Subscribe to Security and ISM News

Computers Being Infected with Malware Via Windshield Ticket

By Craig Cocca | February 9, 2009

Over the weekend, a new (and completely novel) malware attack vector came to light in several website and blog posts. Someone in Grand Forks, North Dakota has been placing fake parking notices on the windshields of cars in the area, with instructions to take care of the ticket by going to a certain web site. When that web site is visited with Internet Explorer, it installs a malicious Browser Helper Object (BHO) that propagates the malware to the visitor’s computer. This is an excellent example of social engineering being used to compel users to install malicious software on their computer, despite other security measures that might be in place to prevent such an attack.

More on this story can be found at,1000000567,10012076o-2000331828b,00.htm

Topics: Malware and Viruses, Windows Security News

The Agile Security Plan: Social Engineering

By Liam Reimers | January 30, 2009

In an ever-changing financial landscape, corporate agility in multiple areas is the key to longevity. Computer and network health and security is one area where you don’t want your company to get stiff and old – protecting data and other network resources is critical. Keeping the company security-fit means a proactive security plan that embraces both technology and management practices designed to thwart any would-be interlopers, as well as continuing review and assessment of that technology and those practices.

There are many ways to attempt to gain access to a corporate computer network; unsecured wi-fi and Internet based attacks like port scanning, for example. However, among the most insidious is a technique known as “social engineering.” This is where an attacker uses social methods, not technological, to gain access to your computer network by gaining a user’s trust and exploiting that trust, often gaining a valid user name and password in the process. Now that’s a security hole no administrator wants on their network! What’s really needed to stay on point with regards to overall security is a third-party audit by someone who has no interest in anything other than your security status.

Redspin is one company that can help you define and mitigate the possible weaknesses in your corporate security. Not only are they well versed with the technology at their disposal to test your digital defenses, they will test your company in other ways as well – just like the bad guys. We regularly read their Security Management Advisories as part of our own ongoing process of integrating new threats and protections into our own Internet Security Manager, and we’ve worked with them in the past to help evaluate and improve our own security practices.

Redspin currently has an excellent SMA on the basics of social engineering posted on their site. Check it out at the link below to get a better insight into what social engineering might mean to your business and what Redspin can help you do about it.

Redspin – Penetration Testing and Security Assessment
Redspin article on Social Engineering

Topics: Security News, Spam

ISM Now Protects Against Conficker/DownandUp Worm

By Craig Cocca | January 19, 2009

For the past several day, the Conficker/DownandUp worm has spread to over 9 million Windows PCs. This worm spreads by exploiting weak passwords, open file shares, USB drives, and other means of infecting a network “from the inside out”.

The Internet Security Manager Team updated the ISM on Friday to prevent connections from PCs infected with the Conficker/DownandUp worm to the servers that are hosting and controlling the virus. This action will greatly limit the chances of the virus being completely installed on a PC, and will prevent the spread of the worm.

We also recommend that you immediately install Microsoft Patch MS08-067 on all of the Windows PCs in your network to close the security hole that allows this worm to spread.

Topics: Malware and Viruses, Security News

Rogue DHCP Server Detection Enhancement

By Liam Reimers | January 15, 2009

If you’ve run a network for any length of time, you’ve probably run into this once or twice: someone plugs in a WAP so that they can roam with their laptop, and all of a sudden people start complaining about not being able to connect to network resources. Sometimes, you don’t even get the information about a new WAP being plugged in. If it’s happened to you, you are probably already thinking, “rogue DHCP server.”

The ISM has just been enhanced to detect any internal network segment that has one or more DHCP servers making offers. A new line item has been added to the bottom of the Network section of the firewall overview on the web interface called “DHCP Servers.” This line will display all DHCP servers detected by the ISM, and which segment they appear on. If more than one is detected on a single segment, something that is always undesirable, the line will be highlighted in red. Additionally, it raises an alert and you will recieve a call from the security desk.

This enhancement has been added to every ISM at no additional cost. Just another way we try to help you manage your network!

Topics: ISM Feature Announcements, ISM Updates

Microsoft Issues Off-Cycle Patch for Major Security Vulnerability

By Craig Cocca | October 23, 2008

Microsoft has just pushed out a patch for an unusually critical remote execution exploit outside of their normal update cycle. We encourage all of our customers to make sure your Windows machines have received the patch immediately.

More at

Topics: Security News, Windows Security News

PC Converted Into Botnet Zombie in Less Than 5 Minutes

By Craig Cocca | October 22, 2008

There is a great Windows Security article over at ZDNet today concerning the ever-growing problem of Zombie PCs, infected computers that send out spam, attack other computers, and spread viruses. An unprotected PC can become drafted into the “botnet army” in less than 5 minutes. The Internet Security Manager helps to prevent the PCs on a LAN from becoming infected by monitoring network activity with the LAN Scanner and Threat Alert.

More on this story can be found at:

Topics: Windows Security News

Zero Day Trojan In The Wild

By Craig Cocca | July 24, 2008

There is currently an e-mail trojan circulating on the Internet that includes a trojan packaged as a Zip file. This is a variant on the “UPS Virus” that was circulating last week. You should delete all messages with text similar to the following:


We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.


Topics: Windows Security News

Spammers Break CAPTCHA Verification for Several Major Webmail Systems

By Craig Cocca | July 3, 2008

ZDNet is reporting that the text-based human verification system known as CAPTCHA has been compromised by automated systems at Yahoo, Hotmail, and Gmail. This is allowing hackers to automatically sign up for free e-mail accounts that can be used for spam, scams, and phishing. This presents a challenging problem for spam prevention, as mail coming from legitimate Gmail, Hotmail, or Yahoo servers is not often marked as spam by most anti spam systems.

More information on this can be found at

If you use CAPTCHA as a means of protection on your web site, you may want to consider one of the alternatives listed at the bottom of the following article:

Topics: General News, Security News, Spam

SQL Injection Attack tools

By Wes Zuber | June 25, 2008

If you use Microsoft SQL for your website backend, be sure and check out these tools, Scrawlr, Urlscan and Microsoft Source Code Analyzer for SQL Injection. These tools are free. Every web developer should find the time to use them against sites they design.

Topics: Security News, Windows Security News

Mac OSX Trojans

By Wes Zuber | June 25, 2008

There are two new trojans for OSX. Both rely on social engineering (convincing the user to install something they got through email or from a website). The ISM anti virus email measures will prevent these two trojans from getting to your users through email.

Topics: Malware and Viruses, Security News

« Previous Entries Back to Top Next Entries »