Koobface, a botnet well known for spamming popular social media sites, was taken offline on November 14 when UK ISP provider Coreix took three MotherShip servers offline.

FortiGuard labs disclosed zero-day vulnerabilities in Adobe Shockwave, Adobe Flash, Microsoft Office PowerPoint, and Apple QuickTime.

More info available on the press release below

Press Release

Fortinet November Threat Landscape Report Highlights Reduced Spam Levels after Bredolab Takedown

Koobface Servers Taken Down on November 14 Reconfigured to New Control Servers Five Days Later

MALAYSIA, 6 December, 2010 - Fortinet – a leading network security provider and the worldwide leader of unified threat management (UTM) solutions – today announced its November 2010 Threat Landscape report, which highlights a 12 percent reduction in global spam after Dutch authorities dismantled a large Bredolab network by taking more than 140 servers offline.

“Bredolab was often used to load spam engines, which are typically used to sell fraudulent pharmaceuticals,” said Derek Manky project manager, cyber security and threat research at Fortinet. “The scale of this Bredolab botnet had a huge impact on spam levels, dropping as much as 26 percent one week after it was dismantled.”

Koobface Takedown

Koobface, a botnet well known for spamming popular social media sites, was taken offline on November 14 when UK ISP provider Coreix took three MotherShip servers offline. Koobface used intermediary servers (proxies) to communicate with these MotherShip servers through HTTP port 80.

“We confirmed that on November 14, when the primary servers were taken offline, the intermediary servers failed to proxy content, which effectively crippled the botnet,” Manky continued. “Unfortunately, we saw communication restored five days later on November 19th. This is likely due to the fact that Koobface contains an FTP harvesting module.”

Operators may use stolen FTP credentials to hijack Web servers for intermediary/proxy use. By reconfiguring their intermediary servers to new MotherShip servers, the operators seemingly regained control of their botnet.

Adobe, Microsoft, Apple Zero-Day Vulnerabilities

In November, FortiGuard labs also disclosed zero-day vulnerabilities in Adobe Shockwave (FGA-2010-54), Adobe Flash (FGA-2010-56), Microsoft Office PowerPoint (FGA-2010-58), and Apple QuickTime (FGA-2010-61). In addition to the four zero days, 146 additional new vulnerabilities were covered by FortiGuard IPS; 40 percent of which were actively exploited in the wild. As of this writing, a zero-day vulnerability is still being exploited in the wild for Microsoft Internet Explorer (FGA-2010-55). All five vulnerabilities were critical, and had the potential to allow attackers to execute arbitrary code from a remote location.

New and old vulnerabilities will continue to be exploited, so it’s important to keep all application patches up to date. Additionally, a valid intrusion prevention system (IPS) can help mitigate attacks against both known vulnerabilities and zero-days. With the use of communication through common protocols, application control is becoming more important to identify malicious activity on the application level.

FortiGuard Labs compiled threat statistics and trends for November based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Services should be protected against this vulnerability with the appropriate configuration parameters in place.

FortiGuard Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail and FortiClient products.

The full November Threat Landscape report, which includes the top threat rankings in several categories, is available now. Ongoing research can be found in the FortiGuard Center or via FortiGuard Labs’ RSS feed. Additional discussion on security technologies and threat analysis can be found at the Fortinet Security Blog.

---
Related Articles at Blogjer - Technology at a glance:

• October Threat Landscape Report Highlights Increased Zeus/Money Mule Risk
• McAfee monthly spam report – educating people about spam
• Fortinet July Threat Landscape Report Shows Sasfis Botnet Variants Multiplying
• Fortinet August Threat Landscape Report Shows Return of Ransomware and Rise of ‘Do-it-Yourself’ Botnets
• Getting rid of spoof and spam email

• The latest FortiGate-5000 series appliance family delivers essential network defenses for dynamic, multi-tenant large enterprise and service provider networks, including security-as-a-service and infrastructure-as-a-service environments.
• The new FortiGate-5001B is a high performance security blade that integrates a wide range of critical security services and native 10-Gigabit Ethernet (GbE) support for FortiGate-5000 chassis-based platforms which delivers up to blazing 40 Gbps of firewall throughput and up to 17Gbps of virtual private network (VPN) throughput.
• FortiSwitch-5003B switching blade delivers 10-GbE switching to the backplane fabric of the FortiGate-5000 series chassis and operates with exceptionally low latency to maximize multi-threat security performance required by increasingly bandwidth-hungry data centers.

Press Release

Fortinet Introduces World’s Fastest Unified Threat Management Security and Switching Blades

New Blades Coupled with FortiGate Chassis Will Provide up to 500 Gbps Firewall Throughput Performance

MALAYSIA, December 1, 2010 – Fortinet – a leading network security provider and the worldwide leader of unified threat management (UTM) solutions – today announced the newest flagship model in the FortiGate-5000 series appliance family along with a new high-performance switching option. These products combine to deliver essential network defenses for dynamic, multi-tenant large enterprise and service provider networks, including security-as-a-service and infrastructure-as-a-service environments.

