NewsAdmin News

News

Trojans Make Up Eighty Percent of New Malware

PandaLabs, Panda Security's anti-malware laboratory, recently published its Quarterly Report, analyzing the IT security events and incidents from January 2012 through March 2012. According to the report, 6 million new malware samples were created in the first quarter of 2012.

The announcement states that "Trojans set a new record as the preferred category of cybercriminals for carrying out information theft, representing 80 percent of all new malware. In 2011, Trojans 'only' accounted for 73 percent of all malware; worms took second place, comprising 9.30 percent of samples; followed by viruses at 6.43 percent. Interestingly in 2012, worms and viruses swapped positions from the 2011 Annual Report, where viruses stood at 14.25 percent and worms at 8 percent of all circulating malware."

According to the report, the average number of infected PCs around the world stands at 35.51 percent, which is slightly down from 2011. China led this ranking (with 54.25 percent of infected PCs), followed by Taiwan and Turkey. The list of top 10 least infected countries is dominated by European countries, with the top three being Sweden, Switzerland, and Norway.

The report also covers attacks on Android phones, distribution of malware via Facebook, the Megaupload case, cyber-war, and activities of the Anonymous and LulzSec hacktivist groups. The quarterly report can be downloaded from: http://press.pandasecurity.com/press-room/reports/.

Dell Announces 40-Gigabit Blade Server Switch

Dell recently announced new hardware and software additions to its Virtual Network Architecture portfolio, an open networking framework for efficient IT management and workload intelligence. Dell introduced the Dell Force10 MXL 10/40GbE switch, its first 40Gb blade server switch for the Dell PowerEdge M1000e blade system.

According to the announcement, the Dell Force10 MXL 10/40GbE blade switch brings unprecedented bandwidth capacity to the Dell PowerEdge M1000e blade chassis. The full-featured 1/10/40GbE Layer 2 and Layer 3 blade switch is powered by the Force10 operating system (FTOS) and provides increased bandwidth, scalability, performance, and operational simplicity for blades at data center and campus environments. Dell also released Open Manage Network Manager 5.0 (OMNM), which provides a single console for all network management functions of Dell networking platforms in branch, campus, and data center networks.

OMNM automates network management functions and increases uptime through diagnostic, network monitoring, and backup/restore capabilities. New features of OMNM 5.0 include: Easier installation and use of switches through a redesigned web-based GUI; support for Dell's full line of switches, including Dell Force10; traffic flow analysis; and resource group management. For more information, see http://www.dell.com/.

CollabNet Launches CloudForge

CollabNet has announced CloudForge, a new development-Platform-as-a-Service (dPaaS) that helps distributed teams and enterprise IT organizations adopt, manage, and scale cloud-based development activities.

According to the announcement, CloudForge provides teams with ease-of-use, instant access to popular development tools, integration with cloud services, and one-click deployment to public PaaS or private data centers. For IT organizations, it provides centralized role-based security, automated backups, and the visibility and compliance needed to deploy applications within a mix of public, private, and on-premise cloud environments. CollabNet also announced that its on-premise TeamForge and Subversion Edge installations seamlessly integrate into CloudForge.

CloudForge is an entirely new platform built on the Codesion cloud development framework. The announcement states that "while CloudForge offers an easy, flexible and low-cost 'on-ramp' to cloud development, it is 100 percent enterprise-ready, with the high availability, backup, compliance, security, user management and support expected from a world-class cloud offering." CloudForge is currently available for free public beta at: http://cloudforge.com/try.

PHP Websites Targeted

Ars Technica reports that attackers have been targeting an unpatched PHP bug. According to the article, a huge number of websites are at risk from an "unpatched vulnerability in the PHP scripting language that attackers are trying to exploit to remotely take control of underlying servers." Only PHP websites running in common gateway interface (CGI) mode are at risk.

The article by Dan Goodin states, "Sites running PHP in FastCGI mode aren't affected. Nobody knows exactly how many websites are at risk, because sites also must meet several other criteria to be vulnerable, including not having a firewall that blocks certain ports. Nonetheless, sites running CGI-configured PHP on the Apache web server are by default vulnerable to attacks that make it easy for hackers to run code that plants backdoors or downloads files containing sensitive user data."

Additionally, according to the article, an update released by PHP maintainers to patch the hole can easily be bypassed. Websites that run PHP in CGI mode should install the update anyway, then apply a second patch published by researchers on Eindbazen.net.

You can read the entire article and link to the updates at: http://arstechnica.com/business/news/2012/05/attackers-target-unpatched-php-bug-allowing-malicious-code-execution.ars.

CloudFlare and OpenDNS Target DNSChanger

CloudFlare and OpenDNS have joined forces to help Internet users who are still connecting to DNS servers that were formerly infected by a malicious malware known as DNSChanger. The DNSChanger malware worked by converting the DNS settings of infected computers and redirecting valid URLs to malicious sites.

In 2011, the crime ring responsible for DNSChanger was taken down, and the DNS server that was used to spread malware was taken over by the DNS Changer Working Group (DCWG). The DCWG recently announced that it will finally cease operation of the DNS server on July 9, 2012.

Unfortunately, an estimated half a million Internet users are still connecting to the server, and shutting it down would effectively leave them without Internet connectivity. OpenDNS and CloudFlare stated that they intend to notify Internet users still connecting to the server and then guide them through the process of switching to OpenDNS.

According to the announcement, this process will involve two steps, starting with CloudFlare customers enabling the DNSChanger Detector app, which will identify and notify visitors of a site if they are infected with the DNSChanger malware.

Once notified, infected users will be directed to OpenDNS, which will share simple and detailed instructions for switching DNS to OpenDNS's trusted servers. CloudFlare and OpenDNS's services are available for free.

For additional information, please visit the companies' websites at: http://www.opendns.com or http://www.cloudflare.com

 

ICANN's TLD Application System Down

The top-level Internet domain (TLD) Application System (TAS) has been shut down for nearly a month at the time of writing. TAS is the official application submission system for ICANN's controversial new gTLD Program, and the registration system was shut down on April 12 after reports of a bug that allowed applicants to see information in other customers' accounts. Opening a TAS account costs US$ 5,000, and filing a TLD application costs an additional US$ 180,000. According to ICANN, 2,091 applications – either submitted or in progress – were in TAS when it was taken offline.

In a statement on May 7, ICANN COO Akram Atallah said, "In recognition of the inconvenience caused by the temporary suspension of the TLD application system, ICANN will provide a full refund of the application fees paid by any new gTLD applicant that wishes to withdraw its application prior to publication of the list of applied-for new top-level domain names."

Atallah said, "We recognize that this represents an increase of only US $5000 over the refund that withdrawing applicants would otherwise receive, but we believe it is an important part of fulfilling our commitment to treat applicants fairly." For more information, see http://newgtlds.icann.org/en.