| Full Text |
Ottawa tech to form key part of Trend Micro's new cloud security focus |
| Excerpt: “(Third Brigade’s technology) is our fastest-growing new strategic product,” [Trend Micro CEO Eva] Chen says. “Last year, when we acquired Third Brigade, it was generating $200,000 to $300,000 per quarter. It’s doubled or tripled that in recent quarters, and we’ve seen that the customers who adopt this type of protection are now larger and larger operations.” The “cloud” no longer refers simply to a mass of water vapour in the sky, and as cloud technology begins to gain prominence in the high-tech world, one Ottawa business is set to serve a major role in multinational Trend Micro’s global play.
Trend Micro CEO Eva Chen.
In the year since acquiring Ottawa-based Third Brigade, global security and antivirus firm Trend Micro has seen exponential growth in Third Brigade’s particular area of expertise – host-based and virtualized server protection – says Trend Micro CEO Eva Chen. “(Third Brigade’s technology) is our fastest-growing new strategic product,” Ms. Chen says. “Last year, when we acquired Third Brigade, it was generating $200,000 to $300,000 per quarter. It’s doubled or tripled that in recent quarters, and we’ve seen that the customers who adopt this type of protection are now larger and larger operations.” Ms. Chen, who’s in town to host a dinner and talk tonight about her company’s business roadmap and will be speaking at OCRI’s Technology Executive Breakfast on Tuesday, says she’s been impressed with the local operation’s performance and team and notes she expects Ottawa to be deeply involved in Trend Micro’s new “security for the cloud” focus. The strategy is part of a two-pronged approach to both protect and benefit from the advent of cloud computing and virtualization. The other focus – dubbed “security from the cloud” – will see Trend Micro looking at new ways to use the cloud infrastructure to deliver antivirus and anti-malware technology and keep it up-to-date. Ms. Chen says that while virtualization and hosted servers have made it easier to run a business across multiple locations at a relatively low cost, the volume of servers deployed has also led to greater ease in the spread of malware and viruses. “A lot of bigger companies are building their private cloud and have to have more servers to hold data. Before, people thought that if they were behind a firewall, they’d be safe, but actually, because there are now more users, there also more potentially infected users connecting to the server. "Traditional firewalls can’t stop the infected clients, and there’s a need to put protection around the server,” she explains, adding that about six million types of new malware are created every year. As virtual servers – no longer confined by physical restraints of the server hardware of old – now very easily move from one network segment or data centre to another, security providers have to contend with readding new firewalls at each site. That could be a daunting task given that multiple servers can now be easily created with the click of a mouse. That’s where Third Brigade’s Deep Security product comes in, as the technology allows users to implement a security policy around the server no matter where it’s moved. The goal, says Ms. Chen, is to have Deep Security make up about 20 per cent of the revenues from Trend Micro’s strategic products segment. That division will itself comprise about 20 per cent of total sales, which currently total about US$1 billion. “And it’s still early – it’s just the first quarter. We’ve seen great buildup, with lots of interest from big customers looking at Deep Security,” she says, adding that several of Trend Micro’s sales and marketing offices now specialize in selling the locally developed technology. In fact, in the first three months alone of Trend Micro’s fiscal year, the Ottawa site has attracted four large customers in Japan, the Australian government, and one of the biggest retailers in the United States, along with several health-care customers. The local office has seen no layoffs since the acquisition, which is a testament to the strength of the local talent and the team’s ability to work with Trend Micro’s various other groups cross the world, Ms. Chen says. She notes that Third Brigade founder Wael Mohamed is now executive vice-president of global alliances and is working with the company’s Asian development team to expand the firm’s international reach. The Ottawa office is also co-operating with Trend Micro’s encryption group in the United Kingdom to deal with the issues surrounding the new shared storage model. Ms. Chen notes that the local site’s multicultural makeup likely also played a role in its continued success, given Trend Micro’s own globalized setup. The parent company, which was founded in the United States and is currently headquartered in Tokyo, has 35 business units around the world, with an executive team of 17 people spread out at different sites that speak eight different native languages. “There are maybe 12 or 14 different nationalities in Ottawa … That culture has been a great match for what Trend Micro has, and we’re very, very happy with the integration of the Ottawa team,” she says. “Everyone is very creative, open-minded, and it’s very easy for them to communicate with any of the groups around the world.” She confirms there are plans to grow the Ottawa office, although there are no specifics at the moment. “From what I can see, Deep Security has great potential, so we want to make sure there’s the right size of team to support the product … it will be proportional to how the product sells and how market share grows.” Ms. Chen adds: “Ottawa will obviously be the centre for network security and also centric to starting new strategic products … It will be a demo site for Trend Micro in security for the cloud.” |
| Back to top |
|
|
| |
| Excerpt: "Every time we come out with advice, the bad guys take it and come out with something else," said David Perry, global director of education for Trend Micro. LAS VEGAS -- Corporations should institute daily one-minute Internet safety lessons that users must complete before they are allowed online, a security expert told Interop attendees this week, but he said even that might not work because attackers pay more attention to the advice than those it is intended to protect.
10 of the world's strangest social networks
As security pros publicize best practices, cybercriminals are taking note and using the information as a way to plot new exploits that circumvent the latest countermeasures, said David Perr y, global director of education for Trend Micro. "Every time we come out with advice, the bad guys take it and come out with something else," he said.
A daily reminder to users about safe practices would keep the problem in mind and also emphasize that corporate IT takes the issues seriously and so should they, Perry said. "Training should be established and maintained on a small-message, daily basis," he said.
One of the biggest Internet threats to corporate security and personal privacy is social networking, he said, as reflected in the name of his Interop talk, "Anti-Social Networking".
Given the seemingly irreversible popularity of sites such as Facebook, Twitter and LinkedIn, everybody better get used to a never-ending battle against malicious activity. "Social networking is here to stay; we cannot avoid it," Perry said, so education and vigilance are needed. The only sure way to avoid malware and revealing too much personal information thr ough social networks -- stop using social networks -- is not a possibility for the masses.
But Perry did offer a list of tips for safety when using the sites such as employing strong passwords that are unique for each site, denying use of all applications offered on the sites, learning what sensitive data is and don't post it, don't identify family members, don't friend people you don't already know, don't chat and don't answer surveys.
He noted that seemingly innocuous information posted to these sites can be valuable to criminals. For example, if a person mentions their grandfather's full name and it doesn't match their own last name, it's likely that is the person's mother's maiden name -- a fact often used to identify people for authentication purposes, Perry said..
If you post a photo of your dog Fluffy, that gives hackers a potential password to try out, he said. Friends of friends on Facebook can see a user's list of friends, and using any applica tion on Facebook enables hackers to see a user's page including their inbox, he said.
Data mining among these sites can produce extensive dossiers on individuals, far beyond what they might expect. "Google probably knows more about you than your therapist," Perry said.
What people lose on these sites is secrets, but because they don't lose actual possession of their secrets, they don't realize they have been taken, he said. "You've still got it, but so do they, and you don't know," he said.
Social networking is so pervasive that Perry has heard of U.S. troops in Afghanistan Tweeting to each other in code on unauthorized wireless networks (called Hajj networks) about imminent threats on the battlefield.
