0

The proliferation of smart phones and tablets is at record levels, and no one sees them stopping anytime soon. With these new devices coming out everyday, remote access and potential for issues to arise will continue to increase as well.

Mobile Security will be a big focus for a number of companies as we shift in 2012, and Trend Micro is here to help.

  

 

As smart phones and tablets enter and traverse networks at record levels, IT administrators will have to find ways to ensure that devices accessing corporate resources are secure.

 

Look no further than Trend Micro Mobile Security.

 There are 3 main technologies behind the security:

1. Walled Garden – essentially keeps network applications (email) completely separate from regular consumer applications

2. Remote Wipe – if the phone is lost or falls into non-company hands, it can be remotely wiped

3. Encryption – the contents of the phone can be encrypted and secure

As a plug-in to Trend Micro’s OfficeScan, organizations can quickly deploy the mobile security app to IOS (iPad & iPhone), Android, Windows, Symbian, and RIM Blackberry devices.

The devices can be remotely provisioned, encrypted and password protected. Remote lock, remote wipe, power-on-password enforcement, and location tracking are some of the key features that you will have at your disposal. Plus you’ll know that your devices will be protected through Trend Micro’s best in class cloud-based threat intelligence, Smart Protection Network, safeguarding against malware, viruses, malicious code and attacks.

Plus the app gives the smart phone user the ability to filter calls and messages. So if an unwanted user is calling and texting you, you can simply put them on the block list and move on.

 The game has changed: Smart Phones and Tablets are omnipresent and being able to prevent enterprise assets from being at risk is key.

eGroup can help.

0

I ran across a very interesting article about a Trojan Virus called Geinimi that has been affecting numerous cell phones around the world.  If anyone has an Android phone or any smart phone for that matter, make sure to keep the lasted and up to date anti-virus application on your phone.  This particular Trojan virus is “designed to allow an attacker access to an Android phone to give them the ability to do anything they wish,” that is something I personally do not want to happen to me and I am sure everyone else will agree with me on that.  Phones now a days, in my opinion, are just as important to protect as your work and personal computers.  

Read more >>

0

Check out this video on how Trend Worry Free Business can help protect your PC. This is a great quick white-board session that illustrates what goes on behind the scenes when you are not protected and you venture upon an infected website – and how Trend can help.

Worry-Free comes in two flavors: You can install it on a server in your environment or you can go with Trend’s hosted option. Both are viable options and it really depends on your business needs.

Here’s a couple highlights on the product Worry-Free Business Security 6.0 Advanced:
• It is #1 for Small Business Security
• InterScan Messaging Hosted Security (IMHS) inbound email traffic protection
against spam and emails which contain malware infected attachments.
• Anti-virus and anti-malware protection with an optimized scan engine using minimal RAM and CPU throttling
• Behavior-based anti-malware monitoring and lock-down protection
• Improved Quarantine
• Smart Scan file reputation technology hosted mainly on the local Worry-Free
Security Server with out-of office computers protected by Trend Micro’s Data
Centers in the cloud
• Smart Feedback to help Trend Micro combat emerging threats
• URL Filtering to restrict users from visiting appropriate or insecure websites
• Web Threat Protection: Web reputation technology stops web threats before they
can download
• Transaction Protector against browser hijacking
• TrendProtect against phishing Web sites
• Location-awareness: maximum security both inside and outside the office
• Wireless Protection
• POP3 Anti-Spam
• USB Device Control to help prevent malware entering your network
• Remote management for clients and servers, even from outside of the office

2

The following is excerpted from a column by Woody Leonhard in the outstanding Windows Secrets email newsletter.

The person or persons who wrote Conficker gave the USB-drive-infection routine a diabolical little twist. As you might expect, the infection comes in the form of an autorun.inf file, which (usually) runs automatically when the USB stick gets stuck in the computer. But the social engineering in that autorun.inf file is quite remarkable.

To see the brilliance in the deception, it helps to understand how autorun.inf files usually work.

Let’s say I put an autorun.inf file on an empty USB drive that includes the following command:

[Autorun]
open=ACoolProgram.exe

Then I stick a file called ACoolProgram.exe on the USB drive. When I plug that USB drive into a stock Vista machine, I get the AutoPlay notification message shown in Figure 1.

Figure 1. Vista’s Autoplay displaying the results of a normal autorun.inf file.

On the other hand, if I wanted to get tricky, I could change autorun.inf so it takes over the default wording on Vista’s Autoplay dialog. This autorun.inf file does that very thing:

[Autorun]
Action=Open folder to view files
Icon=%systemroot%system32shell32.dll,4
open=ACoolProgram.exe

When this file is placed on a USB drive that’s inserted into a stock Vista PC, the AutoPlay notification shown in Figure 2 appears.

Figure 2. Vista’s AutoPlay with a slightly altered autorun.inf file.

Note that the altered file pastes an icon into the AutoPlay notification that looks just like a folder icon. The autorun.inf file can say it’s going to open a folder when in fact it’s going to run an executable program.

