SANS – Internet Storm Center – CME-24 (Blackworm) Analysis: The destruction does not appear to spread across Windows network shares

Posted by Fred Wilson on July 18, 2010 · Leave a Comment 

SANS – Internet Storm Center – CME-24 (Blackworm) Analysis: The destruction does not appear to spread across Windows network shares

CME-24 Analysis: The destruction does not appear to spread across Windows network shares (NEW)

I wanted to share some of the results of some long hours spent looking at this malware.  When the infection occurs, it immediately places copies of itself  locally on each share and on each share/mapped drive that it finds.  Based on this behavior, my initial thoughts were that the destructive payload would be carried out via shares and/or mapped drives as well.

I now have changed my initial thoughts on how the destruction would occur.  Here are some of my notes from my testing of this concept.  Here is the MD5 from the file I was using:

1c66904ecb846da5b1fb2072f9ea6e0e *New WinZip File.exe

The first test I did led me to believe that the destruction would be carried out via the shares and mapped drives.  In my intial test, I had two infected systems (one XP and one W2K) with drives mapped to each other.  I infected each box, changed the system time to Feb 2 at 11:50pm, launched ethereal, filemon and ran the the first shot using RegShot.  After an hour, I stopped the captures and launched my second shot of the hard drive with RegShot.  All my data files were now over written, zip files were corrupted, etc.  Everything was happening as I thought it would.  All my mapped drives had corrupted files. The security logs from each box showed accesses from the other.

For the rest of this in depth analysis, go here: SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System.


February 2, 2006 –


Posted by
antivirusguy |
Antivirus News

Filed under General · Tagged with , , , , , , , , , , , , ,

Use The Right Application Security For Your Network

Posted by Fred Wilson on June 22, 2010 · Leave a Comment 

We all know that the biggest threats for IT systems come from the Internet, computers being attacked with all kind of menaces, all the time. If a laptop or a desktop computer would not be connected to the World Wide Web, the only possible threats would be coming when data from external sources, like CD’s, DVD’S, memory sticks or cards etc. would be copied on the systems. So, it is important to choose the right application security for your network and use a powerful internet filter.

The dangers are not coming only from viruses, which are probably the most known, but also from hacker’s attacks, worms, spam etc. This is the reason why an application security must provide protection against all these menaces. So, it is wisely when you want to buy one protection appliance, to research about the possibilities that you have and decide only afterwards. Like a method of protection, you can use an Internet filter, which will allow you to control what websites can be visited, what kind of data could be downloaded, etc. Parents can use this application security really well, so their children would not be able to visit all kind of websites with violent images, or other negative things that could affect their well being.

An Internet filter can also be used by employers, so their employees wouldn’t lose time surfing the web. No matter why the application is bought, it is important to be easy to use. In this way, people with different levels of computer experience would be able to install it and use it at full capacity. Also, it is important to choose an application really effective at filtering data, in accordance with the buyer’s needs. A good Internet filter will offer daily reports about the activities everyone had on that computer.

People can evaluate these days the level of risk for each computer if they use an application security which allows them to replicate different attacks on a certain system. The vulnerability scanning appliance will determine in what way computers can be threatened and what are the right solutions for resolving these problems. It is a great application security because it helps people prevent potential losses and also perform assessments at regular periods of time. This way, they can understand better at what level the present status of the security system is and how it can be improved.

Nowadays, the Internet is a great source of information and education, but it can also pose certain threats. All these possible threats must be counteracted somehow. This is the reason why so many protection applications are now available on the market. But being multiple and diverse dangers many people opt for a single application security that includes protection for all possible problems. Such solution is represented by the United Threat Management – UTM that includes firewalls, anti-viruses, Internet filter, anti-spam technology etc. It is a really viable application and it has the advantage of being really simple to use. Under these circumstances, it is not to be wondered why so many people opt for this solution more and more often these days.

About Author
Want to know everything about application security? Don’t be afraid to check out our Internet filter and other software programs! We are guaranteed to make a positive impression.

Filed under web security · Tagged with , , ,

Network Security Management Service by Fiverivers

Posted by Fred Wilson on June 17, 2010 · Leave a Comment 

The confidential data security is considered to be the main support of the modern companies. You can experience various network problems during your work. The organization has to bear great loss of revenue due to network downtime, unauthorized intrusions, and service disruption. Therefore, network security technologies are required for network protection against any theft or misuse of business confidential information or data. It also guards from internet-borne viruses and worms.

With the increase of business requirement and complexity of network, the risk of external and internal attacks increases. Therefore, it is very important to maintain data integrity and protect information assets. The exposure of valuable and confidential data over the web may lead to your data vulnerable and volatile. The attackers or hackers can easily read your confidential data with the help of vulnerable applications. Web security management ensures to protect from any web attacks.

What is Network Security Management Service?

The Network security management service protects the business assets, critical information and prevents new risks to ensure business continuity. The network security elements like firewall and intrusion detection systems are used over the interconnected network. It prevents business internal and external assets from any outside threats. The organization’s complete network is properly designed, managed and tested regularly by the network security management service provider. The network security management is the best practice for handling, transmitting and storing sensitive data.

Why an organization need Network security?

  1. Protect your data against internal and external network attacks.
  2. Employees can access the data from anywhere at any time with the assurance of private data protection.
  3. Make you confident during any data sharing over the network.
  4. Network security also prohibits the unauthorized applications from being used.
  5. It helps to collaborate and work together with business partners more effectively.
  6. Productivity across an organization boosts with an effective network security.
  7. It prevents exposure to viruses or malware.

Have not installed network security system yet?

Protecting the business network from any intrusion is the vital aspect of security in the data center. You may undergo the following losses if you have not installed network security system to your organization’s network.

  1. If network security system is not installed, external and internal threats can hammer your business’s integrity and continuity of operations.
  2. If network and internet connection is not running properly and safely, business can suffer great loss of revenue.
  3. Without network security, your data can be easily attack by hackers, viruses and spywares.
  4. It can also increase the risk of confidential data leakage.
  5. Unauthorized access to your system can even disallow you to access your own resources.
  6. Other users on network may maliciously transform your data into unwanted place where you did not intend.

The business owner just needs to understand the benefits of network security programs. You need a network security management service that reliably supports all types of data and act as safeguards to your valuable information assets.

Five Rivers network security management solution ensures flexible and secure network infrastructure for your business. You can find reliable and secure network security management for your business. We have the ability to meet your all network security needs. We also provide 24X7 network security services and meet the multi-dimensional needs of our customers.

About Author
Five Rivers is a leading IT company that provides a wide range of cost effective IT support services and Network security management services. Five Rivers have a dedicated team of experienced and qualified engineers who resolve IT issues comprehensively with a focus on quality assurance.

Filed under web security · Tagged with , , , ,