Well-organized criminal groups are behind most of the exploits distributed through social networks and are so sophisticated that within just a few years every machine hit by malware will be hit by a unique version never used before. Already malware is developed, used for 15 minutes or so, then retired, making traditional signature-based antimalware ineffective, Perry said
These criminal groups are large -- one had a 500-person call center -- and sophisticated; they offer service plans and upgrades. "People used to say the Internet was the Wild West," he said. "Now it's Depression-era Chicago with crime lords."
A combination of education and defenses that rely on the reputation of Web sites and e-mail addresses will have to evolve.
"It's going to take a village to protect your computer," Perry said. |
| Back to top |
|
|
| |
| Excerpt: Looking back at the days of ILOVEYOU, David Perry remembers it felt like a crisis, but now it seems like the good old days. The problems were so manageable, the solutions fairly straightforward. Now they get 100,000 unique malware samples a day. Where's the love? 10 years ago this coming week an important and unpleasant event occurred: The ILOVEYOU virus. It was, at the time, the biggest malware event ever, and inspired a generation of script kiddies and greedy, sociopathic programmers. I asked Dave Perry of Trend Micro, an old pro in the field, about the lessons of the Love Letter.
It hit on May 4th, 2000. Like all e-mail viruses of that age it was right out there in the open: The subject line was "I love you"—a notion appealing to many of us, and sent before we all learned to be skeptical of unsolicited solicitations in e-mail.
Within a few days it had received massive publicity and yet people kept clicking the attachment, named "LOVE-LETTER-FOR-YOU.TXT.vbs". This immediately raises one of the lessons learned, and one not learned, from this attack: For many years now, many e-mail clients, including Microsoft's, block directly-executable attachments like .vbs (VBScript, run by the Windows Script Host program). On the other hand, Microsoft continues to identify file types inconsistently: The last, and operative extension, may be hidden from the user's view, leaving the ILOVEYOU file named "LOVE-LETTER-FOR-YOU.TXT".Thus many users assumed it was a plain text file.
The author of the worm, Onel de Guzman of the Philippines, was arrested with a co-conspirator Reomel Ramones. The two were released when the authorities realized there were no laws in the Philippines against writing malware. De Guzman had been forced to drop out of a University because his thesis, a proposal for commercializing a password-stealing trojan horse, was rejected by the faculty. Perry adds that de Guzman had applied for a job at Trend Micro's Manila offices shortly before ILOVEYOU hit the fan.
Once run, the worm overwrote existing system files with copies of itself. Music files, multimedia files and others were transformed into relaunch points for the worm if it should be removed. It also used the victim's mailbox as a source for it's next spreading. This is why the social networking worked so well—you would almost always know the sender. It wasn't the first example of social engineering; Melissa, which used porn as a lure (a list of passwords for X-rated web sites). "I love you" is a much better appeal in so many ways.
So the obvious contribution of ILOVEYOU was great social engineering, but Perry says that there was a more important change in the technology that it, along with Melissa, spurred: Prior to these new e-mail worms, malware was largely invisible. Attacks infected files or boot sectors of computers. They were rarely destructive, at least on purpose. For a sense of malware of the 80's and 90's, see the VSUM database.
Prior to the e-mail worm phenomenon, few people took malware seriously; in 1988 Peter Norton actually said "We're dealing with an urban myth. It's like the story of alligators in the sewers of New York. Everyone knows about them, but no one's ever seen them." (In fairness to Norton, that was a very long time ago.) But it's true that the average user just wasn't all that worried about malware, or even aware of it, before ILOVEYOU.
There followed a several year period in which the majority of malware was highly-visible. Every few weeks saw another major e-mail worm outbreak. Advances in security software and changes in client programs, such as blocking executable attachments, turned the corner on these worms.
This highly-visible wave of malware brought massive growth in the anti-malware business and raised awareness of malware. Eventually, users got used to the idea that these things were real and ubiquitous, and that they had to be careful about opening unsolicited messages and files from the Internet.
Malware authors learned too. Today, malware is again largely invisible. One major category is visible: fake anti-virus, and that is the ultimate in social engineering malware. Other trojans and rootkits exist to hide from the user, giving them no clue they are running as they steal passwords and credit card numbers.
Looking back at the days of ILOVEYOU, Perry remembers it felt like a crisis, but now it seems like the good old days. The problems were so manageable, the solutions fairly straightforward. Now they get 100,000 unique malware samples a day. Where's the love? |
| Back to top |
|
|
Interop: Mobile Security Is Weak Link Despite their growing prevalence in the enterprise, smartphones are the poor cousin when it comes to data protection—and that has to change. |
| Excerpt: "The smartphone puts the same data you have on a laptop out into the field," said panelist David Perry, Global Director of Education at Trend Micro. Perry said 100,000 new pieces of malware make their way into the wild every day. The risk is such that "I don't have any important data with me ever," said Perry. While most enterprises have well defined policies for securing laptops and PCs, many still treat mobile devices as an afterthought even though the latter are increasingly likely to be in widespread use and contain valuable corporate data.
"The smartphone is the new computer--we're seeing that on steroids now," said InformationWeek.com editor-in-chief Alex Wolfe, who moderated an Interop Las Vegas panel Wednesday called Mobile Security: New Challenges—Practical Solutions.
"But security is the elephant in the room," said Wolfe.
And it's likely to be a growing problem for businesses. Gartner predicts smartphones will surpass PCs and laptops as users' primary computing devices by 2013, when more than 600 million units will be in use.
"The smartphone puts the same data you have on a laptop out into the field," said panelist David Perry, Global Director of Education at Trend Micro. Perry said 100,000 new pieces of malware make their way into the wild every day. The risk is such that "I don't have any important data with me ever," said Perry.
For CIOs and other tech officials, ensuring mobile security is more challenging than locking down PCs due to the number of platforms on the market—combined with the fact that employees tend to use their personal devices for work-related tasks.
"There's a consumerization effect occurring," said panelist Khoi Nguyen, group product manager for Symantec's Mobile Security Group.
Indeed, major platform providers like Google, Microsoft, RIM, and Symbian all have their own methods of implementing security standards and features. And if HP can restore Palm's status as a significant player in themarket through its proposed, $1.2 billion buyout, IT managers' multi-platform inspired headaches could get worse, said Khoi.
Still, there's an upside to the diversity—at least for now. "The main advantage for mobile (from a security standpoint) is that no one OS is dominant," said Perry. As a result, hackers get more bang for the buck targeting the homogenous PC market, where 90% of computers run Windows.
But with mobile devices becoming ubiquitous in the w orkforce, many believe it's only a matter of time before they become the primary target for malware, phishing schemes, and social engineering attacks. That means enterprises need to start developing comprehensive mobile security practices and policies now.
Panelist Jay Barbour, an advisor at RIM's Blackberry Security Group, said there are a number of steps IT departments can take to enhance mobile security. One major point of vulnerability is user-downloaded apps that trick individuals into giving away sensitive information.
"All you need is a bit of social engineering and the data is gone," said Barbour.
Downloads can also contain exploits that target corporate networks. To counter that, enterprises should "sandbox" non-business apps so they can only get to the Web and not to the network, he said.
Other steps enterprises can take to thwart mobile attacks include employing hardware-based code verification to prevent OS compromises, tamper resistan t hardware, and denying full admin privileges to end users.
"Users are always going to make critical mistakes," said Barbour.
