Silicon Valley Watcher - reporting on the business of technology and media

Mark Coker, representing Exploit Prevention Labs:

Some cyber criminals opened a Google Adwords
account and ran ads posing as trusted organizations like the Better
Business Bureau.  When users clicked on the ad, they were redirected to
a site that installed a post-logger keylogger on their machine (if it
wasn't patched with the lasted MSFT security update).

Exploit Prevention Labs discovered the attack. Roger Thompson CTO at Exploit Prevention Labs posted a video that explains how it was done.

 - - -

Apr 27, 2007

Google AdWords attack documented in new video from Exploit Prevention Labs
Security software developer Exploit Prevention Labs today released a video at http://explabs.blogspot.com documenting how cybercriminals are using Google's popular AdWords advertising system to infect unsuspecting users with malware. As the video shows, cybercriminals ran Google ads for legitimate, trusted organizations like The Better Business Bureau. Read more.

Apr 25, 2007

Google AdWords Falls Victim to Cyber Criminals
Researchers at security software developer Exploit Prevention Labs have uncovered hard evidence that cybercriminals are using Google AdWords to infect unsuspecting users with malware. Under the guise of ads for legitimate, trusted organizations like The Better Business Bureau (see screen shot), unsuspecting users are instead redirected to malicious sites that attempt to install exploits and other malware. Exploit Prevention Labs first learned of this new attack vector April 10 when a LinkScanner Pro user ran a Google search on the phrase "how to start a business". The top-ranked sponsored search listing appeared to be from AllBusiness.com, a legitimate business, yet the hyperlink actually led to a site that attempted to install a password-stealing keylogger on the user's PC. LinkScanner Pro blocked the threat and automatically reported the discovery back to Exploit Prevention Labs researchers, who launched an immediate investigation. Read more.

I'm a big fan of Ray Lane, the former president of Oracle and one of Kleiner Perkins' top VCs. So whenever there's an opportunity to be around the same table I always take it.

Mr Lane is one of the industry's veterans and one of the savviest in the enterprise software industry. And his presence is large, he doesn't need to check himself for commentary, which is great if you are a journalist.

Tuesday evening Mr Lane and executives from security firm ArcSight, plus a couple of c ustomers, plus a bunch of A-list journalists, from WSJ, News.com, etc met for a roundtable discussion on matters of security. The timing was perfect to chat about security with all the talk of 9-11, and the term 9-11 came up many times during dinner.

ArcSight specializes in spotting aberrant behaviors among staff and flagging potential insider criminal activities. Some of those activities could be accidental, such as "forgetting" a laptop filled with sensitive company data in an airport lounge.

Other incidents are part of sophisticated criminal gang activities that could include extortion of corporate executives.

Interestingly, the people that are most watched are those that ArcSight describes as senior level people that hold "the keys to the kingdom." It is these types of insider threats that ArcSight's technology is designed to prevent.

They said repeatedly, that the insider threat is a huge, massive problem--but one that is unmeasurable. So how do we know it is a huge problem if we cannot quantify it?

Janeen Chupa from the London Business School writes...

I read with great interest a few of articles published at your site about the difficult time innovators have in places like London and how that must change. We, at the London Business School, agree and have initiated an annual competition (and to our knowledge the only competition) to try to change that; to foster innovation in at least one sector.

We started the Global Security Challenge to find and select the most promising security technology startups in the world. The goal is to uncover and promote security innovations in the private sector in order to protect critical infrastructure and make citizens safer.

My team used to work in the security-technology space before getting our MBAs from the London Business School (the British Army, US Army, IBM Global Services, NSC) and this is where we saw how difficult it is for security startups to succeed because of bureaucratic hurdles posed by governments and few large integrators dominating that space.

We are hosting a final event this October in London where we will hold both policy and technology-related panels and award the inaugural winner of the most promising security technology business plan. We are fortunate enough to have several key leaders from venture capital and industry supporting the GSC, such as Siemens, NATO, Pentagon, and Carlyle Group.

[Please note this article replaces the earlier one which was a draft and was mistakenly published too soon.]

There has been $8bn of online fraud over the past two years says Consumer Reports in a new investigation that claims one in three Internet users will become a "cybervictim."

In addition, consumers spent $7.8bn on new computers and repairs because of problems caused by viruses and spyware.

Those that fall prey to phishing, in which fraudsters mimic a bank's web site for example, lose an average of $850, a five-fold increase compared with $165 in 2005.

Consumer Reports National Research Center compiled the report from a nationally representative sample of 2,000 households with Internet access.

Here are some findings from Consumer Reports:

Twenty-nine percent of survey respondents said a virus, spyware, or phishing scam caused serious computer problems and/or financial losses in the last two years. And based on survey projections, virus infections prompted an estimated 2.6 million households to replace their computers in the past two years. Additionally, 35% of survey respondents didn’t use software to block or remove spyware. And CR projects that 2.4 million US households with broadband remain unprotected by a firewall.

Spam

The incidence of heavy spam remains as elevated as last year. Survey results indicate that about 795,000 households continued to buy products advertised through spam. Additionally, in 8% of the households surveyed that had children under 18, a child had inadvertently seen pornographic material as a result of spam.

