2010年8月6日 星期五

FW: NABU Trend Micro Weekly News Summary 08.06.10


-------------------------------------------
From: Andrea Mueller (MKT-US)
Sent: Saturday, August 07, 2010 9:34:28 AM
To: Newsbank; All of Trend Corporate Marketing Department;
All of Trend Global PR; All of US Sales; All of US Marcom Dept.
Cc: Steve Quane (Seg GM-SMB); Thomas Miller (SAL-US); 'Mark Vangel';
Darren Blank (SAL-US); Alan Wallace (MKT-US); Tobias Lee (MKT-US);
Natalie Severino (MKT-US); Dan Conlon (MKT-UK); Mark Beyer (MKT-DE);
Colin Richardson (MKT-UK); Steve Mungall (SAL-US)
Subject: NABU Trend Micro Weekly News Summary 08.06.10
Auto forwarded by a Rule


 

logo

NABU Trend Micro Weekly News Summary

Fri, 6 Aug 2010

View mobile version.

Word version.

RSS.



Trend Micro Quotes

Detecting source rather than code is key, says Trend Micro
Infosecurity, By Staff, Mon, 2 Aug 2010, 696 words
"Organised crime is now commercially produced. The bad guys are trying to break our methods of protection, and one virus has turned into a criminal enterprise of many components. We can no longer focus on detecting code – there's too much of it – instead we need to detect and protect against the source", said David Perry, global education director of Trend Micro.

Koobface gang starts tracking success
IT PRO, By Tom Brewster, Mon, 2 Aug 2010, 216 words
"Let's just hope that a substantial portion didn't fall for the fake YouTube page trick." -- Trend Micro's advanced threat researcher Joey Costoya

Koobface hackers now tracking victims
V3.co.uk, By Phil Muncaster, Mon, 2 Aug 2010, 215 words
"A few days ago, these pages started to include a short JavaScript code which enables the Koobface gang to directly monitor page hits," explained Trend Micro advanced threats researcher Joey Costoya.

Detecting source rather than code is key, says Trend Micro
Info Security, By Staff, Mon, 2 Aug 2010, 696 words
"Organized crime is now commercially produced. The bad guys are trying to break our methods of protection, and one virus has turned into a criminal enterprise of many components. We can no longer focus on detecting code – there's too much of it – instead we need to detect and protect against the source", said David Perry, global education director of Trend Micro.

Infected computers on the rise in GCC
ITP.net, By Vineetha Menon, Thu, 5 Aug 2010, 322 words
"The numbers of compromised machines are a key indicator of how well the cyber criminals are doing in stealing from this region. The visible infections have more than doubled in less than one year. The bad guys are winning because in this region we are not taking security seriously," said Ian Cochrane, marketing manager, Trend Micro Middle East and Africa.

Microsoft plans heavy August Patch Tuesday update
V3.co.uk, By Shaun Nichols, Fri, 6 Aug 2010, 236 words
"There are a few minor fixes for the Mac version of Office and, for those that still feel Macs are not vulnerable, this should be another wake-up call." -- Jamz Yaneza, Trend Micro threat research director

Repetition Breaks Google Audio CAPTCHA
PC World, By Robert McMillan, Wed, 4 Aug 2010, 329 words
Google's Gmail service has been used by spammers, said Paul Ferguson, a security researcher with Trend Micro. And Blogger and Google Groups have been used to spread malware, he added in an instant message interview.
Editorial Comments: Pickup:
Macworld UK
http://www.macworld.co.uk/digitallifestyle/news/index.cfm?newsid=3234206&pagtype=allchandate
PC Advisor
http://www.pcadvisor.co.uk/news/index.cfm?newsid=3234182
PC World India
http://www.pcworld.in/news/google-fixes-audio-captcha-software-flaw-31372010
San Francisco Chronicle 
http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2010/08/03/urnidgns002570F3005978D8002577740082FC83.DTL
Computerworld 
http://www.computerworld.com/s/article/9180118/Repetition_breaks_Google_Audio_CAPTCHA
CIO
http://www.cio.com/article/601963/Repetition_Breaks_Google_Audio_CAPTCHA
Network World 
http://www.networkworld.com/news/2010/080310-repetition-breaks-google-audio.html
IT World
http://www.itworld.com/security/116179/repetition-breaks-google-audio-captcha
Webline India
http://www.weblineindia.com/technology/news/google-secures-audio-captcha-software-error

Zeus botnet plundering the masses and snatching certificates
Tech Herald, By Steve Ragan, Thu, 5 Aug 2010, 773 words
"Certificates, unfortunately, can be copied by any cybercriminal with intent from any company—the antivirus company mentioned in this instance could not have prevented this incident from taking place—and it is likely that we will continue to see more such incidents in the future," Trend added.

Zeus malware used pilfered digital certificate
Computerworld, By Jeremy Kirk, Fri, 6 Aug 2010, 333 words
"Certificates, unfortunately, can be copied by any cybercriminal with intent from any company," Trend wrote. "The antivirus company mentioned in this instance could not have prevented this incident from taking place, and it is likely that we will continue to see more such incidents in the future."
Editorial Comments: Pickup
Yahoo!
http://news.yahoo.com/s/pcworld/20100806/tc_pcworld/zeusmalwareusedpilfereddigitalcertificate
Computerworld UK
http://www.computerworlduk.com/news/security/3234534/zeus-botnet-used-stolen-kaspersky-digital-certificate/
IT World
http://www.itworld.com/security/116521/zeus-malware-used-pilfered-digital-certificate
Network World
http://www.networkworld.com/news/2010/080610-zeus-malware-used-pilfered-digital.html
PC World
http://www.pcworld.com/businesscenter/article/202720/zeus_malware_used_pilfered_digital_certificate.html
Mac World UK
http://www.macworld.co.uk/digitallifestyle/news/index.cfm?newsid=3234513&pagtype=allchandate
CIO
http://www.cio.com/article/602324/Zeus_Malware_Used_Pilfered_Digital_Certificate

Trend Micro Mentions

Poisoned Angelina flick hits torrents
The Register, By John Leyden, Mon, 2 Aug 2010, 170 words
At first the attack was thought to rely on an unpatched flaw in QuickTime, but Apple told Trend Micro this is not the case, and the attack relies solely on social engineering trickery.