The new FortiGate-5001B is a high-performance security blade that integrates a wide range of critical security services and native 10-Gigabit Ethernet (GbE) support for FortiGate-5000 chassis-based platforms. Delivering up to a blazing 40 Gbps of firewall throughput and up to 17 Gbps of virtual private network (VPN) throughput, the FortiGate-5001B integrates essential security functions in a compact Advanced Telecom Computing Architecture (ATCA)-compliant blade form factor. This includes enterprise firewall, virtual private network, application control, intrusion prevention, anti-virus/anti-malware, anti-spam and Web filtering. To optimize the performance of these security services, the FortiGate-5001B security blade integrates the latest Intel 4-core CPU and two Fortinet FortiASIC NP4 network processor chips. This is Fortinet’s fourth generation of ATCA-compliant solutions, having shipped the first generation of its ATCA chassis-based FortiGate-5001SX and FortiSwitch-5003 in 2004. Fortinet brought its second generation of ATCA-compliant appliances in 2006 with the FortiGate-5005FA2 and FortiController-5208 and the third generation in 2008 with the FortiGate-5001A and FortiSwitch-5003A. Adding onto Fortinet’s pioneering innovation in the telecom industry is the FortiGate’s achievement of NEBS Level 3 compliance – a requirement for operation of carrier-class equipment in the central offices of major telecommunications companies.

Delivering 10-GbE switching to the backplane fabric of the FortiGate-5000 series chassis, the new FortiSwitch-5003B switching blade operates with exceptionally low latency to maximize multi-threat security performance required by increasingly bandwidth-hungry data centers.  Fortinet’s new products, designed for very large enterprises, carriers and managed service providers, provide consolidated security services and simplified network infrastructures that deliver substantially increased performance, dramatically improved multi-threat protection and significantly lower operating costs.

When coupling the FortiGate-5001B with the FortiGate-5140 chassis, telecommunications and managed security service providers will have up to 500 Gbps firewall throughput performance, making the chassis the fastest blade system firewall in the industry. By combining a FortiGate-5000 series chassis with the new FortiGate-5001B security blade and optional FortiSwitch-5003B switching blade, customers have access to a modular, multi-threat security solution with carrier-grade reliability and scalability required by 10-GigE network environments.  As a highly modular platform, the FortiGate-5000 series is designed to be the cornerstone of high-performance security infrastructures.  Ideal for high-speed multi-threat security gateways, managed security services, and complex security zoning applications, the FortiGate-5000 series, equipped with the new FortiGate-5001B and FortiSwitch-5003B blades, can be integrated with Fortinet’s centralized management and reporting solutions to provide broad control of large-scale deployments.

The FortiGate-5000 Series also offers the following benefits:

• Redundant, hot swappable power supplies and fans to minimize single-points of failure.

• Use of active/active and active/passive high availability modes for uninterrupted service.

• Integration with Fortinet’s FortiManager centralized management and FortiAnalyzer centralized reporting appliances to simplify security management, reporting and analysis while reducing operating expenses.

• Availability of FortiGuard™ Subscription Services to deliver automated, real-time and up-to-date protection against security threats and exploits.

• Deployment flexibility that includes network segmentation by customer, business unit or any other logical partition to maximize control through the use of virtual domains.  The platform is also ideal for virtualized environments.

• Complements or upgrades existing security infrastructure by enabling only the services needed in integrated, all-in-one security blades.

• Design the exact mix of multi-threat security, load-balancing, and high-speed networking required to support organizational security requirements.

“You can’t take a ‘cookie-cutter’ approach to network security, especially in large-scale, business-critical environments supporting hundreds of thousands or millions of end customers and clients,” said Michael Xie, founder, CTO and vice president of engineering at Fortinet.  “That’s why we continue to innovate with agile and modular approaches to network defense because each customer environment has a unique threat profile and corresponding security and performance requirements.  In recognition of this, we are once again pushing the envelope of high-performance network security with the introduction of the FortiGate-5001B and FortiSwitch-5003B blades.”

Availability

The FortiGate-5001B and FortiSwitch-5003B will be available this quarter.

---
Related Articles at Blogjer - Technology at a glance:

• Fortinet Leverages Spirent Solutions To Validate Best-In-Class Performance Of FortiGate-3040B
• Fortinet Advocates Healthcare Organizations to Consider Their Data Security Strategy in Today’s Dangerous Cyberspace
• Fortinet November Threat Landscape Report Highlights Reduced Spam Levels after Bredolab Takedown
• Fortinet August Threat Landscape Report Shows Return of Ransomware and Rise of ‘Do-it-Yourself’ Botnets
• Fortinet Introduces New Messaging Security Appliance for High-Performance Corporate Email Routing

• The FortiMail-3000C which features a 20-percent performance improvement over its predecessors, is ideally suited for large enterprises and application service and software-as-a-service (SaaS) providers.
• The FortiMail-3000C features important server mode enhancements made possible by the new FortiMail 4.0 MR2 operating software, which enables the appliance to function as full-featured SMTP mail server supporting secure POP3, IMAP and Web mail clients.

More on that available on the press release below.

