Tettnang, 28 September 2009 – Avira is planning to show its extensive product portfolio for protecting against viruses and threats from the Internet on stand 6-318 at the it-sa 2009 IT security show, which is to be held in Nuremberg from 13 to 15 October 2009. As well as virus protection for Windows environments, Avira will also be showing its security solutions for Linux/Unix, as well as its recently revised gateway solutions. The Avira AntiVir MailGate and Avira AntiVir WebGate Suite products are aimed at small and medium-sized businesses, as well as businesses at enterprise level, and feature excellent detection and protection performance.

Avira’s virus guards already have their shields up at gateway level and intervene before harmful content can actually penetrate a company’s network. Thus, Avira AntiVir WebGate Suite uses configurable black and white listing to include or exclude specific domains from its checks. This solution uses the associated URL database to recognize phishing, malware, spam and fraudulent URLs automatically. AntiVir MailGate secures email communications for businesses by checking inbound and outbound messages on the mail server as they happen. This enables even small and medium-sized businesses to protect their entire network by promptly recognizing possible threats.

Safety first: obligations on training institutions

Posted by Kyle Reiners at 18:51

This is only a test!

Posted by Greg Hewitt-Long in NOD32 News at 12:41

Sharon Gaudin, Computerworld

A Miami, Fla., man and two Russians today were indicted by a grand jury in New Jersey on charges of conspiring to commit some of the largest data breaches in U.S. history.

Albert Gonzalez, 28, and the two as-of-yet-unnamed Russian citizens are charged with running an international scheme to steal more than 130 million credit and debit card numbers along with personal identifying information from five companies, including Heartland Payment Systems, Inc., 7-Eleven, Inc. and Hannaford Brothers Co. The two other companies were not named in the indictment because their breaches have not yet been made public.

"This represents another major step forward in our efforts to prosecute individuals responsible for these major data breaches," said Assistant U.S. Attorney Erez Liebermann, who is prosecuting the case with Assistant U.S. Attorney Seth Kosto. "It also further illustrates the ability of the U.S. to work with foreign law enforcement in these international cases and track down people even when they use sophisticated means."

The data breach at Heartland, which is based in Princeton, N.J., is considered to be one of the largest data breaches involving credit cards ever reported in the U.S. Heartland said earlier this year that it has already spent or set aside more than $12.6 million to cover costs related to the intrusion there.

The data breach at Hannaford resulted in the reported theft of up to 4.2 million credit and debit card numbers from its systems.

Posted by Nancy Pursley in Virus & AntiVirus News at 09:58

By Jeremy Kirk, IDG News Service

Web sites such as Twitter are becoming increasingly favored by hackers as places to plant malicious software in order to infect computers, according to a new study covering Web application security vulnerabilities.

Social-networking sites were the most commonly targeted vertical market according to a study of hacking episodes in the first half of the year. The study is part of the latest Web Hacking Incidents Database (WHID) report, released on Monday. In 2008, government and law enforcement sites were the most-hit vertical markets.

Social networks are "a target-rich environment if you count the number of users there," said Ryan Barnett, director of application security research for Breach Security, one of the report's sponsors, which also includes the Web Application Security Consortium.

Twitter has been attacked by several worms, and other social-networking platforms such as MySpace and Facebook have also been used to distribute malware. That's often done when an infected computer begins posting links on social-networking sites to other Web sites rigged with malicious software. Users click on the links since they trust their friends who posted the links, not knowing their friend has been hacked.

The WHID sample set is small, encompassing 44 hacking incidents. The report only looks at attacks that are publicly reported and those with which have a measurable impact on an organization. The WHID's data set is "statistically insignificant" compared to the actually number of hacking incidents, but shows overall attacker trends, Barnett said.

Other data showed how Web sites were attacked. The most common attack was SQL injection, where hackers try to input code into Web-based forms or URLs (Uniform Resource Locators) in order to get back-end systems such as databases to execute it. If the input is not properly validated -- and malicious code ignored -- it can result in a data breach.

Other methods used include cross-site scripting attacks, where malicious code gets push to on a client machine, and cross-site request forgery, in which a malicious command is executed while the victim is logged into a Web site.

The WHID found that defacing Web sites is still the most common motivation for hackers. However, the WHID includes the planting of malware on a Web site as defacement, which also points to a financial motivation. Hacked computers can be used to send spam, conduct distributed denial-of-service attacks and for stealing data.

"Ultimately they [the hackers] want to make money," Barnett said.

Our Comment: Be careful what you click on especially on these social networking sites.

Original Article

Posted by Nancy Pursley in Virus & AntiVirus News at 11:40