Finally, enterprises need to fully educate employees on the consequences of data loss—both to the organization and to their careers—and the fact that it's their responsibility to maintain physical control over their smartphones.
"The biggest risk is still the lost device," said panelist Ryan Naraine, senior security evangelist at Kaspersky Lab. "And that becomes the CIOs problem." |
| Back to top |
|
|
| |
| Excerpt: David Perry, global director of education for security software maker Trend Micro, is a 22-year veteran of fighting malware. He gave TechNewsDaily a guided tour of malware's trinity, the three most likely sources of malware infection. Web security and the vexing problem of malicious software made headlines again last week when computer antivirus software maker McAfee sent out a botched update that crashed thousands of computers around the world.
Such hiccups in computer security software are rare. What isn't rare is the damage caused by the malicious software known as malware that antivirus software is designed to thwart. Last year hackers stole approximately 130 million credit card numbers, according to an Internet Security Threat Report released this month by security software maker Symantec. And in the third quarter of 2009 alone, there was over $120 million in reported losses due to online banking fraud.
David Perry, global director of education for security software maker Trend Micro, is a 22-year veteran of fighting malware. He gave TechNewsDaily a guided tour of malware's trinity, the three most likely sources of malware infection.
Trojans
Ground Zero for malware is the Internet itself. The Web is by far the most common vector for malware infection, Perry said. "The most universal thing of all that's involved in cyber bad guy activity is the Web."
Users don't even have to click anything on websites to infect their computers. Just looking is enough. "Look at the web page and Bang!, you're infected without so much as a how-do-you-do," he said.
Forsaking Internet Explorer and replacing it with another browser such as Firefox won't give you much protection either, Perry said. Malware is basically equal opportunity when it comes to browsers and browser plug-ins.
A Trojan downloader is the most common malicious software to get hit with, he said. A Trojan is any program that pretends to be something other than what it really is — a downloader is a program that downloads another program. "It's like Robin Hood," Perry said. "He shot an arrow with a string over a tree branch. He used the string to drag up a rope and the rope to drag up a basket of stuff."
In the past, sites devoted to porn and file sharing were the usual suspects for being sources of infection. "It used to be true," but no longer, Perry said. “We’ve seen government agencies and the Roman Catholic Church get infected; we’ve seen railroads and airlines and the British Museum get infected. There is no safe web page.”
To make matters worse, infected computers are often asymptomatic and appear to be functioning normally. Many Trojan viruses don't slow your computer down or make your cursor go crazy. Like high blood pressure, malware is a silent killer.
"Unfortunately, there's a big cognitive disconnect on the part of users who have seen movies where the virus comes on the screen and announces that it is infecting you," Perry said. "Any malware you see today will be by design as symptom free as they can possibly make it."
Botnets
The web is also where you risk contracting a drive-by bot infection that will enlist your computer as an agent in a fraudster's arsenal.
"A botnet is a collection of infected PCs that the bad guys now own," Perry said. "Botnets are the source of all spam – they're used for ID theft, extortion, industrial espionage and finding other web pages to infect. I would call it the Swiss Army Knife of the malware world. It does a lot of things for a lot of people."
Like the majority of malware software, botnets are asymptomatic. Until you wake up and find your bank account has been drained, that is, or discover that your ID has been appropriated for use by someone else.
Scareware
Fake antivirus programs, which are often referred to as "scareware," is the third and arguably most irritating leg of the malware stool.
With scareware, a warning pops up on your computer screen telling you that your computer is infected and attempts to sell you a program to disinfect the program. This is the ultimate no-win situation.
If you click anywhere on the warning, you get infected. If you ignore the warning, it will never go away. And if you fall for the ruse and buy the fake antivirus program, your computer will then become another warrior in the scammer's botnet army.
"This is the one thing in the world of malware that is visible," Perry said. "If you're infected, you'll know it because it's visible and bugs you all the time."
If you think you can simply hit Alt-Control-Delete — the keyboard combination that brings up the Task Manager in Windows — to rid shut down the offending program, think again. Many malware programmers expect panicked users to do this, and create fake Task Manager windows that trigger the infection.
So how big is the problem? Over 100,000 new Trojan downloaders are created every day, Perry said. Most computer users aren't knowledgeable enough to deal with the problems themselves without help, he added. "It's too vast and too pervasive."
The best defense, he said, is to install a suite of Internet security software and religiously update it.
"For right now, count your change and watch your Ps and Qs," he said. "There's no way to easily tell that something wrong is going on on the Internet."
If you’d like to learn more about the dos sand don’t of practicing safe computing, a good place to start is 13 Ways to Protect Your System, a list of security tips from McAfee’s Threat Center. |
| Back to top |
|
|
| |
| Excerpt: Malicious code designed for banking fraud has been around as far back as 2003, says Jamz Yaneza, threat researcher manager at Trend Micro. At first, it was hard to tell what was causing the "phantom" money transfers from the online bank account of a small North Carolina company. Investigators didn't know if the fraudulent wire and Automated Clearing House transfers were caused by an insider or malware, recalls Don Jackson, director of threat intelligence with the Counter Threat Unit at SecureWorks, an Atlanta-based security services provider.
But the cause became quite clear when Jackson and his team examined the bookkeeper's computer: an infection by the Zeus Trojan. "In the past, Zeus was just spyware and wanted user names and passwords," he says. "This was the first banking version of Zeus. It got into the browser and changed things on the fly."
The malware caused the business to lose nearly $98,000, Jackson says. That was in late 2007. Today, criminals are usin g the Zeus crimeware kit with astonishing success, pulling off six-figure heists from the online bank accounts of scores of small businesses, municipalities and nonprofits. The Federal Deposit Insurance Corporation estimates losses from fraudulent electronic funds transfers in the third quarter of 2009 at about $120 million. The attacks have been mounting over the past 18 months or so and haven't slowed, experts say.
Zeus is among an emerging brand of stealthy malware that steals online banking and other sensitive credentials with ever changing capabilities to evade detection and defeat security controls. Bought and sold on the Internet and continually upgraded with new features, Zeus and its ilk represent the evolution of malware into a vast commercial enterprise. Banker Trojans accounted for 61 percent of all new malware in the first quarter of this year, according to a recent study by Panda Security. It's become an arms race with the criminals behind these malware- fueled business operations, says Joe Bernik, CISO at Fifth Third Bank.
"They're constantly looking for ways to improve the functionality to overcome whatever technical controls the financial services industry or whatever industry they're targeting puts into place," he says.
Malware has replaced phishing as the top threat, says David Shroyer, vice president of online security and enrollment at Bank of America. "The speed of evolution and the shifting of threat vectors are astounding. It's light speed, so we have to be on our toes to protect our customers and our industry," he says. "What I'm seeing in the industry is this is now the big thing we're all worried about and we're cooperating like we never have before."
Let's take a closer look at Zeus, its emerging competition in the banking malware market, their impact, and how the financial services industry is responding.
ESCALATING BATTLE
Malicious code designed for banking fraud has been ar ound as far back as 2003, says Jamz Yaneza, threat researcher manager at Trend Micro. Most early banking malware came in the form of keyloggers, which captured all kinds of sensitive information, not just online banking credentials.
In the U.S., banks stepped up their defenses against spyware and keyloggers with added security, particularly two-factor authentication. In 2005, federal banking regulators issued authentication guidance for online banking, and regulators say attacks dipped for a couple years. Criminals had to figure out a new method of attack.
