SERTOMA District Leadership Conference
(Download Registration Form)
The Combined Central Colorado and Front Range District's Leadership Conference will be held Sat., June 17, 2006, from 8:00am to 12:00 noon (registration, coffee, and rolls 8:00 to 8:30).
The conference will be held in the Harlequin Bldg. at the Regis University Tech Center campus which is at 7600 E. Orchard, just west of I-25 on the south side of Orchard. After entering, go down one floor (main entrance on 2nd floor) and go to Room #89.
All members of the District's Clubs are invited and encouraged to attend with emphasis on members who will be in Leadership positions (Officers, Board members, committee chairs, etc.) for the upcoming FY 2006-2007.
Details will follow with the agenda and other information.
For questions, please call Jerry Wheeler at 303-741-5378; Marty Morgan at 303-752-2088, or Merritt Sherer at 303-757-2134.
Subject: Sertoma Baseball Camp Info
LODO Field of Dreams June 22-24, 2006. We are also holding a 2-hour soccer camp with
the Colorado Rapids on the afternoon of July 26 in Westminster. I'll have
more info on that a little later.
Microsoft: Trojans, Bots Are 'Significant and Tangible Threat'
By Ryan Naraine
June 12, 2006
BOSTON-Microsoft security researchers have used data collected from its MSRT (malicious software removal tool) to produce the clearest picture yet of the malware scourge on Windows -- and it's not a pretty sight.
On the eve of the Tech 2006 conference here, the software maker offered a rare glimpse of the extent of infected Windows systems, warning that the threat from backdoor Trojans and bots present "a significant and tangible threat."
It is the first public confirmation by Microsoft that well-organized mobsters have established control a global billion-dollar crime network using keystroke loggers, IRC bots and rootkits.
The report comes as Microsoft introduces Ben Fathi as its new security czar and ahead of a rebranding of Microsoft Client Protection, the company's enterprise anti-spyware software that is now called Forefront Client Security.
Since the first iteration of the MSRT in January 2005, Microsoft has removed 16 million instances of malicious software from 5.7 million unique Windows machines. On average, the tool removes at least one instance of a virus, Trojan, rootkit or worm from every 311 computers it runs on.
The most significant threat is clearly from backdoor Trojans, small programs that open a back door to allow a remote attacker to have unauthorized access to the compromised computer.
The MSRT has removed at least one Trojan from about 3.5 million unique computers. Of the 5.7 million infected Windows machines, about 62 percent was found with a Trojan or bot.
A bot is a type of Trojan that communications through IRC (Inter Relay Chat) networks. Bots are used to launch spam runs, launch extortion denial-of-service attacks and to distribute spyware programs to unwitting Windows users.
Matt Braverman, the Microsoft program manager who collated the data and prepared the report, said the startling prevalence of bots proves that the for-profit malware route is lucrative for online criminals.
Three of the top five most removed malware families are bots - Rbot, Sdbot and Gaobot. The FU rootkit, which is used primarily to hide bots, is number five on the list.
"The numbers speak for themselves," Braverman said in an interview with eWEEK. "In addition to the fact that bots are high on the list, we're seeing a significant amount of new variants everyday. We're adding detections for about 2,000 new Rbot variants [to the [MSRT] with each release."
"Bots are not only active on computers. It's something that the attackers are modifying and turning around quickly. They're moving in, corralling a set of users, stealing information, then moving on to the next target," he explained.
The data also confirms that rootkits on Windows machines is a "potential emerging threat" but Microsoft does not believe the stealth programs have reached widespread prevalence yet. Of the 5.7 million machines cleaned, 14 percent was infected with a rootkit. However, that number dips to 9 percent if F4IRootkit, a rootkit used as a DRM mechanism in music CDs distributed by Sony BMG, is removed.
In 20 percent of the cases when a rootkit was found and removed, Braverman said at least one backdoor Trojan was found. This is confirmation that rootkits are being used to hide other piece of malicious software from anti-virus scanners.
The most prevalent rootkit is the open-source FU rootkit, which is the fifth most removed piece of malware. The Sony rootkit is number 11 on the list while Ispro and Hacker Defender are also listed high.
Overall, a rootkit was found in approximately 780,000 computers but this number includes the Sony BMG rootkit, which was not considered an offensive/malicious rootkit.
