Gladiator Research and Security

We’ve covered the basics of what DNS is and how it works, now we’re going to discuss the ways it can be compromised and used against you.

Over the next few weeks, we’re going to be delving into the topic of DNS: what it is, and how malicious attackers can use it against you.

Lately, with the latest outbreak of malware mostly targeting user applications, I have been discussing the patching process with several IT administrators.  Frequently I will hear, “We don’t need to worry about patching, that is what WSUS (Windows System Update Services) is for.”  We agree that WSUS is a wonderful and easy process for updating your Microsoft components, but there are other applications on workstations and servers that need  critical security updates.  These updates can be performed manually, or could be included into third party patching software, like Lumension (formerly PatchLink).

Microsoft has published a great security update guide that I think would benefit financial institutions.  It discusses 6 great steps for network administrators on Windows networks:

• Get to know the security update release process
• Learn how to evaluate risk
• See how to migrate security risks
• Understand how quickly you need to apply updates
• Assess your update
• Get ongoing security

You can find the guide here.

Gladiator has received reports that an old email scam regarding domain registry has resurfaced, and the amount of scam-related emails sent to website owners has picked up greatly.  Basically, the scammers will send a deceptive email to a user at the organization, usually the person whose name is listed as registering the website or the CEO of the organization, if this information is listed on the public-facing website.  The email states that the organization’s domain registration is going to expire in Asia, and directs the organization to send money to a domain registrar in order to keep others from buying the domain space.  (A perfect example of one of these scam emails can be seen by clicking here.)  Most of the scam email examples that Gladiator has seen have been sourced from China or other nations in Asia.  Basically, these scammers are instigating fear on the part of the unsuspecting user by suggesting that his organization may lose its domain space (.com address) unless he acts as they direct.

Now that the Internet has been around for some time, users are starting to become more adept at protecting themselves from Web-based threats.  Users have learned that certain parts of the Web or Web pages, like advertisements, can pose a security threat and, therefore, will avoid clicking on them.  Unfortunately, the malware writers have also noticed the trend and continue to come up with new ways of distributing their malicious applications.  The most popular method used for the past year is called Drive-by Downloads.  The term Drive-by Download means users become infected simply by surfing an exploited Web page and are completely unaware of the malicious file download occurring in the background.  Web browser exploits (such as IE, Firefox, Safari, etc.) and other third party application exploits (such as Adobe Reader, Microsoft Excel, etc.) can potentially allow remote code execution, which can lead to a malicious file download which is completely invisible to the user.  Fake pop-ups that look legitimate, often cleverly masqueraded as anti-virus solutions, are also a popular method of tricking a user into either clicking on the pop-up to close it or following the instructions on the pop-up, both of which result in malicious file downloads.

Happy Holidays!  This is just a reminder that the Holidays are always a very active time for the “bad guys.”  Malware writers and phishers prey on our cheery attitudes and overactive messaging habits to slip in malicious emails.  There are a few popular attacks that pop up like clockwork around the holidays each year, and so you should make your users aware of these attacks.