Live Wire Vol. 1

LIVE WIRE ! THE SECURITY NEWSLETTER

VOLUME 3: May 17, 2007

SECURITY NEWS

The Nastiest Malware Trends

Malware is growing quickly. McAfee Avert Labs expected in 2006 to have recorded their 225,000th unique computer/ network threat, finding 50,000 threats between Jan and Nov of 2006 alone. The motive for creating malware has been profit or spying in most cases, and as profits from creating malware have grown, paid professionals have begun to make new and ever more dangerous forms. The return on creating malware has been high in large part because so many victims do not know what to look out for; individuals often still think of malware in the same simplistic forms of five years ago.

Following are some of the latest trends in malware, and it will give you a better understanding of what sorts of threats you and your computer face.

1. Adware
The most common form of malware is adware. It’s a type of spyware that secretly imbeds itself on your computer and analyzes your web browsing habits and then related banner advertising occasionally in popup windows.

2. Browser Hijacker
Browser hijackers, or hijackware, alter web browser settings to redirect you to a different homepage, typically to questionable websites (adult, gaming, celebrity).

3. Internet Dialer
There are legitimate Internet dialers, but the malware variety does sinister things including making phone calls to 1-900 numbers secretly through your modem.

4. Keylogger
Keyloggers can also be a highly malicious form of spyware that monitors every keystroke a computer user makes, as well as system events. Using a keylogger, thieves can quickly steal passwords, email addresses, IM (Instant Messenger) usernames, bank account numbers, and other sensitive details.

5. Rootkit
Rootkits are amongst the most sinister of all types of malware, going to the operating system and disabling security features such as firewalls and anti-virus programs, thus rendering themselves invisible. They also install other malicious code, change DNS settings and system configurations, access private files, and generally affect security and system performance.

6. Trojan Horse
Trojan horses are masters of disguise. This form of malware pretends to be innocuous plugins, add-ons, or even CODECs (Encoder/ Decoder) for multimedia audio or video players such as WinAmp, and other harmless software.

7. Worm
Worms are a self-propagating (they multiply on their own) form of malware. Worms hunt for security flaws in other computers on the same network as an infected computer and copy themselves onto the new computer through that loophole.

8. Virus
The term “virus” refers to software that inserts malicious code into existing documents or even other code, and which is then spread by various means. Viruses have also started showing up in many different forms (macro, file, boot sector, network, email, etc.) and are used for many purposes, including infecting computers to acts as zombies in botnets.

9. Drive-By Download (DBD)
In general, the term "drive-by download" (DBD) refers to any malware installed without user consent or knowledge. This malware can download spyware, a virus, etc., and this can happen while viewing a website or popup window, or from an email message. It requires no action by a surfer to get infected.

10. Piggyback
Piggyback malware refers to embedded malicious code within an otherwise harmless executable file. This means that even trusted sites might cause your computer to be infected. Typically suspect piggyback sites are those having downloads for games, music, and wallpapers, as well as celebrity and adult sites. A more recent trend in malware, to is to piggyback off open source code or even when file sharing via VoIP or VoIM clients.

------------------------------------------------------------------------

ISO 20000 - is it relevant to organizations today?

YES, indeed. Organizations focused on continual quality improvement in IT Service Management, will benefit by following the latest standard from the International Organization for Standards (ISO) — ISO 20000. This new standard promotes the adoption of an integrated process approach to the effective delivery of IT services and sets guidelines for quality in IT service management (ITSM). It provides a standardized way of verifying that an organization has successfully adopted IT Service Management best practices as defined by ITIL, which has been a de facto standard for service management for almost 20 years.

ISO 20000 is especially important to organizations:

In industries in which quality IT services are essential to business success, such as — but not limited to — the financial services, utilities, and health services industries.

It’s important to keep in mind that the ISO 20000 journey is an iterative process of continual improvement and cannot be completed in one giant step.

Request for an ISO 20000 Proposal!