"Banks and online providers have done a good job putting in place authentication methods that made it hard for the criminals to make money," says Laura Mather, co-founder and CEO of Silver Tail Systems, a Palo Alto, Calif.-based provider of fraud prevention systems. "The bad news is the criminals didn't give up. They had to employ even more sophisticated technology in order to subvert the pro tections that have been put in place."
Fraudsters shifted their focus to malware because their returns from phishing were diminishing, says Sean Brady, identity protection and verification product marketing manager at RSA, the security division of EMC. "The more sophisticated groups were willing to put the extra investment into Trojans because they demonstrated return," he says.
To circumvent strong authentication methods, criminals have to impersonate the victim, Mather says. "Instead of just having a password, they have to look just like the victim, so they're accessing the victim's account from the victim's own computer, which means they have the correct IP address. It's very difficult for the bank to tell the difference between the malware and the legitimate user," she explains.
The Silentbanker Trojan, which surfaced a couple years ago, had this interception functionality but Zeus and other newer banking Trojans have honed it, experts say. Today's b anking malware attacks a victim's Web browser instead of the online session, Bernik explains: "It modifies and intercepts the data that is being passed to the browser and it can actively modify Web pages."
Criminals have used Zeus to add fields to obtain additional data for authenticating to a bank website and to alter balances to hide fraudulent withdrawals. Researchers have detected variants of Zeus that have used the Jabber instant messaging protocol in order to use stolen credentials in real time and circumvent the security provided by one-time passwords tokens. Victims often receive an error message as the fraudster uses his or her credentials behind the scenes.
These kind of man-in-the-browser attacks are much harder to detect than the older man-in-the-middle attacks where the hostile party inserts itself between the authenticating server and the valid user, Bernik says.
"It becomes increasingly difficult for financial institutions to detect becaus e some of the defense mechanisms we were using such as device ID and geo ID have limited value when dealing with a man-in-the-browser attack," he says.
A FORMIDABLE FOE
Zeus, also called Zbot, has been the most pervasive and damaging banking malware so far to date, researchers say. According to Microsoft, infections by Zeus have skyrocketed in recent months.
The malware spreads via phony emails that pretend to notices from legitimate organizations like NACHA, the association that oversees the Automated Clearing House (ACH) network, spear phishing emails targeting specific individuals and containing links to malware-rigged websites, and drive by downloads. Researchers believe criminals in Eastern Europe, particularly Russia and Ukraine, are behind the Zeus-fueled attacks.
The Zeus crimeware kit has three components, according to an analysis by Trend Micro: the Trojan, a configuration file, and a drop zone where stolen credentials are sent. After th e Zeus Trojan is executed, it downloads its configuration file from a predetermined location then waits for the victim to log in to a particular target included in the configuration file, Trend Micro researchers say. Criminals conduct extensive research on banking websites to hone their attacks.
"They will do extensive research on the sites -- logging in, understanding the page flows and thresholds to perform transactions with, down to the HTML code of the actual pages because they will frequently use that knowledge to manipulate the page in the user's browser," Brady says.
The highly configurable nature of Zeus is one of its most powerful aspects, experts say. "Zeus is a lot of different botnets," Mather says. "Criminal A can buy Zeus and have his own command-and-control and his own botnet, and criminal B buys Zeus and has his own botnet that will be different from criminal A's because it's targeting victims in South America while the other is targeting victim s in Europe."
Earlier this year, security firm NetWitness reported finding a 75GB cache of stolen data, including credentials for online banking sites and social networks, from more than 74,000 Zeus infected systems; the company named the infected PCs tied to the Zeus attacks the Kneber botnet. In March, security researchers reported ongoing efforts to shut down Kazakhstan-based Troyak.org, an ISP serving a large chunk of a Zeus botnet. Spanish authorities in December shut down the Mariposa botnet, which stole banking and other sensitive data by infecting 12.7 million computers with Zeus and other malware.
East European cybercriminal operations using the Zeus malware kit have capitalized on the recession to successfully recruit "money mules" in the U.S. to move money siphoned from business online banking accounts, experts say. Fraudsters lure money mules over the Internet with bogus work offers and use them to receive the stolen funds, instructing them to wire money overseas after deducting a commission. Oftentimes, the money is stolen in amounts less than $10,000, apparently in an attempt to not to trigger Suspicious Activity Report (SAR) requirements.
Jackson and other researchers at SecureWorks have been tracking each new version of the Zeus Trojan, which is constantly updated with new functionality. In March, they wrote that the latest version featured a level of control they hadn't yet seen in malware: a hardware-based licensing system so the malware can only be run on one computer. "Once you run it, you get a code from the specific computer, and then the author gives you a key just for that computer," wrote Jackson and Kevin Stevens, security researcher at SecureWork's CTU.
A beta version of a new Zeus variant they examined this spring featured polymorphic encryption, which allows it to re-encrypt itself each time it infects a computer, making each infection unique and harder for antivirus systems to catch, Ste vens says.
Various modules, including a Firefox form grabber, a Jabber chat notifier, and Windows 7/Vista support, for Zeus are available on the Internet for prices ranging from $500 to $6,000, according to SecureWorks.
The developers behind Zeus also are very sensitive to detection rates of their malware by antivirus systems, says Mickey Boodaei, CEO of online security provider Trusteer. "Each variant they release goes through a kind of quality assurance process to make sure it's not detected by many antivirus solutions," he says.
New York-based Trusteer released a study last fall that showed the Zeus Trojan infecting PCs with updated antivirus software 77 percent of the time.
THE COMPETITION
While Zeus has proven the most popular toolkit for criminals targeting online banking, the Clampi Trojan has also done its share of damage. Jackson says it's the number two threat to online banking after Zeus, but isn't available for sale like Zeus; r ather, it's used by one criminal group in Eastern Europe.
Like Zeus, Clampi has advanced man-in-the-browser capabilities and uses state-of-the art polymorphic cryptors to conduct fraudulent ACH and wire transfers, according to Jackson. SecureWorks last summer documented the Clampi Trojan and how it targeted thousands of websites, including large banks, small banks and mortgage companies. Those behind Clampi use encryption adeptly, making it difficult for researchers to track it, Jackson says: "It flies under the radar a lot."
Last fall, Finjan researchers reported a new bank Trojan that criminals used to intercept online banking sessions and steal thousands of euros from German accounts last summer. URLzone minimizes the risk of being detected by banks' antifraud systems by systematically transferring random, moderate amounts of money from compromised accounts. According to RSA researchers, the Trojan uses money mules in a highly sophisticated way in order to f oil researchers trying to identify the mule accounts it's using: It if detects that a computer isn't part of its botnet, it delivers a fake mule account to the researcher's computer.
The Silon Trojan, meanwhile, targets only customers of major U.K. banks and has managed to infect thousands of computers, according to Trusteer. Silon steals banking credentials, bypasses specific security controls and can update itself to counter banks' defensive measures.
Earlier this year, SecureWorks researchers discovered a new banking Trojan designed to facilitate fraudulent ACH and wire transfers. Bugat's capabilities include many of those common in banking malware, including Internet Explorer and Firefox form grabbing and stealing and deleting IE, Firefox and Flash cookies. Bugat mainly targets regional banks and smaller national banks, Jackson says. "It's fairly sophisticated, but not up there with Zeus and Clampi," he adds.