The Rising Role of Compliance Social Computing
Network World, By Irwin Lazar, Mon, 2 Aug 2010, 805 words
Companies that provide solutions in this area include Blue Coat, FaceTime Communications in partnership with Blue Coat, Palo Alto Networks, Socialware, Trend Micro, Webroot, WebSense, and Zscaler.

Trend Micro Titanium Security for netbooks
Computeractive, By Will Stapley, Mon, 2 Aug 2010, 402 words
Trend Micro makes much of the fact that there's no Update button. Instead, Titanium continually checks Trend Micro's servers over the internet for information on the latest viruses as opposed to having to download regular updates to your computer.

Anti-Virus industry lacking when it comes to detection says report
Tech Herald, By Steve Ragan, Thu, 5 Aug 2010, 687 words
Cyveillance used their own technology to scour the Web and locate 1,708 Malware samples, and tested them against Trend Micro, Sophos, McAfee, Kaspersky, F-Secure, Dr. Web, AVG, Nod32, F-Prot, Virus Buster, Norman, eTrust-Vet, and Symantec.

Anti-virus software does not make full use of Windows exploit protection features
The H Security, By Staff, Tue, 3 Aug 2010, 373 words
He found that AVAST Home Edition, AVG Internet Security 9.0, BitDefender Internet Security 2010, ESET Smart Security, F-Secure Internet Security, Norton Internet Security 2010, Panda Internet Security 2010 and Trend Micro Internet Security 2010 do not use either DEP or ASLR.

Dell Latitude E5510
BusinessWeek, By Loyd Case, Thu, 5 Aug 2010, 589 words
The trial version of Trend Micro's security software had installed its own NDIS filter driver for network connections. Uninstalling this driver enabled normal network connectivity.
Editorial Comments: Pickup
Network World http://www.networkworld.com/reviews/2010/080410-dell-latitude.html
PC Advisor http://www.pcadvisor.co.uk/reviews/index.cfm?reviewid=3234318
IT Business CA http://www.itbusiness.ca/it/client/en/home/News.asp?id=58652

Fake 'Salt' Delivers Malware
eSecurity Planet, By Staff, Tue, 3 Aug 2010, 87 words
Trend Micro is warning of the use of malicious QuickTime files to infect victims' computers.

IT security products fail to tap Windows security features
Info Security, BY Staff, Thu, 5 Aug 2010, 621 words
"Among the anti-virus products that used neither ASLR nor DEP were AVAST Home Edition, AVG Internet Security 9.0, BitDefender Internet Security 2010, ESET Smart Security, F-Secure Internet Security, Norton Internet Security 2010, Panda Internet Security 2010 and Trend Micro Internet Security 2010", he said.

SAP accepts some liability in Oracle case
Computerworld Blog, By Staff, Fri, 6 Aug 2010, 480 words
Researchers at Trend Micro have found that a widespread piece of malware used a digital certificate from a competing security company's product in an attempt to look legitimate.

 

Full Text

Detecting source rather than code is key, says Trend Micro

"Organised crime is now commercially produced. The bad guys are trying to break our methods of protection, and one virus has turned into a criminal enterprise of many components. We can no longer focus on detecting code – there's too much of it – instead we need to detect and protect against the source", said David Perry, global education director of Trend Micro.

From their Silicon Valley office, David Perry, global education director of Trend Micro, told Infosecurity that it's no longer sufficient to detect code, but instead, it's more productive to detect the source of the code.

"Organised crime is now commercially produced. The bad guys are trying to break our methods of protection, and one virus has turned into a criminal enterprise of many components. We can no longer focus on detecting code – there's too much of it – instead we need to detect and protect against the source", Perry said.

Summarising the Black Hat conference findings, Perry said that "many vulnerabilities in Oracle, Windows 7, etc., have been disclosed, and there are planned demonstrations of how to hack into cell phone conversations at Def Con".

Perry declared "no prominent end to vulnerabilities. There are endless new ways to exploit systems and we're playing a constant race to catch up. People think that [information security] is just one problem, but there are 100 000 problems. Threats are everywhere – not just in email and on the web".

In order to "avoid being bothersome", and remove the burden from the endpoint, Trend Micro have moved their "heavy lifting" to the cloud. As products become bigger over time, explains David Liberman, director of product marketing at Trend Micro, they become visible, and thus bothersome to the client. "People are more concerned with what they can see", he said.

Virtualised security
With the acquisition of Third Brigade a few years ago, which Lieberman describes as "a Swiss army knife that protects servers", Trend Micro were able to move into the protection of virtual environments. "Security is a big concern for companies using virtual environments, and traditional security is not doing the job. It's costing companies money, not saving them any. Traditional security will crash servers and performance will drop as a result". Security, he said, needs to be developed specifically for virtualised environments.

While Lieberman admits that "No [vendor] is perfect in this market", they boast that their smart network detection rate of 96% is ten times faster to react when something "slips through" than any other vendor. "There are 120 000 malware samples every day", says Perry, reasoning that "hackers are intentionally trying to break pattern file network. It's not just anti-virus protection anymore", he said, insisting that they are trying to communicate this to the customer.

Lieberman acknowledges that the state of cybercrime "is bad. Security is not good". In defense of the information security industry, however, he insists that "without us [the industry], you wouldn't dare use the internet. The whole world is moving online, including the criminals, because that is where the money is". Lieberman believes that we are already in a state of cyber-warfare, and predicts that cyber-terrorism is next.

"You need us [the industry] to do what we do. We need more researchers and we need to protect our futures", he said.

A converged market
While Lieberman believes that the information security industry is "hitting a more mature phase", he is confident that new start-ups will continue to enter the industry and bring in innovation, while mergers and acquisitions continue.

"New technologies will continue to creep into address new threats", he said.

Lieberman acknowledged both the benefits and challenges of unified threat management solutions. "While encryption and other technologies become a feature rather than a standalone feature, customers want one vendor to do everything for them. If not, they at least demand that the products talk to each other".

On the other hand, Lieberman admits that there are downsides to UTM. "Some vendors just throw stuff on and customers see through this when performance suffers".

Since Eva Chen's philosophy is "security that fits", Trend Micro's focus is on alliances and partnerships. "We're moving towards open standards", he concludes. 

http://www.infosecurity-magazine.com/view/11416/detecting-source-rather-than-code-is-key-says-trend-micro/

Back to top


Koobface gang starts tracking success

"Let's just hope that a substantial portion didn't fall for the fake YouTube page trick." -- Trend Micro's advanced threat researcher Joey Costoya

The makers of the Koobface botnet are now tracking how popular their trick websites are with a sneaky piece of JavaScript code.

