eWeek reporter Brian Prince writes how Google's newest addition to the social media landscape gets smacked with a Federal Trade Commission (FTC) complaint from the Electronic Privacy Information Center (EPIC).  Despite Google's claims that the new application was meant "to make it easy for users to connect with other people and have conversations about the things that interest them", EPIC's executive director, Marc Rotenberg, responds that "Google should not be allowed to push users’ personal information into a social network they never requested”, as this action "is a significant breach of consumers’ expectations of privacy".

Although Google has made changes to amend the situation, security vendors are commenting on how the application can fuel ulterior motives in the arena of spam distribution, as Websense discovered a spam account already "following" 237 people not even two days after the release.  Patrik Runald, senior manager of security research at Websense, states that  "When you get a new follower, you get alerted to the fact and a prompt whether or not you want to follow them back. It's here that we've seen a lot of spam accounts being used to follow users."

Click here for the full scoop.

Websense recently released its latest product, TRITON, according to Howard Solomon for NetworkWorld Canada.  For the first time, customers can tackle blended online attacks with just one integrated solution, yet still have the option to mix and match on-premise and hosted solutions to meet their individual needs.

All of this sounds quite complex, yet Solomon reports that "Management of both is done from a single dashboard, which an industry analyst says is arguably the biggest advantage of the integration."  The new product blends Websense e-mail security, web security gateway, and data loss prevention solutions into one entity available as a software-only or V-series appliance.

Although an integrated solution isn't a necessarily a new concept, the approach of Websense is what really differentiates TRITON from its competitors.  “A lot of vendors out there sell parts of a total solution, but not the whole thing,” says Dave Meizlik, Director of Product Marketing at Websense. “So [users] have to deploy multiple pieces of hardware in multiple locations across their enterprise, each delivering multiple security services which require multiple policies and multiple reports to manage.”

For the full story, click here.

The second half of 2009 saw malware authors focus their efforts to ensure they drove victims straight to them.  In contrast to the first half of the year where mass injection attacks like Gumblar, Beladen and Nine Ball promoted a sharp rise in the number of malicious Web sites, Websense Security Labs observed a slight (3.3 percent) decline in the growth of the number of Web sites compromised. Instead, attackers replaced their traditional scattergun approach with focused efforts on Web 2.0 properties with higher traffic and multiple pages.

Over the six month period, Search Engine Optimization (SEO) poisoning attacks featured heavily, and Websense Security Labs research identified that 13.7 percent of searches for trending news/buzz words lead to malware. In addition, attackers continued to capitalize on Web site reputation and exploiting user trust, with 71 percent of Web sites with malicious code revealed to be legitimate sites that had been compromised.

Web security intelligence remains a critical component of any email and data security strategy as illustrated by the continued popularity of blended threats (spam emails with embedded URLs). During the second half of 2009 Websense Security Labs discovered:

• 13.7 percent of searches for trending news/buzz words (as defined by Yahoo Buzz & Google Trends) lead to malware
• 95 percent of user-generated comments to blogs, chat rooms and message boards are spam or  malicious
• 35 percent of malicious Web attacks included data-stealing code
• 58 percent of data-stealing attacks are conducted over the Web
• 85.8 percent of all emails were spam
• an average growth of 225 percent in malicious Web sites

These discoveries, along with details on other exploits and analysis of Web, email and data security trends during the second half of 2009 are explored in the Websense Security Labs “State of Internet Security” report.
The full report is available here.

An archived Webcast presentation about the report can be found here.

Watch the video overview of the findings below, or by clicking here.

Aurora Internet Explorer Zero-Day Attack

As early as December 2009, emails containing links to malicious code were sent to Google, Adobe, and approximately 30 other companies.  Commonly referred to as Aurora, the attack leveraged a previously unknown Internet Explorer vulnerability and the attack is ongoing.  Aurora was designed to evade traditional anti-virus and Web reputation defenses to gain access to company assets and sensitive information. As of January 21, only 25% of AV vendors tracked protect against the payload according to this VT report. Websense® Security Labs™ has published important information – available below – regarding this threat.

What You Should Know
Websense provided its customers with zero day protection from this attack before it began in December.  Aurora, and a growing number of similar Web-based threats, highlight the need for Websense Web, data, and email technology, which go beyond legacy security controls.  Websense provides real-time protection for previously unknown threats like Aurora as they propagate over the Web and across email, targeting sensitive data stored on systems inside and outside the corporate network, helping to prevent systems from getting infected and sensitive data from being compromised. Put simply, Websense provides the most advanced security for modern threats.

With Websense, customers receive:

• Real-time malware protection that goes beyond anti-virus to address previously undiscovered threats like Aurora on-the-fly, when they are first introduced.
• Advanced content security that spans Web, email and other channels to intelligently scan data coming in and out for legacy threats, exploits, script-based attacks, and data loss.
• Comprehensive protection for users at the corporate office, branch office, and who are mobile to carry security across the entire enterprise. 