Press Release

---
Related Articles at Blogjer - Technology at a glance:

• Fortinet Leverages Spirent Solutions To Validate Best-In-Class Performance Of FortiGate-3040B
• Fortinet Introduces World’s Fastest Unified Threat Management Security and Switching Blades
• Fortinet Expands Web Application Firewall Family with New Appliances for Enterprises, Application Service and Cloud-based Service Providers
• Fortinet Advocates Healthcare Organizations to Consider Their Data Security Strategy in Today’s Dangerous Cyberspace
• Paypal introduces security key texted to your mobile (SMS)

· Spirent Communications plc. announced the results of performance tests conducted on the FortiGate-3040B, the newest Fortinet multi-threat security appliance purpose-built for large enterprise and data center environments.

· Testing with Spirent solutions showed that the FortiGate-3040B delivers a steady 40Gbps of performance in both UDP and TCP traffic through four 10 Gbps Ethernet ports and supports full line-rate application traffic with zero packet loss.

· The appliance also achieves latency as low as 3.94 microseconds under 100 percent load. Other test results unveils that the ForitGate-3040B supports up to 5,600,000 concurrent sessions and 160,000 transactions per second.

Press Release

Fortinet Leverages Spirent Solutions To Validate Best-In-Class Performance Of FortiGate-3040B

Spirent TestCenter Used for Performance Evaluation of New High-End Security Appliance; FortiGate-3040B Delivers Extremely Low Latency with 40 Gbps Firewall Throughput

MALAYSIA, 8 November, 2010 – Fortinet – a leading network security provider and the worldwide leader of unified threat management (UTM) solutions, and Spirent Communications plc., the leading provider of testing solutions for networks, devices and services, today announced the results of performance tests conducted on the FortiGate-3040B, the newest Fortinet multi-threat security appliance purpose-built for large enterprise and data center environments. Testing with Spirent solutions showed that the FortiGate-3040B delivers a steady 40Gbps of performance in both UDP and TCP traffic through four 10 Gbps Ethernet ports and supports full line-rate application traffic with zero packet loss. The appliance also achieves latency as low as 3.94 microseconds under 100 percent load. Other test results unveil that the FortiGate-3040B supports up to 5,600,000 concurrent sessions and 160,000 transactions per second.

FortiGate-3040B comes standard with eight 10-Gigabit Ethernet ports, all in a single, compact 2-RU appliance form factor. The appliance also includes both of Fortinet’s innovative FortiASIC processors — content processor (CP4) and network processor (NP4).

The UDP traffic throughput test was performed with Spirent TestCenter, which was used as a UDP traffic injector through a total of four 10 Gbps Ethernet ports. The test was conducted with a mix of packets, including 66, 594 and 1518 byte packets, and showed performance of 130 million packets per second. The amount of latency introduced by the FortiGate-3040B was minimal, with an average of 7.14 microseconds and getting as low as 3.94 µs at 64 bytes and zero packet loss.

The TCP traffic throughput test was performed with the Spirent Avalanche, used as a HTTP application traffic generator through a total of four 10 Gbps Ethernet ports. The test was conducted under the following parameters: three-way TCP handshakes; TCP Window Size at 64kB; and 10 HTTP transactions in 1 TCP connection. It showed application data performance of 37,65 Gbps throughput, which is equivalent to 40 Gbps of line-rate Ethernet.

“The Spirent TestCenter platform has become the standard for testing high-end security products in complex networks,” said Jeff Schmitz, vice president, Networks & Applications at Spirent Communications. “Large enterprise and data center environments must protect their most critical assets while, at the same time, keeping up with the increased bandwidth requirements of their network. The test of FortiGate-3040B validates the robustness, performance, and stability Fortinet’s customers can expect from this high-end network security system.”

The Spirent test results highlight the best-in-class firewall price-performance of the FortiGate-3040B. This 10-GbE network security appliance provides the highest 10-GbE port density in
its class and includes the latest FortiASIC network processors (NP4), which work inline with the flow of traffic and accelerate firewall and VPN functions.

“For several years now, we’ve been able to prove to our customers that our high-end UTM appliances can compare with point solutions in terms of performance and robustness. The addition of the FortiGate-3040B to our network security product line is no exception,” said Michael Xie, founder, CTO and vice president of engineering for Fortinet. “By leveraging Spirent’s test methodology and services, we enhance our customers’ confidence in our new products. With this test in particular, we are able to objectively demonstrate the outstanding performance and quality of the FortiGate-3040B, which delivers an unmatched mix of performance, flexibility, and security for its price class.”

Fortinet’s FortiGate-3040B appliance is the latest to join the FortiGate-3000 series product family, and integrates high-performance firewall capabilities with advanced unified threat management protection in a single system to help protect organizations’ vital assets. It adds to the FortiGate-3950B series, which was introduced earlier this year and delivers up to 120 Gbps of low-latency firewall inspection performance to help secure the most demanding enterprise environments, including high-speed data centers and network perimeters.

Fortinet’s FortiGate-3040B provides high bandwidth connectivity to the security gateway and delivers up to 17 Gigabits-per-second of virtual private network (VPN) performance. The appliance provides exceptional deployment versatility by providing the industry’s greatest port-density in its price class. A total of 20 ports are included on the system comprised of modular SFP+, SFP and traditional RJ-45 ports.

