Browsing Posts in News
Abstract
Anti-Debugging techniques take different forms from hiding code from reverse engineers and also to avoiding programs from automated analysis in virtual environments. Gone were days where the malwares encryption used XOR or some algorithms implemented like LZMA in UPX or used simple API to check debugger detection. My day-to-day experience with malwares through Comodo Antivirus for 3 years not only enabled me to keep myself updated with the latest anti-debugging techniques by different malwares and protectors but also made me write Anti-Anti debugging techniques. In this paper I would like to share my research on the currently prevailing anti-debugging techniques used by various commercial software like ASProtect, Armadillo, Themida, SVKP, VMProtect, and some of the famous malwares tricks based on the Windows NT operating system platform.
Read more on this paper available for free download Here
?As corporations across the country have come to understand the nature of today’s fast-evolving cyberthreat landscape, many of them are now asking themselves the same question: What kind of security team does an organization need?
The modest recoveries in the economy and the painful security lessons of last year – like the theft of millions of credit card details or valuable intellectual property in single, calculated heists – have prompted companies of all sizes and in every sector to rethink their hiring priorities and step up their recruiting in cyber-security.
According to data from employment market information firm Wanted Technologies, cyber-security job openings across the country went up from 32,000 to 40,000 in the first three months of the year, a 25 percent increase.
“We’ve had the busiest quarter we’ve had in a number of years,” said Joyce Brocaglia, chief executive officer of information security recruitment firm Alta Associates. “We probably have a 50 percent-plus increase in the number of companies that are coming to us with security positions this year compare to the same period last year. It’s huge.”
Need increases
“The economy has been so poor in the last couple of years that companies working with skeleton crews and limited resources are at a point where they can’t continue handling risk management if they’re constantly understaffed,” he said. As a result, firms across all sectors – from e-commerce, financial services and health care to online gaming and government contractors – are thinking more about who’s handling their security.
Specialized skills
But finding the right people is not necessarily an easy job, because companies are looking for very specific skill sets in candidates, and those specialists are in short supply. Recruiters said their clients are mainly looking for people with experience in identity and access management and cloud computing. Alan Paller, director of research at the cyber-security training group SANS Institute, said organizations with large stakes in protecting against attacks are looking for skills necessary to detect evidence of attacks, such as forensics and reverse engineering.
For instance, Google, which is already praised in the security community for its strong team of experts, has advertised more than a dozen security positions on its job Web site and LinkedIn for several weeks. “Looking for high-quality security talent is always a focus of ours, but … we do have quite a few openings right now,” Google spokesman Jay Nancarrow said in an e-mail. “We definitely would like to grow our team to help us with a variety of important and challenging opportunities.”
Take your pick of jobs
Two renowned security researchers who asked to remain anonymous said Google recruiters have approached them and several colleagues. One of them said he was strongly considering the offer. “I’ve had more recruiters talk to me in the last couple of months than in all (of) 2009,” said the other researcher. “It is definitely an employee’s market right now. If you’re a high-profile security researcher, you can pick whoever you want to work with and you should be able to get in.” After a profitable third quarter last year, Google chief executive officer Eric Schmidt said the worst of the recession was over and that the company’s top priority would be investing in new hires, particularly of engineers and sales personnel. However, it is unclear if the recent security openings preceded or are related to the December cyberattack that Google said originated in China and that the New York Times reported this week was intended to seize the source code of the company’s password system.
Posts at big firms
“Your assumption is that Google, of all companies, would be able to defend itself, and it couldn’t,” Paller said. “In the aftermath of the China mess, they found out that the tools that people thought would protect them fail to protect against these advances threats.” Other Internet and technology giants like Amazon.com, eBay, Microsoft and Adobe Systems are also currently advertising dozens of security-related jobs in their Web sites. Brocaglia said having more people thinking about security also means more work for second-market organizations like security vendors and consultants that cater to small and medium businesses that need to outsource their security operations. “The world changed in the last couple of years, and the bad guys won. Now we need new security people to fill those gaps,” said Jeremiah Grossman, chief technology officer at Web application security firm WhiteHat, which is also hiring new personnel to meet the growing demand for their services.
