Business Daily from THE HINDU group of publications
Monday, Dec 03, 2007
ePaper | Mobile/PDA Version
eWorld
Features
Stocks
Cross Currency
Shipping
Archives
Google

Group Sites

 eWorld - Security
Download only safety

Security experts on the dangers that lurk in cyberspace.



Niraj Kaushik

R. Savitha

While overall spam activity has been remaining steady, the tactics being used are changing, say industry watchers. Image spam appears to be on the decline while the use of document attachments such as PDF is on the rise.

Chia Wing Fei, F Secure Security Response Lab, Kuala Lumpur, Prabhat Kumar Singh, Director, Security Response Lab, Symantec India and Niraj Kaushik, Country Manager, India and SAARC, responded to eWorld queries on the cyber security scene. Excerpts:

What type of files are downloaded using the PDF format?



Chia Wing Fei

C.W. Fei: The PDF file is Trojan-downloaded. Once it is opened, it contains instructions to download more components that collect information such as passwords from the infected PC.

Niraj: A critical flaw in Adobe Reader and Acrobat was discovered, which Trend Micro detects as EXPL_PIDIEF.A. TrendLabs has received reports of Trojan-downloading PDF files making the rounds in e-mail inboxes. The malicious PDFs use the exploit code.

Incidentally, Adobe released a patch for this flaw in October 2007. Malware authors are banking on the possibility that most Reader and Acrobat users would not have downloaded and installed the critical update yet. Based on the initial analysis, the PDF files bear ‘business-sounding’ file names, such as Your_bill.pdf or Invoice.pdf.

Once such a file successfully exploits the Adobe vulnerability, it proceeds to disable the Windows firewall, downloads an .EXE file, and steals information from the affected system. Trend Micro detects the PDF file as Expl_pidief.b, and the downloaded .EXE file as Tspy_papras.cf.

P.K. Singh: Till May and June this year, spammers were using images or .JPG files to disguise their messages. But with security firms blocking such mails, spammers have begun using .PDF files. When security firms got wiser to image spam and invested in ‘optical code recognition’ software to recognise image spam, spammers have come out with the latest PDF attachments as spam that are more complex to analyse and cost more money. PDF spam now accounts for close to 8 per cent of all spam.

From where does such a file originate? Which countries have reported similar attacks?

C.W. Fei: It seems to be originating from Russia. Once the PDF file is opened, it downloads a file from a server hosted by RBN (Russia Business Network), which is an organisation known for hosting malicious content. We then saw some later variants downloading a file from a server in Malaysia. Fortunately, it has been taken offline now.

Is there any patch or downloads to stop the attack?

C.W. Fei: You are affected if you are using Windows XP or Windows Server 2003, Internet Explorer 7 and Adobe Acrobat or Reader Version 8.1 and earlier Reader Versions. To ensure that you are protected, your antivirus must be updated and your Adobe Acrobat or Reader must be updated to the latest version 8.1.1.

Niraj: Active protection ‘in-the-cloud’ is important in the messaging realm because once e-mail reaches the Internet gateway, regulatory requirements mandate e-mail retention for as long as 10 years. Hence, pre-filtering e-mail in-the-cloud saves bandwidth, reduces storage and maintenance costs, and aids protection.

At this layer, protection should include e-mail sender IP reputation checks, domain IP reputation checks, an e-mail firewall, and anti-spam and anti-virus filtering (with zero false positives in this layer). The e-mail firewall should be hosted outside of the e-mail server to prevent distributed denial-of-service attacks and directory harvest attacks (i.e., attacks that randomly search for valid e-mail addresses). At the Internet gateway, anti-spam and anti-virus software should include attachment scanning to detect attachment spam — a relatively new form of bot-generated spam that is difficult to identify, which uses images to conceal spam, consumes storage, and usually contains malware.



Prabhat Kumar Singh

P.K. Singh: Symantec is currently addressing these attacks in several different ways, including enhancing rule filters to target different aspects of the message body and headers as the attacks quickly mutate.

Symantec is also improving the zombie detection for image-based spam.

Who are the target segments?

The target segment is youngsters who use the Internet in day-to-day life. Business executives, IT administrators and working professionals are also affected by such attacks.

savitharin@gmail.com

More Stories on : Security

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
For wisdom on the wing...

To hop or not to hop...
Identifying unknown devices
Intel original motherboard display
‘IT spending will only go up’
Internet as teacher support
Safety took backseat
Download only safety
Quiz
Artificial intelligence in ‘power’ prediction
Cartoon
Playing pleasure
The exclusive one

The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | The Hindu ePaper | Business Line | Business Line ePaper | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |

Copyright © 2007, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line