Like other enterprise-class multi-threat security appliances from Fortinet, the FortiGate-3040B is equipped with the FortiOS 4.0 MR2 operating system to effectively neutralize a wide range of security threats facing networks today.

---
Related Articles at Blogjer - Technology at a glance:

• Fortinet Introduces World’s Fastest Unified Threat Management Security and Switching Blades
• Fortinet August Threat Landscape Report Shows Return of Ransomware and Rise of ‘Do-it-Yourself’ Botnets
• Fortinet November Threat Landscape Report Highlights Reduced Spam Levels after Bredolab Takedown
• Fortinet July Threat Landscape Report Shows Sasfis Botnet Variants Multiplying
• Fortinet Expands Web Application Firewall Family with New Appliances for Enterprises, Application Service and Cloud-based Service Providers

1. Fortinet today announced its October 2010 Threat Landscape Report which warns of increased Zeus activity and the related risks money mules take when signing up for questionable job opportunities.
2. Money mules have been aggressively recruited this year to help cyber criminals launder money.
3. Fortinet’s Money Mule warning signs and key guidelines on how to prevent someone from inadvertently becoming a money mule.

Further reading could be found on the press release

Fortinet October Threat Landscape Report Highlights Increased Zeus/Money Mule Risks

Report Offers Money Mule Recruitment Warning Signs

MALAYSIA, 29 October, 2010 - Fortinet – a leading network security provider and the worldwide leader of unified threat management (UTM) solutions – today announced its October 2010 Threat Landscape report, which warns of increased Zeus activity and the related risks money mules take when signing up for questionable job opportunities.

“As outlined in our ‘2010 Threat Predictions Realized’ report, money mules have been aggressively recruited this year to help cyber criminals launder money,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “A recent example of this is the worldwide prosecutions of a Zeus criminal operation, which included 37 charges brought against alleged money mules.”

Recent Zeus stories illustrate how prevalent money mules have become and how they are being used to filter, disguise and spread money transfers. Mules today are typically recruited into criminal organizations through legitimate-looking advertisements. A suspect ad may suggest a client is looking for a “payment processing agent,” “money transfer agent,” or something as general and vague as an “administrative representative.” These recruitment ads can be found anywhere from print and online job sites to direct points of contact. While many mules likely enter into the business relationship knowing the full criminal implications of what they’re doing, there are a surprising number that do not.

Preying on the Desperation of Job Seekers

One of the most recent money mule recruitment emails FortiGuard flagged this month began the subject line with, “Re: CV.” The body of the email offered the recipient an “administrative representative” position for a proposed salary of €5,000 per month plus commission. One of the listed job duties was to “administer day-to-day financial responsibilities for clients,” as well as prepare weekly financial reports.

“The majority of opportunities we’re seeing today offer prospects roughly 10 percent commission for any transfers they make,” Manky continued. “With a few simple clicks, a $10,000 transfer could net the mule roughly $1,000.”

Money Mule Warning Signs

The following guidelines can be used to help prevent someone from inadvertently becoming a money mule:

· If the job offer sounds too good to be true, then it probably is. Be wary of any job opportunities that promise great rewards for little or no work or work experience.

· If the job description is vague, unclear and/or doesn’t stipulate who you would be reporting to in the new position, then do deeper research into the company to get those questions answered.

· Be especially scrupulous with regards to money transfer job offers that are coming from overseas, as they can be very difficult to research and verify. If the company in question doesn’t have verifiable contact information (phone, email contact and address) on their web site, think twice about working with them.

· Be cognizant of any company that asks for a personal bank account number as the means through which money is expected to flow. Recruiters will typically mandate that their mules use anonymous money transferring services for outbound funds; as with any scam, be cautious of a request such as this.

· Security services such as antispam and web content filtering can also help to minimize money mule recruitment attempts, as they could help flag the recruitment emails, or potentially warn or block specific illegitimate job recruitment domains.

· Anyone suspecting they may have been a victim of this type of crime should contact their bank immediately.

FortiGuard Labs compiled threat statistics and trends for October based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Services should already be protected against the threats outlined in this report.

FortiGuard Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail and FortiClient products.

The full October Threat Landscape report, which includes the top threat rankings in several categories, is available now. Ongoing research can be found in the FortiGuard Center or via FortiGuard Labs’ RSS feed. Additional discussion on security technologies and threat analysis can be found at the Fortinet Security Blog.

---
Related Articles at Blogjer - Technology at a glance:

• Fortinet November Threat Landscape Report Highlights Reduced Spam Levels after Bredolab Takedown
• Fortinet August Threat Landscape Report Shows Return of Ransomware and Rise of ‘Do-it-Yourself’ Botnets
• McAfee monthly spam report – educating people about spam
• Fortinet July Threat Landscape Report Shows Sasfis Botnet Variants Multiplying
• Maxis To Offer Samsung Galaxy Tab On 29 October

With iPhone 4 frenzy continue to last until the next couple of weeks here in Malaysia as well as other countries, do not taking  lightly about the possible threat that could harm your iPhone and it’s user. If the iPhone is meant for your kids, it’s a good idea to start thinking of securing your loves one from anything that could possibly hurt them. Fortinet FortiGuard Labs has released short but useful article that will be a basis to get started with. Read on.

