From RSA 2011: Adobe Exploits, ZeusiLeaks, and Safe Browsing
I very recently attended the RSA Conference along with my colleagues in San Francisco. Like my colleague Marco who shared some of his key takeaways from the conference, I was able to learn a lot from the presentations. Below are a few of the topics I found particularly interesting.
Adobe—Evaluating the World’s Most Exploited Software
I have been using Adobe software for a while now and have been able to analyze a number of PDF malware. As such, I naturally became interested in the session that promised to evaluate why Adobe is currently the most exploited application vendor nowadays, even topping Internet Explorer (IE), Microsoft Office, Java, QuickTime, RealPlayer, to name a few.
So why Adobe? The .PDF file format has become an accepted standard, which people worldwide use. Cybercriminals know and are taking advantage of this fact. This can be likened to an archer releasing a single arrow and hitting several targets at once. The .PDF file format has also become very popular in targeted attacks since automation for obfuscation in exploit kits can now be easily done.
While Adobe has carried out considerable improvements in handling vulnerabilities, Roel Schouwenberg predicts that targeted attacks will continue leveraging .PDF files. As such, users must continue to be cautious when opening .PDF files, especially those that come from unknown senders. Users should also utilize built-in Adobe features that enable automatic updates. Considering alternative applications may also be a good idea.
Cybercrime Reborn: Not for the Faint of Heart
ZeuS is one of the most prevalent malware currently in the wild. This malware family has been a cause for concern because of its ability to target banks and to gather user credentials. More recently, however, another reason for alarm emerged—ZeusiLeaks.
Obviously inspired by the widely popular WikiLeaks issue, ZeusiLeaks poses even greater danger. ZeuS is a known stealer of user credentials, specifically bank account information. Just imagine the repercussions of having this kind of data available online for the entire worldwide Web to see.
Unfortunately, ZeuS has progressed to targeting not just banks but even the retail and corporate sectors. By using spear phishing to target specific individuals, ZeuS can easily steal information such as corporate documents and even security alarm codes. As Uri Rivner said in his presentation, unlike before when networks and applications were the primary targets, these days, cybercriminals are targeting individuals. The main attack vector has now become the employees themselves. Unfortunately, humans cannot be as easily patched as software or OSs. With the level of threats increasing just as the level of control decreases, the need to properly educate users becomes even more important. The challenge then for security experts is how to allow humans to actually do their business and to increase their functionality on one hand while ensuring security and protecting them from threats on the other.
Browsing Known Sites Is Safe—True or False?
Most users believe that the websites they have been visiting for some time will always remain safe. Unfortunately, even known sites can prove dangerous. The answer then to the question, “Is browsing known sites safe?,” is “False.”
In their presentation, Lukas Hasik and Jiri Sejtko explained the trust phenomenon wherein users placed their trust on known websites instead of relying on antivirus software. Unfortunately, this is not a foolproof motto to live by, considering that cybercriminals are constantly compromising websites to carry out their malicious schemes. Hackers are able to penetrate servers and to insert malicious codes such as iframe tags that execute payloads once users visit certain sites.
Over time, simple iframe tags have evolved as well. Cybercriminals now use complex obfuscation techniques to make more money. Because of this, users need to constantly exercise caution when visiting websites. More importantly, using reliable security software and keeping these up-to-date will help keep malicious websites at bay.
Post from: TrendLabs | Malware Blog – by Trend Micro
From RSA 2011: Adobe Exploits, ZeusiLeaks, and Safe Browsing
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet