Symantec Threat Bulletin: Symantec Warns Computer Users About Major Internet Explorer Vulnerability and Offers Tips on Protectio

<p>Symantec Threat Bulletin: Symantec Warns Computer Users About Major Internet Explorer Vulnerability and Offers Tips on Protection</p>
<p>Microsoft recently announced a zero-day vulnerability that affects Internet Explorer 6, 7 and 8. This vulnerability is linked to the attacks against Google, which were publicised last week. Part of the discussion has revolved around Trojan.Hydraq, which is being used to exploit the Internet Explorer zero day vulnerability. While this most recent incident has brought much attention to Hydraq, the trojan itself is not new.</p>
<p>The trojan is very much a standard backdoor trojan and is not all that sophisticated when compared to other malware currently being propagated online. Based upon the functionality of the trojan, we can safely surmise that its intent is to open a back door on a compromised computer allowing a remote attacker to monitor activity and steal information from not only the computer itself, but the larger infrastructure to which the computer is connected. For a more comprehensive description of Trojan.Hydraq’s abilities and some helpful images related to the trojan, please visit this posting on Symantec’s Security Response blog.</p>
<p>Also, if you’d like to discuss Trojan.Hydraq or the types of targeted attacks it could be used to carry out in greater depth, please let me know and I can put you in touch with a Symantec security expert.</p>
<p>Many thanks,</p>
<p>Jasmin</p>
<p>Protection For Consumers</p>
<p>What should computer users do to protect themselves now so they don’t become victims later?</p>
<p>1. Stay on top of security patches. Vulnerabilities happen all the time, regardless of the operating system or software maker. In the case of Microsoft Internet Explorer, according to Symantec’s Internet Security Threat Report, in 2008 alone, there were 47 new vulnerabilities identified in the browser. Make sure the operating system and software/applications are updated with the latest patches. While Microsoft hasn’t released a patch for this vulnerability yet, it’s likely it will in the future. Depending on the operating system, critical patches are usually pushed out to the computer automatically or users will receive a notice on their computer that updates are available. These messages should not be ignored. Updates should be downloaded as soon as possible.</p>
<p>2. Not all security software is made equal. Antivirus alone will not protect against a zero day vulnerability because antivirus software needs to know about a threat first so that a signature can be created to detect the threat. With zero day vulnerabilities, being in that situation means too little, too late. Computer users need a complete security solution with an intrusion prevention system which can detect new exploits that target vulnerabilities without signatures.</p>
<p>3. Get educated about how to stay safe online. Computer users can learn more about how to protect themselves by visiting Norton’s Every Click Matters site.</p>
<p>Enterprise Solutions and Trojan.Hydraq</p>
<p>Enterprise solutions that protect against this threat include:</p>
<p>Symantec Protection Suite</p>
<p>These attacks were targeted at the core security infrastructure of organisations. With Symantec Protection Suite, the multiple layers of
defence bolster an organisations ability to defend against attacks from various places and vectors. Having a robust defence at the gateway with Brightmail Gateway for SMTP email security, along with Web Gateway for Web traffic and usage, ensures that an organisation is able to monitor all incoming and outgoing mail and Web traffic, constantly monitoring for and stopping threats. The Protection Suite also ensures endpoints are clean with its market leading Endpoint Security product. Finally, by having access to Symantec’s Backup Exec for desktops and laptops, in the event that an endpoint is infected, running a complete re-image is quick and easy, ensuring up-time and employee productivity. Symantec’s security products are backed by our Global Intelligence Network, ensuring customers are protected and are up to date with rules and signatures.</p>
<p>Symantec Hosted Services</p>
<p>Today’s threats span multiple communication protocols and can evade signature-based detection. Symantec Hosted Services help protect
against converged threats that span email, Web, and instant messaging. Our proprietary heuristic technology for malware and spam filtering, captures and shares threat intelligence across these protocols and provides identification of previously unseen threats. All of this is managed via a single, integrated security management console that simplifies administration while increasing visibility and control.