However, the emergence of Bugat indicates the strong demand for malware to commit financial fraud, according to SecureWorks. Indeed, the competition for Zeus appears to be heating up, especially with the emergence of SpyEye. According to Symantec, the first version of the malware kit appears for sale on Russian underground forums in December. Retailing for $500, "it is looking to take a chunk of the Zeus crimeware toolkit market," Symantec researchers wrote..
The SpyEye toolkit is similar to Zeus in many ways and is updated regularly with new features, including one called "Kill Zeus" designed to delete Zeus from an infected system and leave just SpyEye running, Symantec researchers noted.
THE FALLOUT
Government agencies and financial services associations began sounding the alarm about a sharp increase of fraudulent ACH and wire transfers hitting small and midsize businesses last August. In November, the FBI estimated that the fraudulent activity had resulted in approximately $100 million in a ttempted losses.
"We're not hearing about it as much on the consumer side. It does happen, but these bad guys are going after the big fish," says Bill Nelson, president and CEO of the Financial Services Information Sharing and Analysis Center (FS-ISAC). "They're sending spear phishing emails to individuals at businesses they've checked out."
Investigative reporter Brian Krebs has documented many cases in which small businesses and municipal agencies have lost thousands of dollars through fraudulent money transfers. Oftentimes, Zeus is cited as a culprit, such as in the case of small New York marketing firm that lost $164,000 after a Zeus infection. Business banking customers hit by online banking fraud typically lose out because they don't have the same regulatory protections to limit losses from fraudulent electronic funds transfers as consumers.
The fraud surge has led to a spate of lawsuits. For example, Bullitt County in Kentucky sued its bank, First Federal Savings Bank of Elizabethtown, last summer after cybercriminals stole $415,989 through fraudulent ACH transactions, according to court documents obtained by The Courier-Journal. The bank, which claims the county's security failures led to a Zeus infection, refused to reimburse the county for $310,176 that wasn't recovered.
In another case, which has been widely reported, Hillary Machinery of Plano, Texas was sued by its former bank, Dallas-based PlainsCapital, after being victimized by online banking fraud late last year. Hillary countersued the bank over the cyberheist, in which criminals stole about $800,000; PlainsCapital recovered almost $600,000.
For the financial sector and other industries, customer education has been a major weapon in successfully beating back phishing to the point where it's not the threat it was five years ago, Bank of America's Shroyer says. But customer education is less powerful of a weapon against stealthy malware that is constantly finding ways to avoid detection, he says.
Malware also is trickier from a customer resolution standpoint, Shroyer says: "I can fix a customer who's been exposed to phishing in a matter of minutes. A customer exposed to malware is a very difficult conversation. I can't just tell them to change their ID and passcode. I have to tell them that their endpoint, their PC, has been compromised by something that isn't just impacting their Bank of America relationships, but their Yahoo email account and other financial accounts like PayPal."
Banking malware is a newer problem in the U.S., Shroyer adds, noting that banks in Australia, Brazil and the U.K. have been combating sophisticated banking Trojans for longer.
Mather, a former director of fraud prevention at eBay, says phishing was the top concern when she worked at the company; malware wasn't much on the radar. "Now when I talk to banks and other large organizations, they're having to assume the c ustomer's computer is compromised. That's a very different way to look at your customers than worrying about whether they're going to give away their passwords."
INDUSTRY REPSONSE
Financial industry groups, keenly aware of the critical need to preserve confidence in the online banking channel, have provided a slew of recommendations for fending off malware attacks.
FS-ISAC, NACHA and the FBI, in their joint advisory last August, recommended financial institutions implement strong authentication, fraud detection and mitigation best practices including transaction risk profiling, out-of-band transaction authentication together with fraud detection, and defense in depth to their network and system infrastructure.
They also advised banks to educate their corporate and small business customers about security, including: reconciling accounts on a daily basis; initiating ACH and wire transfers under dual control (with one person initiating the transfer a nd another authorizing it); and possibly carrying out all online banking from a locked down, standalone computer with email and Web surfing disabled.
|
| Back to top |
|
|
| |
| Excerpt: According to Rik Ferguson, security advisor, Trend Micro, the gang involved in this case had been linked with Zeus Trojan and Koobface worm as well...
Computers are being infected by a new piece of malware that uses file-share websites and then publishes net history of the user on a public site. The malware demands a fee to remove it, as per the news published by BBC on April 15, 2010.
Users who have unlawfully downloaded the copies of "Hentai" pornographic games via Winni, a file sharing program, are the target of this malware called Kenzero.
The malware, impersonating as a game installation screen, requests for the personal details of a computer owner. Then, it takes screenshots of web history of the user and publishes it on the Internet in their name. Then a pop-up screen or e-mail which demands a 1500 Yen (£10) credit card payment for settling the breach of copyright law as well as for getting rid of the webpage.
The website on which the users' history is published is run by a shell company named Romancing Inc. This website is registered to Shoen Overns, a fictitious person.
Kenzero is being observed by the Internet security firm Trend Micro in Japan. According to Rik Ferguson, security advisor, Trend Micro, the gang involved in this case had been linked with Zeus Trojan and Koobface worm as well, as per the news published by nzherald.co.nz on April 16, 2010.
He also stated that this one is a well-known criminal gang that is continuously engaged in such type of activity, as per the news published by 9News on April 16, 2010.
Ferguson added that Kenzero was an idea that bore resemblance to ransomware. It locks up the users of their own documents and then asks for a payment, to be made by credit cards, for a decryption key. Credit card details of the users, naturally, were further sold to other cyber assailants.
According to Yomiuri, a Japanese newspaper, around 5500 people have already accepted of being infected by Kenzero. Experts alarmed users to overlook requests for fee about copyright lawsuits.
Mr. Ferguson suggested that in case someone is getting pop-ups that demand payments so as to resolve copyright infringement lawsuits, it's advisable to completely disregard them. Also, a free online anti-malware scanner must be immediately used to confirm for malware, as per the news published by BBC on April 15, 2010. |
| Back to top |
|
|
| |
| As per the data collected by TrendLabs of Trend Micro, the exploitation of Search Engine Optimization (SEO) techniques for malicious activities made to the top position of Asia's web attacks during the first quarter of 2010. Malware continued to affect the system either through internet download or through removable drives in APAC. The security firm also revealed that cyber criminals made use of hot topics and mani pulated search results to install FAKEAV on target system. Although Blackhat SEO is often used by cyber criminals, important keywords of trending topics continued to be an effective medium for malware propagation.
Besides, cyber criminals exploit blackhat SEO technique to develop web pages that accomplish the object of distributing FAKEAV. These web pages redirect innocent users and linked with other similar pages and legitimate websites. This technique helped in raising the rank of malicious pages on search engines.
In order to grab the attention of Internet users, these malicious web pages copy content from different popular websites. Cyber criminals keep themselves abreast with trendy topics which could be easily seen on Google and Twitter search page.
After the successful use of any of these techniques, cyber criminals direct users to a pages that host fake message prompt. These fake messages instruct users to check the scanning results designed to c reate fear in them so that they spend money on buying bogus antivirus program. Hence, these techniques have made FAKEAV a recurrent theme on the threat landscape.