More Information on Aurora

Timeline

The Aurora attacks are examples of what are being referred to as Advanced Persistent Threats (APT), described well by TaoSecurity in three simple points. In brief:

• Advanced means the adversary can operate in the full spectrum of computer intrusion.
• Persistent means the adversary is formally tasked to accomplish a mission.
• Threat means the adversary is not a piece of mindless code.

The impact of these advanced attacks on the targeted organization can be severe and difficult to defend against. In this case, the attacks used complex exploit code delivered on websites. Vulnerable hosts were affected when they simply connected to the site. Post-infection, additional malicious code is downloaded, data is captured and the sent to remote websites.

Websense has been at the forefront of identifying and protecting our customers from zero-day exploits in the wild for several years.  We expect that the number of attacks of this type will grow with time.  We are now seeing other attackers use the Aurora zero-day exploit to infect vulnerable hosts. Since the code is now publicly available, we expect the next wave of attacks to come from cybercriminals whose techniques are equally sophisticated, but whose motives are somewhat different. They will most certainly be hunting for data, but it will be for monetary gain rather than information gathering. 

Learn More

Websense Security Labs:

http://securitylabs.websense.com/content/Alerts/3536.aspx  

http://securitylabs.websense.com/content/Blogs/3534.aspx

http://securitylabs.websense.com/content/Blogs/3530.aspx

Other Resources:
http://www.mandiant.com/services/advanced_persistent_threat/.
http://taosecurity.blogspot.com/2010/01/what-is-apt-and-what-does-it-want.html
http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx
http://www.microsoft.com/technet/security/bulletin/MS06-001.mspx

For information about how to be protected against advanced threats, visit http://www.websense.com.

For up-to-date information about Aurora, and for other breaking security information: http://www.websensesecuritylabs.com 

In the past, Websense has brought to light many examples of hackers and fraudsters taking advantage of the most popular trends on the Internet to exploit people. Unfortunately, this activity is not limited to just the pop culture elements of today’s news, but also pervades tragic occurrences as well.

This week, Websense Security Labs has detected a number of online scams and malicious exploits pertaining to the recent earthquake and relief efforts in Haiti.

From scam Tweets and spam emails soliciting donations for fraudulent charities, to SEO poisoning – attackers are using multiple vectors to exploit users.  Individuals should be careful clicking on links when searching the Web using popular terms including “Haiti current news”, “Haiti earthquake wiki”, “Haiti death count”, “Haiti disaster” and “Volunteers to Haiti.”

This blog post from the Websense Security Labs explains how cybercriminals use SEO poisoning techniques to get their fraudulent charity Web sites and rogue antivirus attacks into the top search results on search engines like Google and Bing: http://securitylabs.websense.com/content/Alerts/3524.aspx?cmpid=prblog.

Using the Websense ThreatSeeker Network, which scans more than 40 million Web sites and 10 million emails each hour looking for the latest threats, the Websense Security labs has also uncovered examples of spam emails that are soliciting donations for fraudulent charity.

This screenshot shows a spam email that purports to be from the “International Red Cross.” However, it is fraudulent and any donations sent to this source are actually sent to fraudsters:

Similarly, this screenshot shows an example of other types of spam emails that are circulating. These emails use a subject line related to the earthquake as a lure to entice users to open the email and click on links or download attachments. Clicking on those links or downloading the attachments can lead to rogue antivirus sites or other types of malicious elements that will infect the user’s computer.

Lastly, the Websense Security Labs has also discovered examples of Twitter accounts spreading spammy or malicious links. In the screenshot below, the Twitter account is spreading a link that claims to provide news about the situation in Haiti. However, the link actually leads to a dubious Web site dedicated to get rich quick schemes for making money at home:

Websense Web and email security customers are protected from these and other types of attacks. 

In addition to the protection provided by Websense security solutions, here are some tips for staying safer online:

- Do not reply to any unsolicited emails, especially those soliciting donations. Do not click on links in unsolicited emails. If you want to donate to the cause, work with a charity that you have used before and can verify the legitimacy of.

- Be skeptical of anyone claiming via email or social networking sites to be surviving victims or officials asking for donations.

- Verify the legitimacy of non-profit groups by independently checking the group’s existence and reputation, rather than relying on a purported link to the group’s site.

- Be cautious of emails claiming to show photos of the disaster area in attached files. The files may contain computer viruses. Only open attachments sent by people or groups you know and trust.

- Make contributions directly to known charitable organizations, rather than relying on others to relay your donation. Preferably, work with charities that you have donated to before, or that are located in your community. Manually type the URL of a reputable charity’s Web site into your browser rather than follow a link from an email. Or better yet, call the charity directly on the phone to make your donation.

- Never give your personal or financial information to anyone who solicits contributions. Providing that information opens the door to identity theft.

- Do not trust sites that claim to have discovered viruses on your computer. Immediately close your browser window. These sites are often rogue antivirus sites that will infect your computer or take your money as part of a claim that they are cleaning your computer from infection.