Link to Symantec Hosted Services page: http://www.symantec.com/business/theme.jsp?themeid=hostedservices&amp;inid=us_ghp_staticpromo_hostedservices</p>
<p>Links to trialware:</p>
<p>Hosted Email Security - http://www.messagelabs.com.au/trials/hosted_email_security_services</p>
<p>Hosted Web Security - http://www.messagelabs.com/trials/free_web</p>
<p>Hosted IM Security - http://www.messagelabs.com/trials/free_imss</p>
<p>Total Management Suite</p>
<p>With TMS, customers benefit from the ability to gain complete visibility into their IT environment. Working under the premise that it’s difficult, if not impossible, to manage and protect what you don’t know or can’t see, customers can:</p>
<p>1. Run and maintain accurate asset inventory reports to understand what hardware and software they have in their environment (this enables customers to react quickly to threats and vulnerabilities and take the necessary steps to remediate)</p>
<p>2. Prepare for necessary migrations. In this case, Symantec would refer to a move to IE7 as an update instead of a migration.</p>
<p>3. Quickly determine which patch updates and other necessary software updates (i.e. IE7) need to occur</p>
<p>4. Automate the necessary software updates and/or patches</p>
<p>5. Generate reports to ensure successful updates or migrations</p>
<p>6. Update asset inventory reports to prepare for ongoing management.</p>
<p>Symantec Critical Systems Protection (CSP)</p>
<p>The focus of these attacks was to steal intellectual property. Symantec CSP could have played a significant role in defending this information by placing constraints around which users and applications had access to the sensitive data. Any unauthorised users or applications would have been denied access to the data and an alert would have been generated when the attempt was made. Additionally, Symantec CSP provides robust out-of-the-box protection against both known and unknown remote code execution attempts.</p>
<p>Symantec Security Information Manager (SSIM)</p>
<p>A number of these attacks were achieved using a combination of attack vectors, resulting in back door Trojans being installed. SSIM can
effectively collect and prioritise these events as they occur across the layered security solutions that need to be deployed to protect against a broad variety of these attack vectors. SSIM can further contribute global intelligence to the correlation process to include malicious IP, Worm IP and Botnet IP lists that can be manually updated to automatically conclude incidents around this particular attack. Early detection of single exploited attack vectors may provide pre-emptive visibility about attacks before they can fully execute.</p>
<p>DeepSight Early Warning Services</p>
<p>Symantec™ DeepSight™ Early Warning Services provides actionable intelligence covering the complete threat lifecycle, from initial vulnerability to active attack. On January 15 we published a journal about a new unpatched Microsoft Internet Explorer vulnerability, which was leveraged by malware identified by Symantec as Trojan.Hydraq. DeepSight Analysts continue to provide updates to this evolving threat as new information becomes available. DeepSight subscribers benefit from personalised notifications and expert analysis (including patches, countermeasures and workarounds) to better protect critical information assets against a potential attack.</p>
<p>Symantec Managed Security Services</p>
<p>Symantec MSS monitors over 800 customers (including 92 of the Fortune 500). In response to this threat, Symantec MSS updated our detection capabilities for both the targeted Trojan.Hydraq as well as exploits against the recent IE vulnerability. This monitoring includes customers’ firewalls, intrusion detection sensors (IDS), web proxies and system logs. As this threat is primarily client side, any clients with our Managed Endpoint Security service also received updates to protect their endpoints from this attack. Our SOC Analysts are also available to work with customers to take proactive steps to mitigate the IE vulnerability within their enterprise as needed.</p>
<p>Media Contact:</p>
<p>Jasmin Athwal</p>
<p>Max Australia</p>
<p>+61 2 9954 3492</p>
<p>Jasmin.Athwal@maxaustralia.com.au</p>

• Got more on this story? Email Computerworld
• Follow Computerworld on twitter