Five Easy Steps to iPhone Security!

Apple’s latest shiny new iPhone 4 gadgets may have taken the world by storm but in the same vein, such mobile devices are now becoming a key target for cybercriminals and mobile spyware.

Why? Well, your trusty iPhone contains your closely guarded personal information, including photographs, contact database, possibly your credit card details, banking information, email exchanges, personal address, etc. It also connects you to tens if not hundreds of Internet applications that make your life easier. So now, imagine all this information falling into unscrupulous hands, a psychotic stalker, or becoming public information overnight!

This is exactly what a mobile spyware can do once it has entrenched itself in your iPhone. This insidious, crafty malware can secretly tap your phone calls, record and transfer SMS/MMS/e-mail messages, locate you geographically, listen to your surroundings, take pictures, downloads contacts, log activity… or steal your online banking credentials like the infamous Eeki worm did.

So, even if it has not been affected yet, do not underestimate the potential vulnerability of your iPhone. Taking care of your iPhone security is very much like taking care of your child.
Education plays an important role!

Follow these essential security tips to protect your iPhone and its data:

1. Would you let your child answer a stranger?

No. So, do not open unknown SMS or MMS on your iPhone.

2. Just before buying your child a new game, wouldn’t you check if it’s suitable for his/her age or if other parents consider it as an interesting game?

You probably try to. The same applies to your phone: gather as much information as possible before downloading an unknown application (search for comments and reviews from other users,
scan for online against viruses etc).

3. Do you inoculate your child against polio?

Then, you might consider installing an anti-virus on your mobile phone, or at least check anti-virus reports regularly.

4. Imagine a highly dangerous virus was circulating in your child’s school. Wouldn’t you keep him/her away, until any risks have disappeared?

Similarly, do not connect your iPhone to an infected computer and run anti-virus software on your PC or laptop to make sure it is malware-free before connecting your iPhone for synchronization.

5. When your child is harmed, wouldn’t you report it to some official authority (school,police, medical doctor)?

Do the same with your phone. Do not fear to report suspicious activities to your operator, your bank, consumer groups, anti-virus companies or in worse cases to the nearby police station. The
more we are aware, the more we can all fight against criminality.

---
Related Articles at Blogjer - Technology at a glance:

• paypal security challange
• how to prevent sending email from MS outlook without subject in place
• Paypal introduces security key texted to your mobile (SMS)
• even security blog does have spams..
• Apple To Support Multitasking in iPhone OS 4.0?

Fortinet on early this month has announced the expansion of the web application firewall family with new appliances designed for enterprises, application service and cloud-based service providers, among the key highlights are:

• Fortinet announced two new appliances for its FortiWeb family of web application firewalls – the FortiWeb-1000C, designed for mid-to-large enterprises, and FortiWeb-3000C, the flagship system for high-end enterprises, application service and cloud-based service providers.
• Each appliance is equipped with the new FortiWeb 4.0 MR1 firmware that is designed to provide maximum protection for web applications containing sensitive data subject to Payment Card Industry (PCI) guidelines.
• The FortiWeb-1000C and 3000C appliances are integrated web application and XML firewalls that protect against attacks targeted at web applications and web services infrastructure.

Press Release

Fortinet Expands Web Application Firewall Family with New Appliances for Enterprises, Application Service and Cloud-based Service Providers

FortiWeb-1000C and FortiWeb-3000C Leverage Major New Firmware to Provide Greater

Deployment Flexibility and Significant Security Enhancements

MALAYSIA, 10 August 2010 – Fortinet, a leading network security provider and a worldwide leader of unified threat management (UTM) solutions – today announced two new appliances for its FortiWeb family of web application firewalls – the FortiWeb-1000C, designed for mid-to-large enterprises, and FortiWeb-3000C, the flagship system for high-end enterprises, application service and cloud-based service providers.  Each appliance is equipped with the new FortiWeb 4.0 MR1 firmware that is designed to provide maximum protection for web applications containing sensitive data subject to Payment Card Industry (PCI) guidelines.  The new web application firewalls will also blunt potentially crippling attacks such as SQL injection and cross-site scripting, and help prevent security breaches from exposing highly sensitive data loss such as credit card numbers and personally identifiable information.

With the addition of the FortiWeb-1000C and FortiWeb-3000C, Fortinet now offers four web application firewall appliances to provide retail and payment, financial services and healthcare customers with a full range of deployment options.  In the case of retail and payment customers, the new FortiWeb products greatly minimize the complexity of complying with PCI Data Security Standard (DSS) section 6.5 and 6.6 as well as California Senate Bill 1386 that address the rampant problems of identity theft and financial fraud.  The FortiWeb-1000C and FortiWeb-3000C also provide robust patient data protection as part of HIPAA compliance for healthcare organizations.

“The need to protect web applications that contain sensitive credit, financial or personal information from increasingly sophisticated attacks and data loss has never been greater,” said Paula Musich, senior analyst, Current Analysis. “The simple fact of the matter is that organizations are deploying web applications and regulated Internet-facing data more broadly than ever.  For hackers and cyber-criminals, that’s like painting a giant bulls-eye on those applications, which gather credit card data and personally identifiable information with minimal protection in place. That’s why putting in place sophisticated web protection and threat management solutions with powerful policy enforcement capabilities should be a standard practice for any organization doing business on the web.”