The tracking code has been spotted on fake YouTube pages synonymous with the bot, allowing the gang behind Koobface to monitor page hits, revealed Trend Micro's advanced threat researcher Joey Costoya.

Costoya explained in a blog post that this code is found at the very bottom of the fake pages, below numerous "
" tags.

Data viewed by the researcher from the hit count page showed the gang began using the monitoring method on 28 July and he saw there had been 126,717 unique page hits since then.

"There's no actual data in the hit count page on how many users actually ran the Koobface loader," Costoya said.

"Let's just hope that a substantial portion didn't fall for the fake YouTube page trick."

Koobface has previously targeted online services containing shared content and has hit a number of notable sites since its birth.

Last year, it struck Google Reader users, as well as hitting Facebook, and was ranked as a serious threat by F-Secure.

http://www.itpro.co.uk/625702/koobface-gang-starts-tracking-success

Back to top


Koobface hackers now tracking victims

"A few days ago, these pages started to include a short JavaScript code which enables the Koobface gang to directly monitor page hits," explained Trend Micro advanced threats researcher Joey Costoya.

The hackers behind the infamous Koobface worm, which targets users of social networking sites, have added new code designed to monitor the success of their endeavours, according to security vendor Trend Micro.

One of the key elements of the bot is the use of fake YouTube pages designed to lure victims into installing what they believe is a codec needed to play a video.

 "A few days ago, these pages started to include a short JavaScript code which enables the Koobface gang to directly monitor page hits," explained Trend Micro advanced threats researcher Joey Costoya.

"The tracking code is located at the very bottom of the page, which was pushed way below by a lot of <br> [line break] tags."

According to Costoya, the hourly tracking helps the gang to "correlate the user activity based on time of day and Koobface infection count". There have been almost 130,000 hits since tracking started last week, he said.

The news illustrates once again the increasingly sophisticated methods used by malware writers to improve the success of their initiatives.

http://www.v3.co.uk/v3/news/2267453/koobface-masterminds-tracking

Back to top


Detecting source rather than code is key, says Trend Micro

"Organized crime is now commercially produced. The bad guys are trying to break our methods of protection, and one virus has turned into a criminal enterprise of many components. We can no longer focus on detecting code – there's too much of it – instead we need to detect and protect against the source", said David Perry, global education director of Trend Micro.

From their Silicon Valley office, David Perry, global education director of Trend Micro, told Infosecurity that it's no longer sufficient to detect code, but instead, it's more productive to detect the source of the code.

"Organized crime is now commercially produced. The bad guys are trying to break our methods of protection, and one virus has turned into a criminal enterprise of many components. We can no longer focus on detecting code – there's too much of it – instead we need to detect and protect against the source", Perry said.

Summarizing the Black Hat conference findings, Perry said that "many vulnerabilities in Oracle, Windows 7, etc., have been disclosed, and there are planned demonstrations of how to hack into cell phone conversations at Def Con".

Perry declared "no prominent end to vulnerabilities. There are endless new ways to exploit systems and we're playing a constant race to catch up. People think that [information security] is just one problem, but there are 100 000 problems. Threats are everywhere – not just in email and on the web".

In order to "avoid being bothersome", and remove the burden from the endpoint, Trend Micro have moved their "heavy lifting" to the cloud. As products become bigger over time, explains David Liberman, director of product marketing at Trend Micro, they become visible, and thus bothersome to the client. "People are more concerned with what they can see", he said.

Virtualized Security
With the acquisition of Third Brigade a few years ago, which Lieberman describes as "a Swiss army knife that protects servers", Trend Micro were able to move into the protection of virtual environments. "Security is a big concern for companies using virtual environments, and traditional security is not doing the job. It's costing companies money, not saving them any. Traditional security will crash servers and performance will drop as a result". Security, he said, needs to be developed specifically for virtualized environments.

While Lieberman admits that "No [vendor] is perfect in this market", they boast that their smart network detection rate of 96% is ten times faster to react when something "slips through" than any other vendor. "There are 120 000 malware samples every day", says Perry, reasoning that "hackers are intentionally trying to break pattern file network. It's not just anti-virus protection anymore", he said, insisting that they are trying to communicate this to the customer.

Lieberman acknowledges that the state of cybercrime "is bad. Security is not good". In defense of the information security industry, however, he insists that "without us [the industry], you wouldn't dare use the internet. The whole world is moving online, including the criminals, because that is where the money is". Lieberman believes that we are already in a state of cyber-warfare, and predicts that cyber-terrorism is next.

"You need us [the industry] to do what we do. We need more researchers and we need to protect our futures", he said.

A Converged Market
While Lieberman believes that the information security industry is "hitting a more mature phase", he is confident that new start-ups will continue to enter the industry and bring in innovation, while mergers and acquisitions continue.

"New technologies will continue to creep into address new threats", he said.

Lieberman acknowledged both the benefits and challenges of unified threat management solutions. "While encryption and other technologies become a feature rather than a standalone feature, customers want one vendor to do everything for them. If not, they at least demand that the products talk to each other".

On the other hand, Lieberman admits that there are downsides to UTM. "Some vendors just throw stuff on and customers see through this when performance suffers".

Since Eva Chen's philosophy is "security that fits", Trend Micro's focus is on alliances and partnerships. "We're moving towards open standards", he concludes. 

http://www.infosecurity-us.com/view/11417/detecting-source-rather-than-code-is-key-says-trend-micro/

Back to top


Infected computers on the rise in GCC

"The numbers of compromised machines are a key indicator of how well the cyber criminals are doing in stealing from this region. The visible infections have more than doubled in less than one year. The bad guys are winning because in this region we are not taking security seriously," said Ian Cochrane, marketing manager, Trend Micro Middle East and Africa.

Trend Micro finds Saudi Arabia is the most affected in the region.

Published August 5, 2010 The number of computers infected with malware is increasing in the GCC, security firm Trend Micro warned.


According to data compiled using the Trend Micro's Smart Protection Network technology, there were more than 740,097 active infected machines across the GCC in the month of April, representing a 116% rise in less than a year.


"The numbers of compromised machines are a key indicator of how well the cyber criminals are doing in stealing from this region. The visible infections have more than doubled in less than one year. The bad guys are winning because in this region we are not taking security seriously," said Ian Cochrane, marketing manager, Trend Micro Middle East and Africa.