Some of the major events in APAC that attract users into clicking on malicious links were the news about the malfunction of Filipino-Australian actress Anne Curtis' wardrobe, Philippines' 6.0-Magnitude earthquake and boxing match between Joshua Clottey and Manny Pacquiao. In all the attacks, the search results ended up in the download of malware that seems as if it is an antivirus software. The end objective of the three attacks is to deceive users into buying the rogue AV product.
Amit Nath, Country Manager, India & SAARC, Trend Micro, said that exploitation of vulnerabilities and blackhat SEO techniques shared the same idea. They all came from user behavior. Incidents took place in the US could happen in Asia sooner or later. There was a strong possibility of these incidents, as reported by CIOL on April 19, 2010. |
| Back to top |
|
|
| |
| Excerpt: In 2005, Trend Micro spent more than $8 million appeasing customers, most of them in Japan, for a similar fiasco. Computerworld - McAfee today announced it would offer business customers affected by last week's flawed update a free one-year subscription to its automated security assessment service.
The company, which has faced a firestorm of criticism for letting the faulty update slip through testing, added that it would throw in other services, products and support packages on a case-by-base basis. "McAfee and McAfee channel partners will be offering a customer commitment package that may contain a combination or selection of services, support and products tailored to each customer sit uation," the company said on a page dedicated to businesses.
McAfee told its corporate customers it would contact them with details of the compensation program, and urged them to get on the list by connecting with technical support if they had been affected.
Customers are certain to key on the part of today's statement that spells out the free year's subscription to McAfee's security review services. "All affected customers will be offered a free one-year subscription to our automated security health check platform which provides an assessment of the security of an organization or enterprise based on McAfee's best practices," the company said.
McAfee did not specify the services it would offer businesses, but the company sells at least two: McAfee Vulnerability Assessment SaaS for medium- and large-sized companies, and McAfee Anti-Virus Health Check Assessment for small businesses.
Today's compensation program announcement was the second since a M cAfee antivirus signature update wrongly identified a critical Windows system file as a low-threat virus last Wednesday. Most of the PCs crippled by the flawed update were in corporations, where hundreds, in some cases thousands of machines running Windows XP Service Pack 3 (SP3) crashed and rebooted repeatedly, and lost all network access.
Earlier, McAfee had promised to reimburse its consumer customers for "reasonable expenses" they incurred repairing their PCs, and said it would extend the security subscriptions of affected consumers by two years.
Today, McAfee defined reasonable expenses as the cost to take a PC to a "local tech support specialist." Previously, a company spokesman had equated that to the fees charged by Best Buy's Geek Squad technical support and repair service. More details are to follow on the consumer reimbursement process, McAfee repeated today.
McAfee is not the first antivirus vendor forced to compensate customers for a damagin g signature update. In 2005, Trend Micro spent more than $8 million appeasing customers, most of them in Japan, for a similar fiasco. In 2007, Symantec gave free backup software and extended Norton AntiVirus licenses by 12 months to compensate Chinese users when a buggy updated knocked out their computers.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. |
| Back to top |
|
|
| |
| Excerpt: Five years ago, Trend Micro hobbled Windows XP Service Pack 2 machines, an incident that even saw the company pay compensation to some affected customers. Last week, McAfee broke a lot of its customers' computers. A virus definition update caused a false positive identification of a virus within a key Windows file.
McAfee initially tried to downplay the issue, claiming only "moderate to significant" issues on affected machines, and that the default configuration of its software was harmless. "Not booting properly and being useless for real work" strikes us as somewhat worse than "moderate to significant," and there are many reports from people saying that McAfee is wrong about the default configuration (the situation seems unclear, but it looks like upgrades and certain patches can result in a different "default"—one that isn't safe). As if that was any consolation—none of the settings should result in machines getting broken. Ultimately, such quibbling is irrelevant: tens or hundreds of thousands of machines were disabled by the virus update.
Eventually, McAfee did issue a statement that was suitably apologetic. And Monday, the company offered home users who were affected by the problem two years of free updates plus compensation for any costs incurred (business users are offered nothing more than an apology). What was missing was any credible explanation of why it happened, and how it would be prevented in the future.
One rather depressing hint was given in an early revision of a FAQ the company published about the problem. The document has been sanitized, but the relevant portion can be found at ZDNet:
9. What is McAfee going to do to ensure this does not repeat?
McAfee is currently conducting an exhaustive audit of internal processes associated with DAT creation and Quality Assurance. In the immediate term McAfee will d o the following to provide mitigation from false detections:
1. Strict enforcement of rules and processes regarding DAT creation and Quality Assurance.
2. Addition of the missing Operating Systems and Product configurations.
3. Leveraging of cloud based technologies for false remediation.
4. A revision of Risk Assessment criteria is underway.
(Emphasis ours.)
In other words, McAfee didn't bother to test one of the most widely used operating systems around before pushing out an update. Good job.
One might expect other anti-virus vendors to highlight McAfee's failing and promote their own products instead. But their response has been, if anything, sympathetic, instead laying the blame squarely with malware authors, who have resorted to such cunning trickery as "giving their executables the same names as Windows files" just to make the virus scanners' jobs harder.
McAfee isn't the first company to make a mistake like this. Last month a BitDefender update broke 64-bit Windows XP, Windows Vista, and Windows 7 installations. Five years ago, Trend Micro hobbled Windows XP Service Pack 2 machines, an incident that even saw the company pay compensation to some affected customers.
Sometimes the damage is less severe, but still thoroughly debilitating; a McAfee update in 2006 resulted in many programs including Excel and Google Toolbar being identified as viruses, duly breaking them.
The truth is, false positives are abundant. A site tracking false positives gave up updating after being inundated with reports. Small developers producing shareware or custom applications are getting nailed with false positives on a consistent basis. These guys are producing programs that won't feature on any AV vendor's test matrix (though as history show s, even being widely used doesn't guarantee that), and their customers (or, even worse, potential customers) are routinely being inconvenienced, if not downright scared off.
A 2007 Symantec update to various Norton products shows just how hard it is to test against known products effectively; the update took down Windows XP Service Pack 2 machines, but only the Simplified Chinese edition, and only when a particular Windows patch was installed. This was still enough to cause problems for millions of PCs.
So what's the solution here? Unfortunately, there doesn't appear to be a good one. Signature-based anti-virus software is always going to suffer this kind of problem, and the scale of testing, even if restricted to major software, is enormous. Perhaps impractically so, with the number of different patches and languages that would need to be tested. Certainly, given the alarming regularity with which these problems occur, it seems to be a larger task than the ant i-virus vendors can manage.
But other approaches to anti-virus fare no better. Heuristic scanners, which try to trap software because the actions it takes appear to be malicious or because of the network traffic it sends, ultimately have the same problem; they catch things they shouldn't. A strong case can be made that virus scanners should verify digital signatures and ignore files that are properly signed (as such files cannot have been tampered with), something that some anti-virus software already does, but even this has issues. Many scanners scan running processes (to detect, for example, self-propagating worms that attack network services), and terminating system processes because they appear to be infected can be just as damaging as deleting system programs from disk.
