Security Software Vulnerabilities Rise In 2010

IBM reported on Wednesday that the number of cracks hackers could exploit in computer software jumped during the first half of 2010.

The number of documented “vulnerabilities” reported by an X-Force Research and Development team at IBM increased 36 percent to 4,396 from the same period last year, and over half lacked patches to correct the flaws.

“This year’s X-Force report reveals that although threats are on the rise, the industry as a whole is getting much more vigilant about reporting vulnerabilities,” IBM Security Solutions general manager Steve Robinson said in a statement.

“Threat dynamics continue to multiply and evolve at a furious pace, making it more crucial than ever to look at unfolding trends so we can better prepare our clients for the future.”

India becomes the No.1 Malware Producer

India has overtaken the US as the single biggest producer of viruses, according to analysis of internet threats by Network Box.

India is now responsible for 13.74 per cent of the world’s viruses, up from 9.5 per cent in July. Russia is the next in line, producing just over 11 per cent of viruses – a jump from last month’s 4.01 per cent.

The US accounts for just over eight per cent, a significant decrease from 14.65 per cent last month.

Virus levels from the UK have dropped to 2.5 per cent; down from five per cent last month. The UK is now the seventh-largest threat producing country in the world (down from fourth last month).

DDoS Botnet Hits Over 200 Websites

A new botnet built for knocking websites offline has attacked mostly Chinese and some U.S. sites, according to researchers.

About 90 percent of the command and control servers running YoyoDdos, the nickname given the botnet by researchers at Arbor Networks who have been studying and tracking it, have IP addresses in China, and two-thirds of its victim websites are out of China. The botnet has attacked around 180 websites so far, including 32 in the U.S.

“It is a pretty active botnet,” says Jeff Edwards, a research analyst with Arbor who has been analyzing the botnet, which first appeared in Arbor’s honeypot servers back in March. “We’ve detected a lot of attacks coming out of it … [around] ten unique victims a day.”

The malware itself isn’t particularly sophisticated, however. “It’s pretty typical of a lot of malware we see,” he says. “It’s a fairly non-sophisticated piece of malware, but effective.”

Facebook Security Test

As we all know Facebook is extremely popular and currently has over 500 million users. History has thought us that the more popular something becomes, the more threats emerge from and around it. We already heard about multiple mass account hijackings, malware distribution….

Malware Research Group has decided to test if the security application are able to protect users from threats designed specifically for identity theft. For this purpose Malware Research Group has developed a specific malware simulator (V 1.1). This tool will enable us to recreate the real world scenario and bring this test as close to reality as possible.

We have 15 applications scheduled for testing at this moment, our capabilities for this test are 25 applications, If any of the vendors want for their application to be included in this test, fell free to contact us.

Browser Security / Financial Malware test

We thought we would release some detail about our upcoming Browser Security / Financial Malware test.

This “test” is actually going to be an ongoing programme of assessing a cohort of security applications effectiveness in securing Internet Explorer 8 on an XPSP3 system against a combination of bespoke test tools, malware emulators and real, zero day to early life malware.

We are still in the process of securing the funds required to sustain this programme, but, to avoid delay and spark a bit of interest, we will be starting the first tests using our own, custom financial malware emulation tool.

We will repeat the test every 24 hours, each time using the same original build of our tool to assess the security applications ability to detect and counter this threat over time.

We will run the test, just using our emulator for the next week or so, until we have funds to widen the programme to include our other in-house tools (and so cover numerous vectors) and real malware.

The tool we will be using was designed in-house and is not available for use outside our labs.

The tool uses the same techniques employed by real malware to steal users banking data.

Due to the nature of this tool, we have designed it with security measures so we can block it globally, should it ever be stolen.

In this first test, we will use the tool to test security applications ability to:

1)    Detect or block the test application on install

2)    Prevent the tool from capturing data entered in to an HTTPS site using IE8

3)    Prevent the tool from sending captured data out of the system

The security applications we are considering including are:

Internet Security Suites:

AVG Internet Security

Avira Premium Security Suite

BitDefender Internet Security

CA Internet Security

Comodo Internet Security

Eset Smart Security

F-Secure Internet Security

G DATA Internet Security

Kaspersky Internet Security

McAfee Internet Security

Norton Internet Security

Online Armor ++

Outpost Security Suite Pro

PC Tools Internet Security

Trend Micro Internet Security

VIPRE Antivirus Premium

Zone Alarm Security Suite

Dedicated Browser Security / Anti-Logging Applications:

BufferZone Pro

DefenseWall

Prevx SafeOnline

SafeCentral

SandboxIE

SpyCop Cloak

SpyShelter

Trustdefender

Trusteer Rapport

Zemana AntiLogger

Zone Alarm ForceField

Vendors whose application fails to block the tool and who have a service contract with MRG can contact us after the test to book a remote session in our labs.

As a result of our last browser security test and the fact that internet banking security is such a hot topic, we were contacted by a number of media agencies.

It is our intention to supply the results of this test to our contact at the BBC.

We expect to start the programme on 15 April.