"I see this growth continuing unless we start to recognize that this region is vulnerable and we start to take steps to protect ourselves," Cochrane added.

Related ArticlesMicrosoft to issue urgent vulnerability fix Cybercriminals capitalise on jailbreak ruling Egypt schools to deploy 10,000 AMD-based

Saudi Arabia has been identified as the Gulf country the most affected. From 2004 to 2009, the number of infected machines in the kingdom grew over 45,000%.


During the same period, the rate of infection in grew 8,932% in Oman, 6,047% in Bahrain, 4,553% in the United Arab Emirates, 4,468% in Qatar, and 1,545% in Kuwait.


Trend Micro Smart Protection Network handles more than five billion URL, email, and file queries in a day.

http://www.itp.net/581348-infected-computers-on-the-rise-in-gcc

Back to top


Microsoft plans heavy August Patch Tuesday update

"There are a few minor fixes for the Mac version of Office and, for those that still feel Macs are not vulnerable, this should be another wake-up call." -- Jamz Yaneza, Trend Micro threat research director

Microsoft is to issue at least 14 bulletins in its monthly Patch Tuesday update on 10 August.

The company said in an advanced notification that it will issue at least eight patches to address critical vulnerabilities and six to address important flaws.

 Microsoft did not release specific data on the vulnerabilities, but said that the applications will include Windows, Internet Explorer, Office and Silverlight.

The update will address all currently supported versions of Windows from XP SP3 to Windows 7 and Windows Server 2008. The fix for Silverlight has been rated critical for versions 2 and 3 of the platform.

Versions 6, 7 and 8 of Internet Explorer are all reported as vulnerable to critical flaws. The update will also include critical fixes for Office XP, 2003 and 2007.

Trend Micro threat research director Jamz Yaneza told V3.co.uk that Mac OS X users should also take note of the update, as the fixes include a patch for the Macintosh versions of Office 2003.

"There are a few minor fixes for the Mac version of Office and, for those that still feel Macs are not vulnerable, this should be another wake-up call," he said.

http://www.v3.co.uk/v3/news/2267735/microsoft-plans-heavy-patch

Back to top


Repetition Breaks Google Audio CAPTCHA

Google's Gmail service has been used by spammers, said Paul Ferguson, a security researcher with Trend Micro. And Blogger and Google Groups have been used to spread malware, he added in an instant message interview.

Google has fixed a flaw in its Audio CAPTCHA software that could have given scammers a way to automatically set up phoney accounts with the company's services.

The flaw was described in a post to the Full Disclosure mailing list Monday. According to the post, anyone could pass a Google Audio CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) test by typing in any 10 words as the response.

CAPTCHA is testing software used by many websites to cut down on online fraud. Sites often use CAPTCHA systems to make sure that new accounts are created by human beings, instead of automated scripts. Typically a CAPTCHA test presents a hard-to-read image of a word, which the user must then type in to prove he is not a machine. The audio version gives visually impaired users a way to use CAPTCHA, by playing a recorded sound of the test word.

According to Harry Strongburg, the Full Disclosure poster who reported the issue, typing "google google google google google google google google google google," for example, would yield a correct response, no matter what the test word.

Google moved quickly to fix the bug after it was disclosed.

"We fixed a bug in our audio CAPTCHA validation last night within a few hours," said spokesman Jay Nancarrow on Tuesday in an e-mail message. "Audio CAPTCHAs continue to function normally."

That's a good thing, because, in theory, scammers could have leveraged this bug to quickly create thousands of malicious Google accounts. Google's Gmail service has been used by spammers, said Paul Ferguson, a security researcher with Trend Micro. And Blogger and Google Groups have been used to spread malware, he added in an instant message interview.

http://www.pcworld.com/businesscenter/article/202476/repetition_breaks_google_audio_captcha.html

Back to top


Zeus botnet plundering the masses and snatching certificates

"Certificates, unfortunately, can be copied by any cybercriminal with intent from any company—the antivirus company mentioned in this instance could not have prevented this incident from taking place—and it is likely that we will continue to see more such incidents in the future," Trend added.

The Zeus Trojan has been busy this year. Just this week alone there have been three incidents and studies related to Zeus that have made headlines, and each one only proves the power this Malware has, and the chaos it can cause.


Zeus hits 100,000 in the UK

Version 2 of the popular Zeus Trojan is responsible for 100,000 infections in the U.K. according to Trusteer. The Malware is being used to control the U.K.-based botnet, and has been harvesting all sorts of data from its victims, including banking credentials.

In addition to the banking details, which include not just usernames and passwords, but credit card data and financial statements, Zeus is harvesting E-Mail account access, browser cookies, client-side certificates, social networking access details, and FTP credentials.

"This is just one out of many Zeus 2 botnets operating all over the world," says Amit Klein, Trusteer's chief technology officer. "What is especially worrying is that this botnet doesn't just stop at user IDs and passwords. By harvesting client side certificates and cookies, the cybercriminals can extract a lot of extra information on the user that can be used to augment their illegal access to those users' online accounts."

"Coupled with the ability to remotely control users' machines, download data and run any file on them, this means that the fraudsters can insert partial or complete Internet pages into a live Web session, enabling to inject transactions at will or extract even more data from the hapless victims," he added.

Trusteer said that their discovery is another example of regional Malware that uses focused and segmented attacks on users.

More than 35,000 snagged in Zeus attack

Another example of the harvesting prowess of Zeus comes from AVG. A new Zeus variant, dubbed Mumba, created a botnet in April that snagged 35,000 victims. AVG said that that the Mumba botnet has stolen more than 60GB of data from its victims including credentials from social networking, banking, credit card, and E-Mail accounts.

The United States had the highest share of PCs infected by the Mumba botnet (33-percent), AVG said, followed by Germany, Spain, the U.K., Mexico, and Canada.

According to the report, AVG said that Mumba is being controlled by the Avalanche Group, who is known for Phishing as well as Malware delivery on Fast-Flux networks. Fast-Flux networks make things harder for those catching criminals, and for their part, it offers the criminals themselves the ability to keep one step ahead in most cases.

"According to a recent report by the Anti-Phishing Working Group (APWG), up until today, the Avalanche fast-flux network was mainly used for Phishing attacks and hosting Malware infections," AVG said in their report.