Roger Thompson, chief technical officer at Atlanta-based Exploit Prevention Labs, believes Microsoft's low rootkit detections is not an accurate reflection of the severity of the threat. "They're only finding what they're looking for. The tool will not find the rootkits are we don't know about. We know they are out there and they are becoming harder and harder to find," Thompson said in an interview with eWEEK.
Microsoft's Braverman acknowledged that there are "known rootkits that are not detected by the tool" but insists the five rootkit families detected by the MSRT represent "a significant portion of rootkits actively affected a large group of users today."
Braverman said the most effective technique against rootkits is prevention and urged Windows shops to keep anti-virus signatures up-to-date to get real-time protection. Even so, in some high-assurance corporate environments, Braverman suggested that users weigh the tradeoffs of taking additional steps to disinfect systems found with rootkits.
He echoed an earlier statement by a Microsoft security official that businesses consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from rootkit infestation.
"We see that as a last resort but wiping and restoring the OS to its original state is one of a variety of steps we recommend. It should be part of a layered model of dealing with malware," he added.
The MSRT data also shows an alarming prevalence of malware linked to social engineering attacks. Worms that spread through e-mail, peer-to-peer networks and instant messaging clients account for 35 percent of computers disinfected.
"The attackers have become more sophisticated in terms of understanding what end users will click on or execute from an e-mail. They are exploiting a weakness in that situation," Braverman said.
E-mail is still the most successful vehicle for social engineering attacks but, according to the data, IM-borne attacks that try to trick users into clicking on a malicious link are less likely to succeed because of advancements in security technology built into IM clients.
It is against this backdrop that Fathi, Microsoft's new security chief, takes over to guide the Redmond, Wash. technology giant through a crucial period in its history.
Fathi, who most recently served as general manager for Storage and High Availability in the Windows division, will use the TechEd conference to deliver a strategic briefing on building trust in computing.
He is expected to highlight Microsoft's investment in security technologies --- in the enterprise and consumer markets - and position the company as a leader in developing trust in an interconnected world.
Mike Nash, the long-serving corporate VP who has handed over the security portfolio to Fathi, said the priority for his replacement is a no-brainer.
"The first priority [for Fathi] is Vista. The second priority is Vista. The third is Vista," Nash said in an interview with eWEEK.
"We have to get Vista completed with quality and make sure we build a platform that supports the rest of the industry. One of Ben's priorities is to make sure that we're explaining to customers how to take advantage of some of the great technologies we've built," Nash added.
Microsoft is promising that Windows Vista will feature significant security improvements to thwart malware infestation.
Based on the picture painted by the MSRT statistics, Vista can't ship fast enough for Fathi.
Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.
Keylogger spying at work on the rise, survey says
Munir Kotadia, for ZDNet Australia
Published: May 16, 2006
The number of companies reporting a spyware infestation has increased by almost half in the past 12 months, according to a new survey.
In addition, 17 percent of companies with more than 100 employees have spyware such as a keylogger on their networks, said the authors of the annual Websense Web@Work survey, published on Tuesday.
"This is almost 50 percent growth in the instances of keyloggers that organizations are reporting back," said Joel Camissar, a manager for Internet security specialist Websense. "Despite the organizations' having a 'best of breed' antivirus, anti-spyware and firewall, we are still detecting a huge amount of back-channel spyware communication."
Spyware is seen as an increasingly serious security problem, and the U.S. Federal Trade Commission has pledged to take action against companies that distribute it. The software is installed on machines without the owner's knowledge to track their online habits, sometimes via a keylogger, which records the user's keystrokes.
One reason for the growth in corporate spyware infestation is a massive increase in the number of spyware-making toolkits being sold online, said Camissar, who referred to some research that Websense conducted earlier this year in partnership with the Anti-Phishing Working Group.
"In April 2005, there were 77 unique password-stealing applications. In the latest March report, there were 197. Unique Web sites hosing keyloggers in the same time frame have gone up from 260 to 2,157--almost a 10-times growth," Camissar said.
The Websense survey also discovered that companies did not have much faith in their staff being able to distinguish between genuine Web sites and phishing sites, which mimic the online outlets of trusted businesses, such as banks, to try to trick people into handing over sensitive personal information.
"Forty-seven percent of IT decision makers said their employees have clicked on phishing e-mails, and 44 percent believe employees cannot accurately identify phishing sites," Camissar added. "I am surprised that the results are not showing a larger growth in the number of organizations hit by this kind of threat."
Munir Kotadia reported for ZDNet Australia from Sydney.