When Conficker.B infects a USB drive, it creates just this type of autorun.inf file that pops up an AutoPlay notification identical to Figure 2. Clever — and for PC users, scary. Amazingly, this bit of autorun.inf infectious sleight-of-hand also works on the beta version of Windows 7.

Guide to cleaning and preventing Conficker

As of Jan. 16, 2009, F-Secure estimates in its blog that the number of Conficker-infected PCs jumped from 2.4 million to 8.9 million in just four days. Unfortunately, that number has been increasing by a million infections a day.

I don’t blindly accept F-Secure’s analysis, nor that of any other security-software vendor, but it has become quite apparent that an enormous number of PCs have caught this worm.

Even though a Conficker-infected PC may not be able to access Microsoft.com — and Conficker probably disabled the PC’s automatic-update function, too — getting rid of the worm is surprisingly easy.

Step 1: Check your passwords. If you have an administrator account with an easily guessed password, change it. Microsoft provides a guide to strong passwords that includes a link to the company’s online password checker. If somebody other than you controls your computer’s admin password, make sure that person understands the gravity of this situation.

Step 2: Make sure you’ve installed the patch described in MS08-067. Open Control Panel’s Add or Remove Programs list to ensure that KB 958644 has been installed. Click Start (plus Run in XP), type appwiz.cpl, and press Enter. In XP, make sure Show updates at the top of the window is checked. In Vista, click View installed updates on the left to see all of your PC’s patches.

The update in question was probably installed in late October or November of last year; look for Security Update for Microsoft Windows (KB958644). If this patch isn’t installed, browse to Microsoft’s Download Center to retrieve and install it. If your PC is blocked from visiting this site, use a noninfected PC to download the patch to a removable medium and install the update on the wormed PC from that device.

Step 3: Run Microsoft’s Malicious Software Removal Tool (MSRT). The latest version of this Microsoft tool identifies and removes all of the Conficker variants I’ve heard about. The easiest way to get MSRT is through Windows Update, but if you can’t get through to that service on the infected PC, borrow a computer and download the tool from Microsoft’s site.

Step 4: Disable AutoPlay. If Figure 2 doesn’t convince you of the risk of using Windows’ AutoPlay feature, nothing will. Simply stated, you don’t need AutoPlay that much. Follow the advice in Scott Dunn’s Top Story from the Nov. 8, 2007, issue for comprehensive instructions to disable AutoPlay.

Those four steps will ensure that your PC isn’t one of the million — or nine million, or 12 million — machines currently playing host to the Conficker worm and its variants.

Jonathan Webster, eGroup
www.egroup-us.com

0

Here’s some interesting reading related to the Downadup virus from the SANS NewsBites newsletter. SANS is a computer security training organization (http://www.sans.org/)

–How One Company Cleaned Up The Thumb Drive Attacks- And Learned A Lot In The Process.

From the editor of SANS NewsBites: I received a fascinating note from a manager who registered three people for SANS training this winter despite a corporate ban on nearly all travel and training for the first half of 2009. I had known about his company’s ban so when I saw the three registrations come in, I wrote and asked him what happened. His answer is enlightening; it has to do with the thumb drive infections that are hitting so many people.

Here’s his answer to “Why Did You Send People to SANS This Year When You Have a Ban on Training and Travel?”

Alan,

Take a closer look; you’ll find that 12 or 13 people are coming from (company) to SANS in Orlando, not just my three. The others are coming from other divisions. Here’s why. You remember the big wave of attacks last November where infections were spread by thumb drives. We got hit by that. It is amazing how often people use those things. It spread to dozens of Windows file servers, and from there jumped to thousands of workstation systems. It clogged our networks. It was so bad a lot of machines, including the ones on the top floor of this building, had to be taken off line – and that got some unwanted visibility from the CEO.

We called both our AV vendors but neither had a signature for this virus yet. It took a long time and a lot of pain before we found all the machines that were hit, stop the spread to new machines, and got rid of the (expletive deleted) thing. The whole company – every US division and international was affected.

So what does that have to do with my guys going to SANS? It turns out our CEO was in the UK visiting our facility there and somehow the topic of the virus came up and our UK manager told him it had hardly been a problem at all in the UK. He said his security guys found it within a few minutes and cleaned it out. As you might imagine the CEO’s follow-up email to me was unpleasant. So I called my counterpart in the UK and asked him how he had dealt with the attack so easily. He told me one of his guys knew what to do immediately. He said used the built-in Windows WMIC command to find systems with the malware processes running and that also told him about the changes made by the malware. Then, he used the reg command to remove an entry from the auto-start capabilities of infected machines to stop the malware from running on startup. He also said the reg command let him change the USB and CD/DVD autorun function to stop similar infections. After shutting down the malware and stopping it from spreading, he said he used a couple more techniques to clean up the infected machines quickly. I asked where his guy learned all that. He said at SANS, in a course called 504 which I later learned was your Hacker Exploits and incident Handling class. I reported that back to our CEO. He told me to make sure every division had at least two people who knew those techniques. So, our travel ban was lifted for SANS.

==end==

Here’s a link to info on the WMIC command: http://technet.microsoft.com/en-us/library/bb742610.aspx?ppud=4

Jonathan Webster, eGroup

http://www.eGroup-us.com