The FortiWeb-1000C and 3000C appliances are integrated web application and XML firewalls that protect against attacks targeted at web applications and web services infrastructure. Because they provide detailed visibility into an organization’s threat landscape, the FortiWeb application firewalls eliminate the need to manage separate web and threat management tools and consoles. Not only does this streamline security efforts and reduce infrastructure complexity, it drastically reduces the time required to protect regulated data and achieve regulatory compliance.

To preserve optimal web application performance, the FortiWeb application firewalls leverage an intelligent, application-aware load-balancing engine to distribute traffic and route content across multiple web servers. This load balancing increases application performance, improves resource utilization and application stability while reducing service response times.

What’s New in FortiWeb Application Firewalls

The release of FortiWeb 4.0 MR1 provides a series of major enhancements to the new FortiWeb-1000C and FortiWeb-3000C application firewalls, including:

•           Policy wizard and pre-defined policies – allows for one click deployments and eases the process of rules creation greatly

•           Advanced alert tool – makes it easy to sift through hundreds of alerts, identify repetitive attackers using various aggregation fields and quickly understand the nature of attacks.

•           Enhanced Protocol Constraints – enforces policies that ensure any access to the web application is done in accordance with the HTTP RFC standard.

•           Extended signatures and DLP – allows customers to create their own granular signatures and data loss prevention patterns from a FortiWeb graphical user interface for any type of event, in addition to the pre-defined application signatures and data loss prevention rules.

“Customer demand for more powerful web application infrastructure security is soaring due to a combination of evolving attacks, security breaches, regulatory compliance and web defacement incidents,” said Michael Xie, founder, CTO and vice president of engineering at Fortinet.  “At the same time, more content is being delivered via the web, and both cloud providers and large enterprises need robust security solutions that can protect web application infrastructures without affecting application performance. The addition of the FortiWeb-1000C and FortiWeb-3000C appliances to the FortiWeb product family directly addresses this demand. These new platforms can play a pivotal role in helping preserve the security and uninterrupted operation of our customers’ web application infrastructures.”

Availability

The FortiWeb-1000C and FortiWeb-3000C are available now.

---
Related Articles at Blogjer - Technology at a glance:

• Fortinet Introduces World’s Fastest Unified Threat Management Security and Switching Blades
• Fortinet Leverages Spirent Solutions To Validate Best-In-Class Performance Of FortiGate-3040B
• Fortinet Introduces New Messaging Security Appliance for High-Performance Corporate Email Routing
• Fortinet November Threat Landscape Report Highlights Reduced Spam Levels after Bredolab Takedown
• Fortinet August Threat Landscape Report Shows Return of Ransomware and Rise of ‘Do-it-Yourself’ Botnets

Fortinet has just released July 2010 Threat Landscape report  which showed that 8  Sasfis botnet variants have landed in the company’s top 10 malware listing this period. Among the key highlight in the report are as follow. For complete report, please find the press release at the bottom of this post.

• Eight Sasfis botnet variants have landed in Fortinet’s top 10 malware listing this period.
• Earlier this year, the Sasfis botnet was dedicated to downloading and executing software (primarily fake antivirus) on infected systems. This period, Sasfis was observed downloading updated spamming modules
• This month’s Stuxnet attack, reiterates the importance of quickly patching security holes as fixes become available and having a broad intrusion prevention system (IPS) in place.

Press Release

Fortinet July Threat Landscape Report Shows Sasfis Botnet Variants Multiplying and Focusing on Spam Delivery

Stuxnet Attack Still Under Investigation While Awaiting Microsoft Patch

MALAYSIA, 4 August, 2010 – Fortinet – a leading network security provider and a worldwide leader of unified threat management (UTM) solutions – today announced its July 2010 Threat Landscape report, which showed that eight Sasfis botnet variants have landed in the company’s top 10 malware listing this period. This is an increasingly common occurrence, as developers continue to roll out updated copies of their creations. Earlier this year, the Sasfis botnet was dedicated to downloading and executing software (primarily fake antivirus) on infected systems. This period, Sasfis was observed downloading updated spamming modules. Typical Sasfis spam examples include fake UPS invoices and Facebook photo links.

Spam bots continue to diversify, sending a variety of spam themes on a frequent basis,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “This month we observed various socially engineered emails that came with HTML attachments. These attachments further contained obfuscated javascript which would redirect users to malicious sites. The diversity of these spam campaigns and their targets shows how botnets continue to evolve to serve the needs of their underground customers.”

Stuxnet Attack

This month’s Stuxnet attack (read our FAQ here), reiterates the importance of quickly patching security holes as fixes become available and having a broad intrusion prevention system (IPS) in place. Even with proper patch management, all it takes is one zero-day vulnerability to be exploited (even in low volume) to potentially cause a significant impact. While the Stuxnet attack is still under investigation, the fact that a trojan associated with the exploit was seemingly developed to target industrial control systems underscores this point. This is also a good example of how little interaction is required by the end user to become infected. The Stuxnet exploit attacked a Windows Shell vulnerability (CVE-2010-2568). To launch its attack, a user simply opened a folder.

