Group items tagged

Malware writers seem to be targeting the Task Manager with increasing frequency. McAfee's Avert Labs wrote in its blog yesterday of the discovery of a new Trojan it dubbed QTaskMgr-1, which crawls into the registry and disables the Task Manager, Windows Update and Internet Explorer tool bars. Hitting Ctrl+Alt+Del will activate the Windows Security menu, but all functions including Change Password and Lock Computer are disabled.

In reviewing several security articles and blogs about malware characteristics and workarounds, I see a recurring piece of advice: Don't click on any popup or dialog window; instead use the Windows Task Manager to end offending processes. It's good advice, since malware writers-particularly those spreading scareware or bogus applications designed to trick computer users into buying useless security software-are gaming the dialog windows. Users are often presented with the typical option, such as "do you wish to proceed? Yes/No." Hitting either button or even the "X" window closing button will initiate a background process as if the user agreed. Using the Task Manager is the safe way of disabling these processes to allow the anti-virus software to scan and remove the offending code. Or so we think. Malware writers seem to be targeting the Task Manager with increasing frequency. McAfee's Avert Labs wrote in its blog yesterday of the discovery of a new Trojan it dubbed QTaskMgr-1, which crawls into the registry and disables the Task Manager, Windows Update and Internet Explorer tool bars. Hitting Ctrl+Alt+Del will activate the Windows Security menu, but all functions including Change Password and Lock Computer are disabled.

Between insider threats and malware attacks, the idea of trust-but-verify is dead as a security model, according to a new report by Forrester Research. In its place, Forrester analyst John Kindervag contends enterprises should embrace the concept of zero trust, a model where insiders and outsiders are equally untrustworthy, and security administrators stop trusting packets as if they are people. The change, he said, is necessary due in part to the "innumerable instances" of trusted users going rogue on enterprise networks.

The Intrepidus Group reveals some details behind a malware attack that exposed critical systems at an energy company. Using a Microsoft zero-day vulnerability and a bit of social engineering, hackers compromised a workstation and threatened critical SCADA systems, the security vendor says.

Altor Networks' flagship Altor Virtual Firewall (VF) combines a VMware VMsafe firewall with virtual-aware IDS, designed to stop malware outbreaks that can rapidly infect virtual machines. The product is also designed to eliminate blind spots on the network caused by lack of visibility between host servers and VMs. Plus, it gives customers the ability to sail through compliance audits by providing the ability to filter, monitor and report virtual traffic.

Fake AV authors are getting pushy.

Or: Disk encryption is only useful if the underlying system doing the encryption is trusted.