Top Ten Computer Security Tips

◊ Use anti-virus software and keep it up-to-date.
◊ Use an anti-spyware program.
◊ Keep your operating system and other software current.
◊ Do not download files from an unknown source.
◊ Use complex, hard-to-guess passwords and change them regularly.
◊ Do not open emails or attachments from unknown sources.
◊ Use file sharing sparingly.
◊ Only run services that you need.
◊ Use a firewall to protect your computer from Internet intruders.
◊ Back up your computer data regularly.

MIEL NEWSBYTES

MIEL to undertake ISO 27001 Consultancy for Government organizations in Oman and Bahrain

MIEL has recently been appointed to assist Government organizations in Oman and Bahrain to handle the complete Information Security Management Lifecycle and achieve the coveted ISO 27001. Towards this, MIEL will use its unique 5 phase methodology for implementation of ISO-27001/BS-7799 controls in line with the ISO Plan – Do – Check – Act (PDCA) cycle.

------------------------------------------------------------------------

Recently concluded Information Security Training Programs carried out through MIEL’s Information Security Training Institute - ISTI^TM

v ISMS Implementation Training (Based on ISO 27001) for Siemens conducted in Mumbai for a record of 25 participants i.e. Siemens employees across India.

v BCMS Implementation Training and ISO 20000 Implementation Training Program conducted in Mumbai.

------------------------------------------------------------------------

Upcoming Training Programs

CEH (Certified Ethical Hacking)

June 2nd, 3rd, 9th, 10th, 16th (Weekend Batch)

CISSP CBK Review Seminar

May 21st – 25th

CISSP Exam

June 16th

ITSMS Implementation Course (ISO 20000)

June 20th - 22nd

ISO 27001 Lead Auditor Course (IRCA Approved)

June 4th - 8th

ISMS Implementation Course - ISO 27001

June 27th - 29th

To register, contact us today at isti@mielesecurity.com!

Know more about our other Training Programs, visit our Training section today at www.mielesecurity.com.

Your ideas, suggestions, tips and recommendations are highly valued. Please send us your feedback about our newsletter at marketing@mielesecurity.com, and thank you once again for your continued support of MIEL.

MIEL e-Security Pvt. Ltd. is an ISO 27001:2005 certified company, headquartered in Mumbai, with offices across India and with a fully-owned European subsidiary in the UK. MIEL offers its clients in over 15 countries across 4 continents, the benefit of Global reach with Local presence and is among the largest pure-play Information Security Consulting Companies in India.

MIEL has an impressive track record of providing services and solutions to some of the leading names in Banking and Finance, Insurance, Manufacturing, IT and IT Enabled Services, Healthcare, Shipping, Logistics and Government.

| Training | Consulting | Products |

* MUMBAI * BANGALORE * CHENNAI * HYDERABAD * PUNE * AHMEDABAD * LONDON *

C-611 / 612, Floral Deck Plaza, MIDC, Central Road, Andheri (East), Mumbai 400 093.

Tel # : +91 (22) 30096969/70/71/28215050 | FAX : +91 (22) 28215838

Email : Corporate at feelsecure@mielesecurity.com

Marketing at marketing@mielesecurity.com

Website : www.mielesecurity.com

------------------------------------------------------------------------------------------------------------------

DISCLAIMER NOTICE:
The information contained in this electronic mail ("e-mail") transmission is intended by MIEL e-Security Private Limited for the use of the named individual or entity to which it is addressed and may contain information that is privileged or otherwise confidential. It is not intended for transmission to, or receipt by, any individual or entity other than the named addressee (or a person authorized to deliver it to the named addressee), except as otherwise expressly permitted in this e-mail transmission. If you are not the intended recipient and have received this e-mail transmission by error, please do not read, copy, use, disseminate or disclose this communication to others. Additionally, please notify the sender, by replying to this message or by using the contact details provided herein and then delete this e-mail from your system. To discontinue receiving any more e-mails, please notify the sender of this message by replying to this message by using the subject line as "unsubscribe". Thank you.