“We saw a similar attack method with PDF files through JBIG2 image streams and Windows shell extensions back in February 2009 (CVE-2009-0658),where simply browsing a folder could trigger an infection,” Manky continued. “Fortinet detects the vulnerability associated with the Stuxnet attack as ‘MS.Windows.Shell.LNK.Code.Execution,’ and generically detects the exploited ‘.LNK’ payload with antivirus as ‘W32/ShellLink.a!exploit.CVE20102568′. As of writing, there are workarounds but no official patch has been released from Microsoft.”

Windows Help Center Vulnerability Exploited

On June 5, vulnerability within the Windows Help and Support Center that could allow remote code execution was publicly disclosed. Like Stuxnet, this is yet another example of a zero-day vulnerability successfully attacked before a patch is made available. We witnessed attacks on the vulnerability as early as June 11^th before Microsoft issued a patch for CVE-2010-1855 on July 13^th. The attacks that occurred through Websites were made more potent because they were launched through the HCP protocol handler, which is used by all browsers. In many cases Websites that serve exploits will try to fingerprint browsers and launch attack code tailored to those browsers.

FortiGuard Labs compiled threat statistics and trends for July based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.

To read the full July Threat Landscape report which includes the top threat rankings in each category, please visit: http://www.fortiguard.com/report/roundup_july_2010.html. For ongoing threat research, bookmark the FortiGuard Center or add it to your RSS feed. Additional discussion on security technologies and threat analysis can be found at the Fortinet Security Blog at http://blog.fortinet.com. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.

FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate, FortiMail and FortiClient products.

---
Related Articles at Blogjer - Technology at a glance:

• Fortinet August Threat Landscape Report Shows Return of Ransomware and Rise of ‘Do-it-Yourself’ Botnets
• Fortinet November Threat Landscape Report Highlights Reduced Spam Levels after Bredolab Takedown
• October Threat Landscape Report Highlights Increased Zeus/Money Mule Risk
• Fortinet Expands Web Application Firewall Family with New Appliances for Enterprises, Application Service and Cloud-based Service Providers
• Fortinet Leverages Spirent Solutions To Validate Best-In-Class Performance Of FortiGate-3040B

The ‘honeymoon’ period for Windows 7 is almost over with the rising number of virus/malware that targeting that OS. The latest is, Sophos has just issued warning about malware that targeting Windows 7 computers to download fake antivirus software.

The malware will try to fool you with pop up dialog box stating that your computer has many serious threats. Clicking on the ‘Remove all Threats immediately’ message will pop out another dialog box asking you to download the file called win_protection_update.exe. If you proceed, the malware that downloaded together with the exe file will asking for money to ‘disinfect’ the computer.

This unwanted incident can be simply avoided by ignoring such messages and avoiding visiting high risk websites such as porn, torrent and etc.

via

---
Related Articles at Blogjer - Technology at a glance:

• Looking for antivirus program in Bahasa Melayu: Try AVG Antivirus
• How to sync files, shared folder using Windows Live Sync
• SyncToy Synchronizes Folders and Files Between Locations
• Manage shared computers with Windows SteadyState
• Fortinet July Threat Landscape Report Shows Sasfis Botnet Variants Multiplying

• Internet Explorer 7 – Fix flaw that allow a malicious Web site to install malware on a vulnerable PC.

• Visio – Fix flaw where attacker can run any command if you open a hacked Visio file.

• Microsoft Exchange – Fix flaw where Microsoft Exchange could be taken over by a specially crafted TNEF message sent to it by an attacker.

• SQL server – Fixing flaw for possibly another attack after successful SQL injection attack.

The patches run on one of my notebook for IE7 and SQL server flaw.

---
Related Articles at Blogjer - Technology at a glance:

• TechNet MSDN Technology Summit – 15 Jan 2009
• even security blog does have spams..
• paypal security challange
• Microsoft To End Support Windows Vista Without Service Pack and Windows XP SP2
• WordPress 2.7.1 out now

Paypal has taken a security measure to the next level, maybe on par with financial institution’s internet banking with a new security feature.

Familiar with Maybank‘s TAC (transaction authorization code)?? If you’re a Maybank’s internet banking user, sure you’ll be. So, this one has almost similar concept with that.

The new feature is the extension of the Paypal Security Key token introduced earlier. Besides the key being generated from the token, there is another option where the key is now sent to your registered mobile phone.

But wait, this security feature is at present not available in most countries including Malaysia. The lucky ones are United States, Australia, Austria, Canada and Germany. Paypal account holders from these countries can register via registration page.