"The Mumba botnet is probably one of the first to use the Avalanche operation in order to host its stolen goods as well as the Malware infection. This seems to be yet another step in the never ending arms race between the security industry and cyber criminals."

Zeus snatches certificates from Kaspersky

Finally, a report from Trend Micro offers a unique view into some of the more uncommon aspects of Zeus. One of the modules for the Malware system allows a criminal to snatch digital signatures.

While performing diagnosis on some new samples of Zeus itself, Trend Micro discovered several files with a strange digital signature. Worse, the signature belonged to Kaspersky, another well-known security vendor.

"This signature immediately caught our attention, as it seemed to be signed by legitimate antivirus company Kaspersky," Trend explained in a blog post.

"While checking the certificate, we noticed that the hash value applied to the suspect file was invalid. This is because hash values are specific to the original file to which they are applied whereas this particular signature has been stolen. Also, the signature had already expired."

The stolen certificate itself came from Kaspersky's ZBot cleaning tool that targets Zeus installations.

"Certificates, unfortunately, can be copied by any cybercriminal with intent from any company—the antivirus company mentioned in this instance could not have prevented this incident from taking place—and it is likely that we will continue to see more such incidents in the future," Trend added.

Recently, the Stuxnet family of Malware was seen using stolen digital signatures from Realtek Semiconductors Corp. and JMicron Technology.

http://www.thetechherald.com/article.php/201031/5980/Zeus-botnet-plundering-the-masses-and-snatching-certificates

Back to top


Zeus malware used pilfered digital certificate

"Certificates, unfortunately, can be copied by any cybercriminal with intent from any company," Trend wrote. "The antivirus company mentioned in this instance could not have prevented this incident from taking place, and it is likely that we will continue to see more such incidents in the future."

Researchers at Trend Micro have found that a widespread piece of malware used a digital certificate from a competing security company's product in an attempt to look legitimate.

The malware is Zeus, a bot that is used to steal all kinds of data from computers and has proved to be a tricky application for security companies to detect.

The version of Zeus detected by Trend Micro had a digital certificate belonging to Kaspersky's Zbot product, which is designed to remove Zeus. The certificate -- which is verified during a software installation to ensure a program is what it purports to be -- was expired, however.

Also, the malware's hash value, a unique numerical identifier based on the source code for applications, was incorrect, as it was derived on the Kaspersky tool, according to a blog post written by Trend Micro.

Stealing digital certificates is a frequently used technique by malware writers. Two versions of the Stuxnet malware -- designed to steal data from Siemens industrial machines -- also used digital certificates from other software companies. Once it was discovered, the certificates were revoked.

"Certificates, unfortunately, can be copied by any cybercriminal with intent from any company," Trend wrote. "The antivirus company mentioned in this instance could not have prevented this incident from taking place, and it is likely that we will continue to see more such incidents in the future."

Trend said it informed Kaspersky of the certificate issue. The problem again shows the lengths to which Zeus creators go to keep the malware undetectable. Experts at the security company Trusteer said security software suites are often only able to detected about 10% of the active Zeus variants circulating.

http://www.computerworld.com/s/article/9180259/Zeus_malware_used_pilfered_digital_certificate

Back to top


Poisoned Angelina flick hits torrents

At first the attack was thought to rely on an unpatched flaw in QuickTime, but Apple told Trend Micro this is not the case, and the attack relies solely on social engineering trickery.

Cybercrooks have begun using booby-trapped QuickTime files to infect internet pirates' computers.

Malicious files posing as the recent Angelina Jolie film Salt are now available on file sharing networks. When users attempt to view these poisoned downloads a prompt is generated offering to download "update codecs" - actually fake files loaded with Trojan horse malware.

At first the attack was thought to rely on an unpatched flaw in QuickTime, but Apple told Trend Micro this is not the case, and the attack relies solely on social engineering trickery.

The attack is therefore unrelated to the discovery of an unpatched flaw in QuickTime involving the handling of streaming movie files. The flaw poses a crucial code injection attack threat for users of QuickTime version 7.6.6 for Windows, security notification firm Secunia warns.

http://www.theregister.co.uk/2010/08/02/quicktime_trojan_assault/

Back to top


The Rising Role of Compliance Social Computing

Companies that provide solutions in this area include Blue Coat, FaceTime Communications in partnership with Blue Coat, Palo Alto Networks, Socialware, Trend Micro, Webroot, WebSense, and Zscaler.

When it comes to implementing a social computing strategy, many companies still abide by the security axiom of "only allow what is specifically permitted." In fact, according to our latest research, 40 percent of (all?) companies block all access to public social networking sites such as Facebook, Twitter, YouTube, or MySpace. These companies tend to have conservative views toward technology, and consider the risk of allowing access too great—often from both security and productivity standpoints.

Even many of the 60 percent of companies that now allow access restrict it in some way, either by time of day, approved groups (e.g. marketing, customer service, sales), or for specific use cases. We often hear from IT leaders that initial efforts to block access entirely were thwarted by legitimate business needs for the organization to participate in public social networks. In some cases, the path is reactive; access is wide open until someone in legal and/or compliance functions becomes aware of this usage. Often then the reaction is a knee-jerk, "full stop" for any social-computing activities.

There are four primary areas involved in addressing security and compliance concerns related to social computing:

• Breach. Forty-six states, the District of Columbia, Puerto Rico, and the Virgin Islands have adopted legislation requiring notification of security breaches involving personal information. In addition, federal regulations, such as the Health Information Technology for Economic and Clinical Health, contain breach notification clauses.

• Attack. Compliance with legislation and regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI-DSS), mandate organizations implement security best practices to prevent access to sensitive data.

• Unacceptable use. Typically, this is an internal policy that defines the acceptable use of corporate assets. Employees sign off on the policy and its ramifications, often as part of an employment contract.

• Accountability. Specific compliance requirements, such as Financial Services Regulatory Authority (FINRA) 10-6, require logging of trader communications. This may also include an internal compliance requirement to monitor and log communications with a high likelihood of becoming part of litigation and e-discovery.

One of the greatest concerns about social networking is the risk of a sensitive data breach. Social-computing applications are potential conduits to breach sensitive information—specifically, personally identifiable information and protected health information . Examples include a real-time breach in which sensitive information transfers in the clear during, for instance, an IM chat. Another example is a non-real-time breach in which a file transfers (intentionally or unintentionally) as part of a Skype session, for instance. Remember, the breach is the disclosure, not the exploitation of the data.

