Web based attacks


Move Over Conficker, Web Threats are Top Enterprise Risk

Microsoft is ready to officially declare network worms passé for the enterprise. In its latest Security Intelligence Report, released Wednesday, Microsoft said that risks posed by Web-based threats to large, distributed network environments have surpassed malware such as Conficker. The report is based on data collected from more than one billion endpoints in more than […]

Five Shocking Statistics From The Latest Internet Threat Report

Anti malware company Symantec released its threat report for 2011 on Monday. Buried in the dry statistics about the number of Web based attacks and malicious programs detected during the year are some surprising facts. Among them: religious-themed Web sites are among the dirtiest on the Internet.


The FBI continued its pursuit of members of the hacking group LulzSec on Thursday, arresting a 23 year old Phoenix, Arizona man believed to be part of an online hacking crew that attacked systems belonging to Sony Pictures, the Bureau said in a statement Thursday.

The clock is ticking for Apple to issue a patch for the iOS operating system that powers iPhones, iPods and iPads following the release of a remote exploit that uses specially crafted PDF files to defeat iOS’s content protection mechanisms and “jailbreak” mobile devices like the iPhone and iPad. 

As government agencies and the military bar access to the WIkileaks documents, a poll of Web filtering providers finds most label the leak site more “newsy” than “naughty.” 

HED: Wikileaks: Controversial, But is it NSFW?
DEK: As companies look to bar access to the WIkileaks documents (or not) Web filtering providers must decide how to categorize the leaked documents. 
The controversy surrounding leaked diplomatic cables prompting organizations to weigh whether or not to block access to the leaked documents. But a poll of prominent Web filtering firms by Threatpost suggests that most consider WIkileaks sites to be sources of “news and politics,” not suspicious and malicious Web sites that demand blocking or extra security. 
Employee access to the leaked documents became a headline issue this week after it was reported that the U.S. Air Force is blocking its computers ability to access not just the Wikileaks Web site and mirror sites, but also the Web sites of news organizations, including that of the New York Times and 25 other news websites, that published the classified documents. (http://www.nytimes.com/2010/12/15/us/15wiki.html). In an unrelated story, the operators of a prominent WikiLeaks mirror Web site found its domain classified as “suspicious” by anti spam group Spamhaus. (http://www.theregister.co.uk/2010/12/16/wikileaks_mirror_malware_warning_row/) As corporations and governments weigh their “position” on Wikileaks, Web content filtering firms find themselves on the front lines: providing the tools to block access to those sites and, in some cases, helping define exactly what WikiLeaks “is” and “is not.” Our poll shows that, while there’s no consensus on how to characterize Wikileaks and its mirror sites, most content monitoring firms are treating the leaks site as a source of news and information, but leaving it up to customers to decide for themselves. 
Writing for Blue Coat Systems, malware researcher Chris Larsen said that his company is “neutral” when it comes to classifying the Wikileaks content, saying that its customers make decisions about what content to allow or block their users from seeing. Wikileaks documents are no different from other classes of content – including porn: some customers will want to block it and others won’t. Blue Coat Webfilter categorizes Wikileaks and its mirror sites in two categories: Political/Activist Groups and News/Media. The former are described as “sites sponsored by or that provide information on political parties, special interest groups, or any organization that promotes change or reform in public policy, public opinion, social practice, or economic activities.” The latter, News/Media sites, are defined as “sites that primarily report information or comments on current events or contemporary issues of the day. This category also includes news radio stations and news magazines but does not include sites that can be rated in other categories,” according to Blue Coat. 
Blue Coat customers can create policies that target specific sites within those categories to avoid overblocking content, according to Jennifer Arculeo, a spokesperson at BlueCoat. 
Wikileaks and its mirrors are “News and Media” sites for security firm Fortinet, too, said Ken Lin, a member of Fortinet’s FortiGuard security team. 
Over at McAfee, Wikileaks and its mirrors are classified as “Politics/Opinions” sites – one of over 90 different categories that McAfee lets customers choose from. Customers can also add their own sites to the filter in accordance with their policies, the company said in an e-mail statement. 
A Cisco Systems spokesman said that organization didn’t categorize Wikileaks and its mirrors one way or the other, though that would change if they started pushing malicious code or other threats. The same was true of Kaspersky Lab, though the sites do run afoul of Kaspersky’s parental controls for frequent mentions of war and violence, said Andrey Nikishin, General Manager of Kaspersky’s Cloud & Content Technologies.
Calls to censor Wikileaks within the U.S. have escalated since the release of “Cablegate,” a collection of more than 200,000 pages of sensitive diplomatic cables. This week, U.S. Senator Joe Lieberman called publicly for investigations of news organizations that published the cables (http://thinkprogress.org/2010/12/07/lieberman-understand-doj-treason/), including The New York TImes, while other politicians suggested Wikileaks founder Julian Assange should be tried under an 80 year old “Espionage Act” in the U.S. A newly elected U.S. Representative from Florida, Allen West (R-Fort Lauderdale) was quoted saying that media organizations that published leaked documents should be censored (http://floridaindependent.com/17394/allen-west-calls-for-censoring-news-outlets-working-with-wikileaks), though West later said he meant to say “censured,” not “censored.” 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.