Source: http://ow.ly/179VKD
Criminals have been keen to take advantage of the critical update bug that affected McAfee users in the past few days.
A false-positive in McAfee’s detection of the “Wecorl.A” virus caused hundreds of thousands of computers around the world to repeatedly reboot themselves, as the antivirus software falsely zapped (Quarantined) the windows critical “svchost.exe” file.
To its credit, McAfee is discussing the problem on its online community forum, has apologized, withdrawn the buggy update, and advised customers on how to manually fix the affected computers.
But that hasn’t stopped blackhat SEO hackers from creating poisoned Web pages that appear high in the search rankings if you hunt for information on the McAfee false-positive.
Clicking on one of these dangerous links can take you to a Website that harbors the FakeAV scareware (also known as fake or rogue antivirus) attack, designed to trick you into believing you have a serious security problem on your computer — and urging you to purchase or install other code from the hackers behind the scam.
If you have suffered from the false positive, then I suggest you visit only McAfee’s Website for advice — and not to go clicking on unknown links.
Source: http://ow.ly/179UEO
Kirllos, a person calls himself in the underground forum, a hacker is accused of being responsible for the theft of an unprecedented number of user accounts from Facebook. Researchers from iDefense group, company VeriSign, discovered recently that the hacker sold usernames and passwords on a networking forum through hacking. But what really drew attention was the amount of data that the criminal had for sale: 1.5 million accounts. The ratio of accounts will be simply 1 in 300 registered Facebook Account.
The VeriSign not yet confirmed if the bills sold in the forum are legitimate. Facebook has not commented on the situation. Second statement, if the data are real than Kirllos has the account information of about one in every 300 users of social networking. The price of market sales hacker ranges from $ 25 to $ 45 per thousand accounts, depending on the number of contacts for each user. According to the intelligence director’s cyber VerigSign, Rick Howard, yet the criminal seems to have sold about 700 000 accounts. “Hackers have sold the credentials of social networks for some time. We have seen an active trade names and passwords for VKontakte Russia, for example. But now the trend is to go behind global goals such as Facebook,” says Howard. According to security firm virtual, “Facebook has more than 400 million users worldwide. In the case of stroke, criminals send messages from a compromised account, telling friends that the owner is stuck in a foreign country and need money to go home, ”
On Wednesday (2010/04/21), millions of computers came to a dead halt when McAfee Antivirus falsely identified a normal Windows update file (svchost.exe) as infected with the malware name “Wecorl.a”, causing machines to either crash or enter an endless shutdown – reboot cycle. This false positive affected Windows XP SP3 systems, disabling computers in schools and hospitals, and even halting production lines in some industries.
McAfee quickly called the fix into action, dedicating its staff of more than 7,000 to fixing the problem. False detections occuring with antivirus detection is something which can’t be accepted.
The company’s official response to the false positive issue, from the McAfee website, is as follows:
- McAfee is aware that a number of customers have incurred a false positive error due to the release of the 5958 virus superdat definition file at 2:00 p.m. GMT+1 (6 a.m. PDT) on Wednesday, April 21.
- Our initial investigation indicates that the error can result in moderate to significant issues on systems running Windows XP Service Pack 3. If you are one of those impacted, we understand that this is a significant event for you and we’re very sorry.
- McAfee is taking every measure to prevent this from reoccurring.
- McAfee employees are working with the highest priority to support impacted customers. We have released updated virus definition files that do not contain the problem (DAT 5959 and higher) and are providing customers with detailed guidance on how to repair impacted systems.
Hackers of course quickly jumped on the bandwagon, putting up websites and adding SEO techniques that claimed to help you solve the problem but instead led straight to malicious links.
