharing, instant messaging, or chat rooms

· Encourage the wide use of WRS functionality and IWSS to filter compromised sites which are delivering the exploit to the said vulnerability.

· Prevent Internet Explorer from automatically opening PDF documents.

· Disable the displaying of PDF documents in the web browser. This can be disabled in the General preferences dialog (Edit, Preferences, Internet, and un-check “Display PDF in browser”).

· Use caution when opening untrusted PDF files.

(*Some of the recommendations and preventive actions above came from US-CERT)

Additional Information

http://blog.trendmicro.com/portable-document-format-or-portable-malware-format/

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPIDIEF%2EIN&VSect=T

eimir Adobe Acrobat Reader, Adobe, Alert, pdf, Remote Code Execution, Trend Micro, Trojan

The moment all Trend Micro OfficeScan users are waiting for. Finally the OSCE 10.0 is here for beta testing.
Final Release ETA: 2H 2009

NEW! OfficeScan Client/Server Edition (OSCE) 10.0 Beta Program Stage 3 January 16th – March 12th

Dear Valued Customer,

Trend Micro would like to invite you to be in our OfficeScan 10 Beta III program.

OfficeScan 10.0 is the first Trend Micro product to adopt the innovative Cloud Client File Reputation technology. The Cloud Client architecture offers more immediate protection and eliminates the management burden of pattern deployment. It also significantly reduces the overall client footprint. On top of this innovative Anti-Malware approach, Device Access Control, and OfficeScan Application Protection are also included to combat today’s threat landscape in every aspect.

Apart from Anti-Malware solutions, management improvements and the integration with Enterprise IT-management infrastructure are key elements of this new version. The tight integration with Active Directory permits role based administration and Security Compliance reporting.

Key reasons on why customer should participate

Trend Micro Enterprise Security powered by our Smart Protection Network provides the following to stay ahead of content security threats.

1 Cloud Client File Reputation

· With CCFR technology, the OfficeScan client provides more immediate protection with negligible pattern management effort and a lighter footprint.

· Administrators can decide to use either cloud based scanning or traditional scanning technology

2 Web Reputation configuration improvements

· Added granularity, allowing the assignment of Web Reputation policy at various layers of the OfficeScan client tree.

3 Device Access Control

· Capability to granularly control the access and use of fixed and removable devices, such as USB storage

4 Windows Server 2008 Support

· OfficeScan client and OfficeScan management server are fully supported on Window Server 2008 (excluding server core and Hyper-V for now)

To participate:

If you do not have a beta portal account, register here. After registering, please await approval from the Beta Team (approval is within 24 hrs), after receiving approval via email, login to the beta portal and sign up for the Trend Micro OfficeScan Client/Server (OSCE) 10.0 Beta III Program.

If you have a beta portal account, please login and sign up for the Trend Micro OfficeScan Client/Server (OSCE) 10.0 Beta III Program Beta.

If you have a beta portal account but forgot your ID and PW, request a reminder

Sincerely,
Your Friends at Trend Micro

eimir AntiVirus AntiVirus, Trend Micro