Moreover, not every file on a system is signed. In general, every program on a corporate desktop could be signed; typical corporate desktops don't need to allow running of arbitrary downloa ded programs or anything like that, so greater use of signatures (even for custom, in-house applications) might be of value. But that's probably not an option for home users. And besides, a virus scanner destroying a document I'm working on just because it happens to look like a virus is not really a great improvement.
IT departments should perhaps be more circumspect about rolling out definition updates, but they too suffer some of the same testing problems. Though the problem should be more tractable for those organizations that have standard system images and carefully manage their own patching, that isn't the reality for a great many companies. This isn't even a situation where a virtualized lab can provide a good solution—a false positive could easily be generated for a critical driver that's only used on real hardware.
Improved operating system security, while useful for many things, offers little help, at least given current OS designs. Tasks like send ing spam e-mail or destroying documents don't need elevated user privileges, so in many cases, OS security features offer little or no benefit.
Similarly, many viruses depend not on software flaws to propagate, but end-user flaws. In other words, they trick people into running them. Better programming and more restricted user accounts don't do much to help here. A suitably radical redesign of the operating system could reduce vulnerability (something along the lines of the experimental Qubes, for example, would offer greater separation between user data and potentially hostile software), but the prospect of such a redesign becoming mainstream any time soon is extremely low.
With AV vendors trapped in a game they can never win—virus writers will always outpace them—this is, then, a problem that shows no sign of being solved anytime soon. Though some false positives shouldn't have happened, and McAfee really should have tested against Windows XP Service Pack 3, such problems will unfortunately continue to be a fact of anti-virus life. |
| Back to top |
|
|
| |
| Excerpt: Still, President and Chief Executive Dave DeWalt last month said the company was poised to take market share from its main rivals, Trend Micro Inc. (TMICY, 4704.TO) and Symantec Corp. (SYMC), adding to market-share gains McAfee has seen over the past year. McAfee Inc.'s (MFE) first-quarter profit fell 30% as the antivirus-software maker posted charges and slightly lower margins, which masked revenue growth.
The company, which reported results on the low end of its February estimates, also issued a weak second-quarter outlook. It sees earnings of 58 cents to 62 cents a share on revenue of $500 million to $520 million. Analysts surveyed by Thomson Reuters expected 66 cents and $526 million, respectively.
Shares tumbled 9.8% to $35.66 in after-hours trading.
McAfee's portfolio and acquisitions of smaller companies have mostly helped it fend off the worst of the gloom last year, although it isn't immune to the information-technology spending slowdown. Still, President and Chief Executive Dave DeWalt last month said the company was poised to take market share from its main rivals, Trend Micro Inc. (TMICY, 4704.TO) and Symantec Corp. (SYMC), adding to market-share gains McAfee has seen over the past year.
On Thursday, McAfee posted a first-quarter profit of $37.6 million, or 23 cents a share, down from $53.5 mil lion, or 34 cents a share, a year earlier. Excluding stock-compensation and other costs, earnings rose to 60 cents from 57 cents.
Revenue climbed 12% to $502.7 million amid a similar decline in North America. Internationally, revenue rose 13%.
In February, the company projected earnings of 60 cents to 64 cents on revenue of $500 million to $520 million.
Gross margin fell to 73.6% from 74.7%.
During the quarter, McAfee closed 19 deals worth more than $1 million each, compared with 16 a year earlier. |
| Back to top |
|
|
| |
| Excerpt: Some of the more useful applications are the ... 30-day trial of Trend Micro Internet Security. Trying to eke out both long battery life and speedy performance—especially 3D performance—from a thin-and-light notebook can be a lesson in futility. But Asus’s new U-Series of thin-and-lights attempts gives it a very credible shot by employing Nvidia’s Optimus technology, which allows the notebook to engage its power-hungry graphics-processing unit (GPU) only when needed. The rest of the time, it runs on the notebook's more battery-friendly integrated graphics. The first U-Series notebook out the door is the $899 U30Jc-A1, which features a 13.3-inch display. This first foray strikes an excellent balance among performance, battery life, and price.
This is not the first time that a notebook has featured hybrid graphics, but it is one of the very first to switch between modes automatically. (The $849 Asus UL50Vf is the other Optimus-based notebook we’ve reviewed so far.) Prior to Nvidia’s Optimus technology, if you wanted to switch between the integrated and discrete GPUs on a hybrid-graphics-enabled notebook, you had to do so manually, which frequently required the inconvenient step of rebooting.
Asus U30Jc-1A
A sticker touts the battery-life and performance advantages of Nvidia's Optimus technology.
Asus proudly affixes the Nvidia Optimus sticker, professing the virtues of the technology. (The sticker is easily removable.) Once we removed the stickers and protective coatings, a brushed-aluminum finish was revealed on the notebook’s cover and the area surrounding the keyboard; the rest of the notebook is covered in hard, black plastic. Asus claims the aluminum finish is a “scratchproof surface,” and we couldn’t resist the urge to put the claim to the test and essentially “keyed” the cover (in an inconspicuous corner). With apologies to Asus, the key, unfortunately, left a small scratch on our loaner unit that would not buff out.The body measures 1.2x13.1x9.2 inches (HWD) and weighs 4.8 pounds, which means this laptop is a little chunkier than some other thin-and-lights with the same-size display.
An upside to the slightly larger chassis is that the U30Jc-A1 has a spacious Chiclet-style keyboard. The keys have decent travel and a springy rebound, but we did note far too much flex toward the top of the keyboard, where the Function keys are located. The multi-touch-capable touch pad (measuring 4 inches diagonally) sits squarely in the center of the 3-inch wrist rest, and a chrome-colored, rocker-style mouse button sits beneath the touch pad.
The keys have decent travel and spring back quickly, but the section near the Function keys flexes too much.
The 13.3-inch display has a native resolution of 1,366x768, and its LED backlight helps provide a bright and colorful image. Movies look great on the screen, but the viewability of the LCD drops off fairly quickly once you move away from viewing the screen straight-on. Audio quality is about average for this class of notebook—which is to say, it’s neither great nor atrocious—until you enable the SRS Premium Sound feature. With SRS turned on and set to the proper preset (such as Movie or Music), audio quality becomes much crisper and louder. It's a noticeable step up from what we’re used to hearing from the tiny speakers in thin-and-lights.
The U30Jc-A1 has a healthy collection of connectivity options. The left side of the notebook has two USB 2.0 ports, VGA and HDMI video-out ports, mic and headphone jacks, and a lock slot. On the right side of the notebook is the tray for the 8x DVD±RW drive, plus another USB 2.0 port, a Gigabit Ethernet jack, and the power jack. The front of the unit houses the stereo speakers, Wi-Fi on/off switch, and a five-format flash-card reader. Wireless networking is handled by an 802.11b/g/n radio inside, but unlike some other similarly priced notebooks, the U30Jc-A1 does not come with integrated Bluetooth.
Other key components are a 2.26GHz Intel Core i3-350M processor, 4GB of 1,066MHz DDR3 SDRAM, and a 320GB hard drive that spins at 5,400rpm. For light graphics processing, the system uses the Intel GMA HD graphics engine that is integrated into the Core i3 CPU. But when a more demanding graphics application launches, such as a 3D game, the Nvidia GeForce 310M graphics chip (which has 512MB of dedicated video memory) kicks in and takes over. The more you rely on the Intel GMA HD GPU, the better your potential battery life will be.