In addition to the breach challenge itself, there is also the challenge of tracking a breach. Without proper audit controls on all social-computing communications, the organization most likely will be totally unaware of any sensitive data breach. There is an additional concern that even when a company knows of a breach, they may have little recourse to limit its exposure. For example, a team within a manufacturing company sets up a Facebook group to facilitate collaboration on the design of its newest, and revolutionary, manufacturing process. There is an assumption of privacy since the group is closed with the exception of the team's access. However, all it takes is one user without properly set privacy settings whose account is compromised to enable leakage of the group's information. Users may not go through the due diligence required to determine data ownership for materials placed on public social sites.

Sites such as Facebook and LinkedIn are primary targets for cyber criminals. The primary attack vector is sending a legitimate looking link—from a "friend"—that takes the user to an infected Web page. The user opens the Web page, clicks on a link and inadvertently downloads malware, exposing the enterprise to significant risk. As discussed, blocking access to these sites is not absolute so the only option in this case is to block access to bad URLs.

Security practitioners who participate in Nemertes' research indicate this attack vector is becoming one of their greatest challenges. In addition, recent reports indicate millions of compromised or fake Facebook accounts are available for sale. Protecting against these attacks requires, at a minimum, a Web-content-aware firewall with granular filtering to dynamically block access to specific Web pages, and even specific areas of an individual Web page. Companies that provide solutions in this area include Blue Coat, FaceTime Communications in partnership with Blue Coat, Palo Alto Networks, Socialware, Trend Micro, Webroot, WebSense, and Zscaler.

As more companies shift from "block everything" to "block some things," the need for a proactive social security and compliance strategy will continue to gain importance. 

http://www.networkworld.com/community/node/64427

Back to top


Trend Micro Titanium Security for netbooks

Trend Micro makes much of the fact that there's no Update button. Instead, Titanium continually checks Trend Micro's servers over the internet for information on the latest viruses as opposed to having to download regular updates to your computer.

Netbooks might be small, portable and cheap, but they are also relatively low on computing power.

And when it comes to installing and running security software, performance can take quite a hit.

Trend Micro Titanium Security for Netbooks is, as the name suggests, a security package designed specifically for netbooks that aims to have as little impact on performance as possible.

The interface is simple with just three buttons on the main screen: Reports, Settings and Scan Now. Trend Micro makes much of the fact that there's no Update button. Instead, Titanium continually checks Trend Micro's servers over the internet for information on the latest viruses as opposed to having to download regular updates to your computer.

The Reports section provides a graphical guide showing how your PC is being protected. Along with a Threat History timeline, there's also a pie chart detailing the mix of viruses, spyware and other threats that have been detected.

As with most anti-virus programs, you can opt for a full scan or a quick scan. The former will check all files, while the latter speeds things up by concentrating on the locations that are most likely to be infected.

Disappointingly, there's no facility to scan individual files on request, nor is there an option to run scheduled scans.

Titanium certainly didn't take up much memory when running in the background. On our test computer it used less than 14MB, which means it is indeed well-suited to netbooks with a relatively small amount of memory and not much processing power.

It's worth bearing in mind that although Titanium won't hog your computer's resources, it is missing some features that are commonly seen in modern security software. For example, there's no email scanner or firewall included. Despite this, Titanium costs as much as more comprehensive packages such as AVG Anti-virus and Panda Antivirus for Netbooks.

If you want security software that has a minimal effect on performance, Titanium is up to scratch. However, in order to keep its footprint small the makers have ditched some features found in rival products, and with this in mind we would have expected it to be a bit cheaper.

http://www.computeractive.co.uk/computeractive/software/2267473/trend-micro-titanium-netbooks

Back to top


Anti-Virus industry lacking when it comes to detection says report

Cyveillance used their own technology to scour the Web and locate 1,708 Malware samples, and tested them against Trend Micro, Sophos, McAfee, Kaspersky, F-Secure, Dr. Web, AVG, Nod32, F-Prot, Virus Buster, Norman, eTrust-Vet, and Symantec.

A detection rate study of 13 known anti-Virus vendors by cyber intelligence firm Cyveillance shows an initial detection rate of just 19-percent. After thirty-days, the detection rate jumps to 62-percent. This trend, Cyveillance says, shows that traditional anti-Virus vendors lag behind the criminals when it comes to detecting and protecting.

Cyveillance used their own technology to scour the Web and locate 1,708 Malware samples, and tested them against Trend Micro, Sophos, McAfee, Kaspersky, F-Secure, Dr. Web, AVG, Nod32, F-Prot, Virus Buster, Norman, eTrust-Vet, and Symantec.

The test itself ran the Malware against the anti-Virus vendors, using the latest versions of their software, once for the initial detection rate, and then again every six hours for a month. You can read the report itself here.

The initial testing placed ESET (Nod32) at the top, with a day one detection rate of 37-percent. They were followed by F-Secure, Kaspersky, McAfee, Symantec, Sophos, and AVG. After 30-days, the detection rates are all over the place. Symantec, who had an initial detection of 21-percent on day one, increased the detection to 47-percent by the end of the test. Yet that jump is minor compared to AVG, who started with a 13-percent detection rate, and climbed 93-percent on day thirty.

When it comes to lag time, the vendors who had the shortest amount of time (in days) from initial scan to detection were ESET (2.2), Kaspersky (3.8), and AVG (5.2) in the top spots. The slowest vendors were Trend Micro (16.3), Sophos (22.9), and Virus Buster (27.2). 

While the initial detection rates are important, and things look gloomy when you consider the 30-day test overall, there is an interesting set of results for the first eight days.

On day one, as mentioned, the leader in the test was ESET. This remained the same for day eight. However, while the initial detections were dismal for anti-Virus kings AVG, Symantec, Sophos, F-Secure, Kaspersky, Trend Micro, and McAfee, by day eight there was a noticeable jump.

If we rank them not by detection totals, but by the growth in coverage between day one and day eight, the list is rather interesting.

AVG climbed 72 points, to a day eight detection rate of 85-percent. They are followed by Kaspersky (65), ESET (49), F-Secure (32), McAfee (31), Sophos (16), Symantec (15), and finally Trend Micro (12).

[Note: The number in parenthesis is the total percentage increase per vendor (points) from day one to day eight.]

What the points jump from day one to day eight shows is that the majority of the anti-Virus kings are working as hard as they can to boost their coverage, and do a decent job of it too.

