Archive for August, 2009

In Good Company…

Published August 24, 2009 Uncategorized Leave a Comment

From editor Alison

Last week, one of the contributors to this blog, Michael Gregg, was interviewed by the NY Times for an article on phone hacking. Writes author Roy Furchgott:

“We are about at the point with phones that we were with desktops in the ’80s,” said Michael Gregg, president of Superior Solutions, a computer security company. Viruses were just emerging, and there was little public awareness, he said.

See, we told you we have the best instructors out there – even the NY Times wants to talk to them!

You can read the full article here. Our hats go off to Michael for being a thought-leader in the security industry.

Skinning AnyConnect

Published August 21, 2009 Cisco Security Comment
Tags: ,

I had a client this week ask me how to re-skin and customize the Cisco AnyConnect client for their employees so I decided to share this with you, my blog readers, as well.

As we know, the Cisco AnyConnect client allows users to connect to their corporate offices via the SSL VPN. When you install the AnyConnect, you have a choice to either have the client delivered on-the-fly to your employees once they log into the ASA with the web interface, or to preinstall the software to your users by pushing the AnyConnect MSI file ahead of time. As a side note, the AnyConnect client does require admin rights to be installed.

Once the software is installed you can launch AnyConnect at anytime from the start menu on the local PC. By default, the client looks like this:

post1

But you can easily re-skin the client via two different methods. Re-skinning the client allows us to change any of the images you see associated with the AnyConnect.

Continue reading ‘Skinning AnyConnect’

Cell Phone Bots

Published August 19, 2009 Uncategorized Leave a Comment
Tags: , ,

In an earlier post I wrote about Sexy Space, the cell phone bot that was recently discovered.  Just the other week, news had been released that this piece of malware is actually from several companies in China.  The interesting part is that the code was actually approved by Symbian.  The Symbian foundation requires mobile application developers to submit code for approval before being released as an approved (safe) application – the Symbian Foundation automatically scans submitted code for viruses. Sexy Space passed this test and had not been subjected to a second random human review/audit.

What is troubling is that Sexy Space may be only the tip of the iceberg. It is entirely possible that we have yet to see the real damage this type of mobile malware can potentially do.  What’s changing is the rise in smart phones.  While the cell phone market in the US is reaching a saturation point, the market for smart phones and data driven services represents the next big market. When a cell phone operating system (OS) gains dominance, such as the Microsoft OS has done in the computer world, these platforms could become real targets.

It is said that the best way to understand current and future events is to look to the past.  If that’s true, consider the fact that back in the 1990s, spyware was non-existent.  High speed, always-on computer systems changed the landscape and offered attackers and identity thieves a new vector of attack.  Is it not logical to conceive that cyber-criminals are not going to follow these same trends again and will instead explore methods to target smart phones?  Is there anything of value on smart phones, like addresses, phone numbers, passwords, credit card information, financial data, or other personal information?

While the argument is still being made over whether Sexy Space is really a bot, worm, or virus, there is one item that is agreed upon; in 2007, the statement was made that “Symbian has never found any malware written for it.” This statement is no longer true.

From Michael Gregg

Cell Phone Botnets and their Incremental Advances

Published August 6, 2009 Uncategorized Leave a Comment
Tags: ,

While some have sounded the alarm for cell phone viruses, worms, and bots for a number of years, these threats have yet to make themselves seen in a major way.  There are several factors that have contributed to the slower than expected advancement of this category of malware.  These factors include lack of bandwidth, a fragmented market, and a much shorter lifecycle for cell phones than for a computer.
The factors that worked against the spread of these types of malware are changing. More cell phone providers are moving from just providing voice to also providing increasing amounts of data.  Platforms such as the iPhone have captured a large portion of the cell phone market.  Considering these changes, is it really that surprising that a new, more advanced cell phone bot has been discovered?  It’s called Sexy Space and may be the first true bot that can propagate via cell phone.

The Sexy Space malware works by sending text messages that read, “A very sexy girl, Try it now!” The message contains a link that, if clicked on by the user, prompts them to download software. Once installed, this software sends the same message to all the contacts stored in the victim’s phone. Unlike other SMS viruses, Sexy Space has the ability to communicate with a central server.  This feature could give an attacker the ability to control the infected phone. Sexy Space doesn’t use this feature effectively, and the code is only designed to attack the Symbian OS.  These factors reduce the threat of this particular piece of code.

It is important to remember that many threats evolve in an incremental manner.  Yesterday’s proof of concept may become tomorrow’s mainstream attack.

From Michael Gregg

Image source

Subscribe in a Reader

Subscribe by Email

Follow us on Twitter

Featured Courses