In fact, in our own informal, nongaming, day-to-day usage, we saw between six and eight hours of battery life. And in our formal testing, with our demanding DVD-rundown test, the U30Jc-A1’s eight-cell battery survived for an impressive 4 hours and 18 minutes, which is significantly longer than the average battery life (3:03) for thin-and-light notebooks. Within the last year or so, we’ve seen only three other thin-and-lights that squeezed out even longer battery life: the $849 Asus UL80Vt (5:48) and the $899 Acer Aspire Timeline AS3810T-6415 (5:49), both of which happen to be low-voltage models, and the Apple MacBook Pro (7:48), which uses lithium polymer battery technology.
When the GeForce 310M GPU is active, you can expect the U30Jc-A1’s battery to deplete much quicker. But what you lose in battery life, you gain in 3D performance. On our Company of Heroes gaming test, running at a resolution of 1,024x768 under DirectX 9, we saw an average frame rate of 47.2 frames per second (fps). Even when we set the game to match the U30Jc-A1’s native resolution of 1,366x768, it ran at a still-playable 33fps.
We saw equally impressive performance on our 3DMark06 test, with a score of 4,091 at 1,024x768. This marks nearly the highest level of 3D performance we’ve seen from a thin-and-light laptop to date, with the exception of the $1,649 HP EliteBook 8440w, which had a slightly higher 3DMark06 score (4,167) but somewhat slower Company of Heroes performance (45.4fps at 1,024x768). That said, even with such an impressive 3D showing for a thin-and-light, this level of performance is still not enough to let you crank up all the special effects and eye candy in many of today’s demanding 3D titles. The U30Jc-A1’s gaming capabilities are still limited to older games and less-demanding titles, such as The Sims series or World of Warcraft.
As you’re more likely to be running productivity apps than playing games with the U30Jc-A1, you’ll be pleased to know that its application performance is also very strong. The U30Jc-A1 scored 4,744 on our PCMark Vantage test, which measures a system’s overall application-performance potential. This is a big improvement over the average score for thin-and-lights (3,464) and only a bit slower than the $899 Toshiba Satellite E205-S1904’s score of 4,995. (This model is a competing thin-and-light at the same price.) The U30Jc-A1 did equally well on our Cinebench 3D-rendering test, generating a score of 5,770. This, too, is well above the average for this class of laptop (4,544), but not quite as speedy as the Satellite E205-S1904 (6,451).
Last, but not least, the U30Jc-A1 also put in respectable showings on our multimedia tests, taking 4 minutes and 50 seconds to transcode our standard test video in Windows Media Encoder, and 3:15 to convert our test music files in iTunes. As you likely surmise by now, these times were also faster than the average performance for thin-and-lights (7:28 for Windows Media Encoder, and 4:42 for iTunes). The E205-S1904 outperformed the Asus U30Jc-A1 on Windows Media Encoder (4:26), but the U30Jc-A1 was, surprisingly, a hair faster than the Toshiba machine on our iTunes test (3:24).
There’s one more standout feature of the U30Jc-A1: its generous warranty. The notebook comes standard with a two-year plan, which is standard for Asus but twice as long as nearly every other manufacturer's warranty. Also, it's a global plan; many manufacturers are unpredictable when it comes to warranty service outside of the country where you originally purchased the notebook. The standard warranty includes accidental-damage coverage, which guarantees the unit for a single incident within the first year of ownership against drops, spills, or similar calamities. Asus even goes so far as to promise to fix or replace the U30Jc-A1 within the first 30 days if the display shows even one bad pixel. To top it all off, Asus has toll-free phone support that is available around the clock.
The U30Jc-A1 includes a rather sizable collection of installed software—much of which isn't of much value. Of the 59 preinstalled applications, no less than 13 are Asus-labeled utilities. Some of the more useful applications are the SmartLogon Manager (for logging into Windows using facial recognition via the 0.3-megapixel Webcam), CyberLink Power2Go (for disc-creation tasks), and a 30-day trial of Trend Micro Internet Security. An Asus representative assured us that the bundled software will get trimmed back when the U-Series is refreshed this fall.
Speaking of future U-Series notebooks, Asus will be releasing another 13.3-inch version of this machine, as well as 14-inch and 15.6-inch models in the next few months. Expect to see different color finishes and, more significantly, USB 3.0 ports on some models. But we don't think you need to wait. With its excellent combination of battery life and performance, the Asus U30Jc-A1 is a top-of-the-class thin-and-light notebook that offers something for everybody, from the casual gamer to the true road warrior. Factor in the warranty, and you have a notebook that also gives you peace of mind, wherever you are in the world.
Price (at time of review): $899 (mfr. est., as tested) |
| Back to top |
|
|
| |
| Excerpt: The object in question is an .xml file containing a malicious .tiff file, detected by Trend Micro as a Trojan downloader. A new type of malicious PDF file has recently been spotted in the wild.
This one contains an malicious object that was embedded into the file through the use of common the FlateDecode and ASCII85Decode filters for images.
The object in question is an .xml file containing a malicious .tiff file, detected by Trend Micro as a Trojan downloader.
The author(s) of this malicious PDF took advantage of an old and one recently discovered vulnerability to allow the Trojan to connect to various URLs and downloads additional malicious files. |
| Back to top |
|
|
| |
| The Trend Micro Inc. is a global leader in antivirus and internet security business. Their latest version is very helpful for users who don’t want to choose between computer performance and maximum protection. It’s an easy to use tool that helps you in the fight against viruses, spywares, worms, Trojans and other malicious software.If you download the Trend Micro Internet Security 2010 yo u will get full access to the firewall and other features like parental control, backup options and data theft prevention systems. The last ones work by monitoring the outgoing traffic and restricting the personal information. I am talking about phone numbers, names and credit card information.
This version costs $49.95 for a single user license and can be used on 3 PC’s. Also you can enjoy the free 30 days trial on the official page or, try the 1 year license agreement. All you have to do is download the Trend Micro Internet Security 2010 from our links bellow and enter the: pfeo-9996-0691-8113-9527 as a serial key.
Please note that the link bellow is only for the 32-bit version of Windows XP, Vista and 7. Click here for the 64-bit software for Windows Vista and 7.
 |
| Back to top |
|
|
| |
| Trend Micro HijackThis is a software tool which provides users with tool to search and repair various issues encountered with the system’s settings. Trend Micro HijackThis offers extensive reports about your system’s registries and file settings. This utility cannot differentiate safe settings from unsafe ones , it just offers you the search report and you have to determine these for yourself, this means that HijackThis should be used only by advanced users, so if you’re not an advanced user you shouldn’t mess with your system settings because you might damage it. Also, Hijack This allows you to delete malicious software from you system.
After you install Trend Micro HijackThis, you can start a computer scan immediately. After it finishes the scanning, it will open the detailed report and you can change any setting you. If you don’t know what to change you should check some forums as you will find excellent technical assistance, as you can provide community users with the log file of the HijackThis and someone will help you. So, you can save log files and ask for help your friends, upload it to a technical assistance forum or you can look for someone who has some advanced skills in domain.
The greatest feature of Trend Micro HijackTHis is the fact that it is a free software utility and also you should know that the installer of this app doesn’t contain any type of viruses, worms, trojans, rootkits, key loggers, spyware, adware or any other type of malicious software that might damage your system.
 |
| Back to top |
|
|
