Risk FREE 30 Day Trial
Use ProSecure™ STM and UTM to protect your network, free of charge, for 30 days.
Security Blog
February 28, 2010
RSA Conference is HERE
Just a reminder that the RSA Conference is back in town. For those of you interested in security, RSA is the place to be. Personally, I'm looking forward to what new developments in security 2010 will bring. See you all at the show!
Posted by: Pete at 8:59 PM
Categories: General
February 28, 2010
Twitter Suffers from Large Scale Phishing Attacks
Yesterday, a large number of Twitter users received from friends tweets titled "this you????" which pointed to a false Twitter landing page.
If the victim enters their user name and password on the fake landing page, the attackers will be able to control their account and use it to send out even more phishing tweets.
Does this attack sound familiar? Here at the lab, we use MSN quite a lot and have seen many similar phishing attacks via MSN. This type of phishing attack is based on a sociological approach and is being rapidly ported to twitter and other social networks.
We recommend that you do not open any suspicious messages whether it's Twitter or MSN or anything else. If your friends frequently tell you that they are receiving strange messages from you, it probably means your account information has been stolen and that you need to change your password as soon as possible in addition to a full system virus scan.
Posted by: Pete at 8:48 PM
Categories: Netgear Threat Lab , Phishing
February 23, 2010
eWeek Reviews the UTM5
eWeek has just published their review of the UTM5. The review talks about the various components of the UTM5 and also gives their thoughts on setting up the unit.
See what they have to say here.
Posted by: Pete at 2:04 PM
Categories: General
February 12, 2010
Threat Lab Report: Apple's Ipad Sparks New SEO Threats
On January 27th, Apple formally introduced to the world the iPad, when countless delighted when Apple fans rejoiced. They weren't the only ones. Cyber criminals were also excited but for other reasons.
Big news events such as the earthquake in Haiti have always been exploited by cyber criminals.
The iPad announcement for them, was a golden opportunity to spread new viruses. They used various SEO poisoning techniques (SEO (Search Engine Optimization) poisoning techniques) to accomplish this. The mal-websites containing the viruses will show up at the top of well-known search engine search results.
When the user arrives at the sites of these viruses, the site will present the user with a fake online virus scan, then inform the user's that the computer has been infected, and present a virus (Trojan-Downloader.Win32.FraudLoad.wxuf ) disguised as anti-virus software for the user to download and install.
This type of threat can be stopped in real-time by ProSecure appliances.
Posted by: Netgear Threat Lab at 3:08 PM
Categories: General , Malware , Netgear Threat Lab
February 5, 2010
ProSecure UTM5 Launched
We just introduced the latest member of the UTM family the UTM5. It contains all the security found in the UTM10 and UTM25 at slightly slower speeds. It's a great fit for smaller office networks and basically gives you the high level of protection found in high end Web/Email security gateways, plus the functionality and connectivity options of a good firewall.
One thing we didn't compromise on is the security effectiveness. What good is a security appliance if it doesn't effectively do what it was brought in to do? The UTM5 is a great value, but there is nothing "economy class" about the coverage and performance of the UTM5.
Contact your local VAR or sign up at prosecure.netgear.com for a risk free 30 day eval.
Posted by: Pete at 3:48 PM
Categories: General
February 5, 2010
ProSecure UTMs Firmware with SSL Vulnerability Patch Released
Back in November a critical SSL Vulnerability was discovered.
I'm pleased to say that firmware version 1.0.16-0 for our UTM family contains patched versions of SSL. There are many components within the UTM that uses SSL so getting this patch was very important.
It's a good thing this vulnerability was discovered by researchers with good intentions as this could have resulted in a disaster (with the economy the way it is, even if the bad guys did exploit the vulnerability there probably wasn't that much to steal ;-))
You can read the release notes here.
Posted by: Pete at 3:39 PM
Categories: General
February 2, 2010
IT Pro Reviews the STM300
IT Pro has just published their review of the STM300. Head on over and see what they have to say about the STM300.
Posted by: Pete at 10:38 AM
Categories: General
January 26, 2010
New Internet Explorer Vulnerability Potentially Exposes All of the Victim's Files
A new vulnerability in Internet Explorer has been discovered (again).
This time, instead of exploiting a flaw in the code, attackers can potentially use built-in IE features such as URL Security Zones and IE's file-sharing protocol to attack a victim's machine.
The result - gain access to all of the victim's files.
Jorge Luis Alvarez Medina, a security consultant will demonstrate proof-of-concept code next month after the Black Hat Conference in Washington DC, and Microsoft intends to subsequently release a patch for this soon after.
"These vulnerabilities are just features ... the implementation of the features allow you to obtain certain information, which by itself is harmless. But when combined together with other features, it renders an attack vector," Medina says.
To give you a better idea of how the attack is carried out, here is what Medina says about the attack. "With IE's Security Zones, an Internet zone would not be allowed to read files from a local machine, for instance. But if a local machine is considered part of the Internet zone, its files could be accessed by an attacker."
Until a patch is released, a few ways to protect yourself from being exposed would be to:
1. Deploy IE's Protocol Lockdown feature to restrict the file protocol
2. Set the security level to "High"
3. Disable active scripting in the Intranet and Internet Zones
4. Run IE in Protected Mode if available in the OS
5. Lock down and disable the MHTML protocol handler
6. And last but not least use another browser
Along with the attacks on Google last week, it seems to me that IE still has a long way to go before we can consider it "secure". This is not isolated to IE as Firefox actually has even more vulnerabilities. Software companies simply have to do a better job at breaking their products before releasing them to the public. As it stands, Web browsers and many other types of software are simply acting as a gateway for hackers to the rest of a user's system.
Posted by: Pete at 1:45 PM
Categories: General , Vulnerability
January 24, 2010
Threat Lab Report: Troj.Exploit.W32.PDF-URI.o
Troj.Exploit.W32.PDF-URI.o
Behavior:9
Description:Adobe Acrobat and Reader are prone to a remote code-execution vulnerability CVE-2009-0927.
When supplying a specially crafted argument to the getIcon() method of a Collab object, proper bounds checking is not performed resulting in a stack overflow. By persuading a victim to open a specially-crafted PDF file, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with the privileges of the victim.
Affected Versions: Reader and Acrobat 7.1 and prior
Reader and Acrobat 8.1.2 and prior
Reader and Acrobat 9
Posted by: Netgear Threat Lab at 7:00 PM
Categories: Malware , Netgear Threat Lab
January 24, 2010
Threat Lab Report: Troj.Downloader.VBS.Agent.ex
Troj.Downloader.VBS.Agent.ex
Description: The EDraw Office Viewer Component ActiveX control (officeviewer.ocx) is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. The issue occurs when an excessive amount of data is passed to the 'FtpDownloadFile()' method of the EDraw. OfficeViewer(officeviewer.ocx) ActiveX control with the CLSID: 6BA21C22-53A5-463F-BBE8-5CF7FFA0132B.By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Affected: EDraw Office Viewer Component 5.3
Posted by: Netgear Threat Lab at 6:55 PM
Categories: Malware , Netgear Threat Lab