Viruses

The frequency of virus-induced problems is at the same high level as last year. In the latest survey, 39% of respondents reported a virus infection in the past 2 years. Of those, 34% had to reformat their hard drives; 16% permanently lost important data; and 8% had to replace hardware.

Spyware

In the past six months spyware prompted nearly a million U.S. households to replace their computers. Among survey respondents, two of the biggest risk factors for spyware infection were using file-sharing software (like Kazaa) and having minors at home who go online. In homes where children under 18 used the Internet, there was a 28% greater incidence of spyware infection in the past six months than in other homes.

Phishing

Only 8% of respondents submitted personal information in response to conventional phishing e-mails. But the median cost of a phishing incident is up substantially at $850 versus $165 in 2005. New variants on phishing have emerged. “Pharming” infects a computer so that even if you type in a legitimate Web address you’re redirected to a fraudulent site. “Spear phishing” targets email addresses stolen from a company.

Consumer Reports rated commercially available software packages that are designed to protect Internet users from threats. It also created its own computer viruses for the tests. Zone Labs Zone Alarm Internet Security Suite came out top in the tests. Trend Micro PC-cillin Internet Security also did well. Spybot for antispyware was also highly rated.

More information on Consumer Reports security is here.

I recently met with GreenBorder Technologies, a security software company that offers an easy solution to virus, spyware, and trojan threats by isolating each Internet session from the rest of the PC and earlier Internet sessions.

The beauty of the Green Border Pro software is it doesn't need to be updated to guard against new virus signatures or new types of malware. It creates a secluded, virtual Internet session and when you are done, it flushes everything away, in your cache and in temporary files, etc. Once installed it does its work transparently--except for a green border around the page to indicate it is a safe Internet session.

For the past year it has been an enterprise product but it is now being rolled out to consumers, which is a good idea because it is one of those install-and-forget applications. Most of us are fed up of running tech support for our families, guarding home networks against infection and dealing with all the other support problems related to viruses and spyware. If Green Border does its job, that would free up a lot of family time.

I spoke with Bernard Harguindeguy, CEO, he said that he hopes that banks, ISPs and other online companies will help evangelize the product because it helps stop identity theft, stop trojans attacking web sites, and makes security easier.

"With most consumer security software the user is often asked to make security decisions during installation or during use. And that means they can make inappropriate choices. With our product it works in the background and the user is safe from any malicious software," says Mr Harguindeguy.

Jim Fulton, vp of marketing says that the year the product spent in enterprise environments has helped improve the software. "The consumer version doesn't require the same levels of control as the enterprise version making it simple to install and use."

Green Border is offering 10,000 free downloads then it intends to charge an annual license fee. It hasn't decided on pricing but it is considering a $40 per PC annual fee. That seems a bit steep to me, especially when households typically have many PCs sitting around on home networks, that can be a $200 annual bill for just one utility. Even if it is as good as advertised that's a chunk of change that most households won't be able to afford.

Green Border could provide a lot more value if it became part of a say a Yahoo, Google, or an Amazon toolbar. It could protect e-commerce transactions and guard against identity theft on a far larger scale than selling individual consumer licenses. And the big online sites would be able to encourage safe e-commerce before more and more people get burned and stay away from online shopping altogether.

Green Border won't protect from things like phishing, and the Nigerian scams, which are based on social engineering to con money out of people. The social engineering threats are best tackled by educating computer users, and Green Border has materials that show users how to identify and avoid scams and other nefarious activities.

About GreenBorder Technologies

Headquarters: Mountain View, California
Founded: 2001
Funding: Private
Investors: Texas Pacific Group (TPG) Ventures,
Sevin Rosen Funds,
Labrador Ventures
Management: Bernard Harguindeguy, Pres. & CEO
Joanne Syben, VP Engineering
Jim Fulton, VP Marketing
Babak Salimi, VP Bus. Dev.

Download Green Border here.

Press release is here: GreenBorder Launches Web Security Software.

By Deb Radcliff for SiliconValleyWatcher

Just a few days before the presses started rolling on the announcement of Ken Silva as VeriSign's first-ever chief security officer, I was dining with the man over filet mignon and crab at the trendy Tonno Rosso's near San Francisco's wharf, barraging him with questions about the very serious issues faced by internet infrastructure and in particular the DNS system.

VeriSign is the world's largest digital certificate authority, and is steward of the A and J root servers (two of the 13 computers representing the top of the Internet's hierarchy). With 40 percent of North American e-commerce payments going through its gateways, 100 percent of .com registrars running 15 billion queries a day through its system, and 50 percent of North American cellular roamings going through its servers, VeriSign has a significant role in seeing that the Internet infrastructure runs securely.

By Deb Radcliff for SiliconValleyWatcher

I never really thought about the magnetic strip on the back of my credit card until Dan Clement recently sent me a tutorial on how to hack the mag strip to change the information contained inside it. Clement copied the tutorial off a “carder” Web site, where he spends a lot of time looking for stolen cards and information he can use to protect clients subscribing to his Malibu-based credit card protection service, CardCops.

The tutorial explains in great detail how to buy a $725 machine called an msr206 which, along with some expensive software, can be used to "dump" new data into track one and track two of the magnetic strip to change the cardholder name and credit limit.