Cyveillance didn't mention in their report if there was any behavioral detection coverage allowed during testing, we assume that it was for the sake of argument.

At the same time, many of the malicious sites we test and the Malware samples we come across are usually detected with a signature or behavioral scan. Given the time-based nature of the test, it cannot be reproduced unless 1,708 new samples are collected.

If their report figures show anything, it is that signature-based detection alone isn't enough, and keeping current on security software updates is the best defense a system can have.

The anti-Virus vendors update constantly, and the percentage increase from day one to day eight shows this in full effect. The protection their software can offer is only as good as the latest detections, and behavioral defense is just a single layer to the software that can only do so much. It is a Yin and Yang approach to layered security.

Even Cyveillance, whose report seems to slam the anti-Virus industry, advises that anti-Virus software be constantly updated. In addition, they advise other layers of security, including hardened browser settings and caution when browsing the Web.

http://www.thetechherald.com/article.php/201031/5979/Anti-Virus-industry-lacking-when-it-comes-to-detection-says-report

Back to top


Anti-virus software does not make full use of Windows exploit protection features

He found that AVAST Home Edition, AVG Internet Security 9.0, BitDefender Internet Security 2010, ESET Smart Security, F-Secure Internet Security, Norton Internet Security 2010, Panda Internet Security 2010 and Trend Micro Internet Security 2010 do not use either DEP or ASLR.

According to a blog posting by Brian Krebs, many anti-virus products do not make full use of Windows' Data Execution Prevention (DEP) and Address Space Layout Randomisation (ASLR) features in order to thwart attacks targeted at potential vulnerabilities.

Krebs was prompted to take a close look at anti-virus products following research published by security firm Secunia four weeks ago, which found that hardly any of 16 popular applications examined in the research, including browsers, media players and office applications, utilised Windows exploit protection features. Security products are the first place you would expect to see these used – especially as it isn't that rare for anti-virus software to itself contain vulnerabilities. Although it's possible to get around DEP and ASLR, it does raise the bar for successful exploits.

Krebs checked to see whether various anti-virus products were using DEP and ASLR under Windows Vista (XP does not support ASLR) using Windows' Process Explorer. He found that AVAST Home Edition, AVG Internet Security 9.0, BitDefender Internet Security 2010, ESET Smart Security, F-Secure Internet Security, Norton Internet Security 2010, Panda Internet Security 2010 and Trend Micro Internet Security 2010 do not use either DEP or ASLR. Only Microsoft Security Essentials activates both DEP and ASLR for its processes. Other vendors, such as Avira, McAfee and Kaspersky fail to activate these protective mechanisms consistently for all processes.

According to Krebs, F-Secure and BitDefender are intending to implement support for DEP and ASLR in future versions. Avira also plans to do so in version 11 of its product, as it will no longer support Windows 2000 which has neither DEP or ASLR. Panda does not use DEP or ASLR because it has implemented its own protection mechanism. According to Symantec, DEP at least should already be active in Norton, with ASLR to follow in future versions. ESET, on the other hand, considers Windows' exploit protection features to be inadequate, stating that without sufficient testing ASLR offers an additional attack surface.

http://www.h-online.com/security/news/item/Anti-virus-software-does-not-make-full-use-of-Windows-exploit-protection-features-1049714.html

Back to top


Dell Latitude E5510

The trial version of Trend Micro's security software had installed its own NDIS filter driver for network connections. Uninstalling this driver enabled normal network connectivity.

At first blush, Dell's E5510 Latitude notebook PC is a little on the pricey side. The configuration we tested--which includes 3GB of RAM (2.75GB usable by the 32-bit Windows 7), a 320GB hard drive, integrated graphics, and a crisp 1600-by-900 display--has a suggested retail price of $1490. That may seem a bit stiff, but when I checked the Dell Website, the unit was being offered at a discounted price of $1042--much better.

While even $1042 seems a bit much compared with similarly equipped consumer laptops, the Latitude E5510 offers a number of perks useful in a business environment. Customers buying $25 or more in add-ons can have units customized with specific business applications--even in-house apps can be preinstalled (or images supplied). Every Latitude is built on a common accessory base, so the same docking stations and other accessories can be used, whether you have an E5410, E5510 or 65xx series unit.

The model I tested had an upgraded display--a matte screen LCD (which I prefer to glossy screens) with a native resolution of 1600-by-900 pixels. Colors were crisp, though slightly muted, and standard business apps looked sharp. While you can run games on the Latitude, the performance of Intel's integrated graphics chip is still anemic. The chip here runs better than past Intel graphics, but it remains too limited for current-generation gaming titles.

Video was a little more problematic. High-def video in the form of WMV-HD clips looked good, but most of my clips are pretty sedate. When I popped in the Serenity DVD, I noticed that dark scenes were muddy, and that action scenes had visible motion artifacting. While not severe, these shortcomings did detract from my overall impression of the display.

Performance is about average for this class of unit, posting a WorldBench score of 107. Our review system shipped with the 32-bit version of Windows 7 Professional. Oddly, the unit also had 3GB of RAM, but Dell's Website seems to offer only 4GB as an option. We'd recommend going with a 64-bit version of Windows 7 for a system with 4GB of RAM.

Expansion is mostly through USB 2.0 ports; the Latitude houses four ports, two on each side. Also present is a standard nine-pin RS-232 serial port, a useful addition for businesses still dependent on serial-equipped peripherals. However, the E5510 does not have eSATA ports, support for USB 3.0, or even a digital video output. The only provision for connecting to an external display is a lone VGA connector. Dell's docking stations do offer DVI output if you need digital display support.

Networking is quite good, with 802.11n speeds on a par with those of similar systems. I did run into one odd issue: The Latitude couldn't connect to any other PC on my network, including my server. As it turned out, the issue wasn't the Dell hardware, or Windows 7. The trial version of Trend Micro's security software had installed its own NDIS filter driver for network connections. Uninstalling this driver enabled normal network connectivity.

Overall, the Dell Latitude E5510 epitomizes the "get the job done" orientation of business laptops. While pricey, the actual value isn't in a single notebook, but in multi-unit custom configurability, easy system management, and simple interchange of peripherals. If you're looking for a solid, unassuming laptop for a small or medium-sized business, the E5510 deserves consideration.

http://www.businessweek.com/idg/2010-08-04/dell-latitude-e5510.html

Back to top


Fake 'Salt' Delivers Malware

Trend Micro is warning of the use of malicious QuickTime files to infect victims' computers.