No second security layer to us just yet, so make sure you secured your account sufficiently.

via

---
Related Articles at Blogjer - Technology at a glance:

• paypal security challange
• Paypal Releases App for Blackberry
• secure your paypal before it’s too late
• Getting rid of spoof and spam email
• Withdraw Paypal Using Maybank Debit Card

Back to the CAPTCHA, it is not a new stuff in Paypal. According to the source in Wiki, Paypal has been using it (and some say invent it) since 90s to block an attempt by automated system to access Paypal. However, I’ve no answer on  what kind of form or situation triggering this CAPTCHA

A quick check on my RSS feed spot 2 webmasters on Ghacks and Saifulsham(his brother) who has their Paypal account fund been stolen or used for unauthorized transaction. Fraud can happen to anyone, even without you notice it or provide early signal.  Even after all security measure being taken, to ensure the safety of the account, this kind of thing can still happen when hackers become more creative than ever.

1 commentator in Ghack point me out to Youtube, where there are a lots of how-to-hack-paypal videos. I watch couple of them, including the one on top of the search result. It shows how to update certain paramenter on salespages’s source code to buy stuff on net with 1 cent.  I never tried it (and not gonna tried it), so I’m not sure if it works now. But it give basic impression that fully automated peyment system using Paypal is not that secure, without the involvement of human check.

There are couple of points that I learn from these 2 posts. I bet you know it, but not yet implement it. First and foremost is, don’t ever use your Paypal account (your email) for any registration, regardless with any kind of services. You might also consider to limit the usage of your Paypal email account even for email purpose. Use or create a new email account

Use debit card instead of credit card for your Paypal account. I’m sure many will disagree with this, but please give it some thought. Here is why. In case your account hacked, the damage is minimum to the extent of fund only in your account. You’re not risking losing more money since debit card amount is limited and most of the time, it only has amount whenever you want using it

Be careful when selling your Paypal fund for cash in forum. Your identity is in risk even though you’re registered using different email address. This is especially true if your password is not strong enough, which consist of common personal info such as your name, your nickname, what you like, your website etc. All these infos are crucial for intruder,  in process of guessing your password using automated system, thus gain a control. But you shouldn’t put much worry on this, if your password is strong enough.

Other than that, you might want to consider login into your e-commerce account (such as Paypal) from only your system. Avoid using public computer by any means if possible. You might not aware that public computer could have been installed with keylogger.  It’s not hard to find free keylogger nowadays. There are tonnes of free keylogger available on the net

OK now, it’s turn to listen to Paypal advice (taken from their website)

Website Security

• Type in the PayPal URL: To safely and securely access the PayPal website or your PayPal account, open a new web browser (e.g., Internet Explorer or Netscape) and type in the following: https://www.paypal.com/

Password Safety

• Never share your PayPal password: PayPal representatives will never ask you for your password. If you believe someone has learned your password, please change it immediately and contact us.
• Create a secure password: Choose a password that uses a combination of letters, numbers, and symbols. For example, $coo!place2l!ve or 2Barry5Bonds#1. Avoid choosing obvious words or dates such as a nickname or your birth date.
• Keep your PayPal password unique: Don’t use the same password for PayPal and other online services such as AOL, eBay, MSN, or Yahoo. Using the same password for multiple websites increases the likelihood that someone could learn your password and gain access to your account.

Email Security

• Look for a PayPal Greeting: PayPal will never send an email with the greeting “Dear PayPal User” or “Dear PayPal Member.” Real PayPal emails will address you by your first and last name or the business name associated with your PayPal account. If you believe you have received a fraudulent email, please forward the entire email—including the header information—to spoof@paypal.com. We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.
• Don’t share personal information via email: We will never ask you to enter your password or financial information in an email or send such information in an email. You should only share information about your account once you have logged in to www.paypal.com/row.
• Don’t download attachments: PayPal will never send you an attachment or software update to install on your computer.

Use Your Account Wisely

• Don’t share your account: Don’t use your PayPal account to collect or transfer money for someone else. These types of activity are often conducted as forms of money laundering or mail fraud and may result in significant criminal penalties. If someone contacts you and asks you to transfer money on their behalf, you should deny the request and contact us immediately.
• Increase your security: Become a Verified PayPal member.

Look for legitimate sites: Examine all privacy and security seals before doing business with a particular website and make sure they are legitimate.

---
Related Articles at Blogjer - Technology at a glance:

• Paypal introduces security key texted to your mobile (SMS)
• paypal security challange
• Paypal Releases App for Blackberry
• Withdraw Paypal Using Maybank Debit Card
• Donate to wikipedia

While he is busy with his security tips and speech around the world, doing paper work, writing new books, spammer (human or bot who never sleeps) has taken advantage by leaving spam trackback which appears to get loosen off from Microsost security/filter itself. This is nothing new and such behaviour can easily be avoided by even new bloggers.

If you use WordPress, maybe you should try Simple Track Back plugin to overcome this problem. It works well on my tiny blog. Or if you use your own MS blog platform (if it exists) or other blogging platform, why not request your engineers to create the same.

It does not only enhance the blog credibility, but also shows that your blog is as secured as your system.

My attempt to browse the illegal trackback was unsuccessful, since our Smart Filter blocks this URL as ”Spammer URL’ . It looks like this system is clever than yours in handling spam.

note: this serves as an entertainment only, don’t take it seriously okey! I do know that spam is different from security.

---
Related Articles at Blogjer - Technology at a glance:

• Silence is golden for spams?
• Drupal better than WordPress??
• Identifying spams no longer a big deal
• paypal security challange
• spammer also taking a break