Trend Micro is warning of the use of malicious QuickTime files to infect victims' computers.

"Malicious files posing as the recent Angelina Jolie film Salt are now available on file sharing networks," writes The Register's John Leyden.

"When users attempt to view these poisoned downloads a prompt is generated offering to download 'update codecs' -- actually fake files loaded with Trojan horse malware," Leyden writes.

http://www.esecurityplanet.com/headlines/article.php/3896481/article.htm

Back to top


IT security products fail to tap Windows security features

"Among the anti-virus products that used neither ASLR nor DEP were AVAST Home Edition, AVG Internet Security 9.0, BitDefender Internet Security 2010, ESET Smart Security, F-Secure Internet Security, Norton Internet Security 2010, Panda Internet Security 2010 and Trend Micro Internet Security 2010", he said.

Security writer Brian Krebs says he has conducted a straw poll and analysis of the top IT security applications and found that large numbers of them fail to utilize the standard security features of Microsoft Windows.
The former Washington Post IT security writer – whose Krebs on Security blog is widely read – says he recently highlighted a study showing that most of the top software applications failed to take advantage of two major lines of defense built into Microsoft Windows that can help block attacks from hackers and viruses.

As it turns out, he adds, a majority of anti-virus and security products made for Windows users also forgo these useful security protections.

For his tests, Krebs installed trial versions of a dozen top anti-virus and security suites on a virtual machine running Windows Vista, and then checked each product's executable files using Microsoft's process Explorer tool.

This, he explained in his security blog, "provides a mass of information about processes running on your Windows system, including whether or not those processes invoke DEP and/or ASLR."

"Among the anti-virus products that used neither ASLR nor DEP were AVAST Home Edition, AVG Internet Security 9.0, BitDefender Internet Security 2010, ESET Smart Security, F-Secure Internet Security, Norton Internet Security 2010, Panda Internet Security 2010 and Trend Micro Internet Security 2010", he said.

According to Krebs, Microsoft Security Essentials was the only product that used both ASLR and DEP consistently on Windows Vista – although interestingly, it does not invoke DEP on Windows XP.

"Other anti-virus suites I tested used either ASLR or DEP (or both), but only in some applications that make up the suite", he said, adding that, as an example, McAfee Internet Security's 'mcagent.exe' program runs both ASLR and DEP, while four other executable processes spawned by the program ran DEP but not ASL," he said.

"Similarly, I found that the anti-virus suite from Avira ran its main avguard.exe program in ASLR mode but did not use DEP. The rest of the program files that ship with this product run neither ASLR nor DEP. Kaspersky Internet Security had DEP enabled on just one process (the browser plug-in), and did not invoke ASLR with any program components", he added.

Krebs notes that DEP and ASLR are not panaceas, but that security researchers have come up with a number of clever ways to bypass these protection mechanisms.

"Still, it's interesting to note the lack of these features in anti-virus products for two reasons: First, even researchers who have developed exploits to work around these protections say the two technologies raise the bar significantly for malicious coders", he said.

"Second, anti-virus products are not immune to introducing their own exploitable software flaws", he added.

Because of his findings, Krebs sought comment from all of the anti-virus vendors whose products he examined, with the exception of Microsoft, and received a few responses.

"Most either downplayed the usefulness of the two technologies in combating today's threats, or said that they planned to implement the protections in upcoming releases", he said.

Krebs quotes Mikko Hypponen from F-Secure as saying that adding support for DEP and ASLR in F-Secure's products is on our roadmap, but has not been implemented yet.

This is, he said, "because we've focused our development efforts lately to focus on performance. Once we have this feature ready, it will be available to all of our customers through our update channel."

http://www.infosecurity-us.com/view/11541/it-security-products-fail-to-tap-windows-security-features/

Back to top


SAP accepts some liability in Oracle case

Researchers at Trend Micro have found that a widespread piece of malware used a digital certificate from a competing security company's product in an attempt to look legitimate.

The German software giant SAP said Thursday it would accept liability for some claims made by Oracle in a suit that alleges theft of trade secrets, but it will continue to fight what it called Oracle's "vastly exaggerated" claim for billions of dollars in damages. The development comes about three months before the two sides are due to go to trial, in a case Oracle filed more than three years ago over the alleged conduct of SAP's TomorrowNow subsidiary. TomorrowNow provided maintenance services for customers of Oracle's PeopleSoft and J.D. Edwards software, and Oracle accused the company of downloading software patches and other materials illegally from its customer support website. SAP acknowledged almost from the start that TomorrowNow made "mistakes" and has since shut down the division, which it acquired in 2005. On Thursday, SAP said it would accept liability for Oracle's claims of copyright infringement and illegal downloading, if Oracle in turn agreed to dismiss other claims.

Researchers at Trend Micro have found that a widespread piece of malware used a digital certificate from a competing security company's product in an attempt to look legitimate. The malware is Zeus, a bot that is used to steal all kinds of data from computers and has proved to be a tricky application for security companies to detect. The version of Zeus detected by Trend Micro had a digital certificate belonging to Kaspersky's Zbot product, which is designed to remove Zeus. The certificate -- which is verified during a software installation to ensure a program is what it purports to be -- was expired, however. Stealing digital certificates is a frequently used technique by malware writers. Experts at the security company Trusteer said security software suites are often only able to detected about 10 percent of the active Zeus variants circulating.

Research In Motion and its Blackberry service continue to gain attention from governments that demand unfettered access to residents communications. Lebanon's telecom regulator said Friday that it will start negotiations with Research In Motion to provide the country's security agencies access to communications on the BlackBerry network. The move follows a security assessment of the country's telecommunications networks, Imad Hoballah, acting chairman and CEO of Lebanon's Telecommunications Regulatory Authority said in an interview on Friday. Lebanon joins a growing number of countries that are demanding greater access to data running on RIM's BlackBerry service. Saudi Arabia, the United Arab Emirates, India and Indonesia are all making similar demands over BlackBerry services.

And those are the top stories from the IDG Global IT News Update, brought to you by the IDG News Service. I'm Elizabeth Heichler in Boston. Join us again later for more news from the world of technology. 

http://blogs.computerworld.com/16682/sap_accepts_some_liability_in_oracle_case

Back to top


 

沒有留言: