We’re Number One, We’re Number One!

This is why it’s important to keep your computer security up to date.

US Ranks First for Bot-Infected Computers and Spam Output

According to data gathered by Microsoft’s Malicious Software Removal Tool (MSRT), the United States had the highest number of computers infected with botnet malware, during the first half of 2010.

Botnet are armies of infected computers, which connect to remote command and control (C&C) servers and listen to instructions from attackers.

Botnets can serve a variety of criminal activities, but the largest ones are primarily used to send spam.

According to a recent report from Symantec, during the first half of the year, 90% of the daily spam traffic was generated by five to six million compromised computers.

In the latest edition of its Security Intelligence Report (SIR), Microsoft reveals that during Q2, MSRT has cleaned 2,148,169 bot infections from US computers.

That’s four times more than in the second country on the list, Brazil, with 511,002. Spain (485,603), Korea (422,663) and Mexico (364,554) complete the top five.

“Unsurprisingly, the list is dominated by populous locations with large numbers of computer users, led by the United States and Brazil,” says Microsoft.

However, there are at least two regions with large numbers of computers that do not dominate the list – China, which finished 8th, and Russia, 9th.

See also:
Featured Intelligence – Battling Botnets
USA Is Still #1 In Botnets
United States Ranked Number One for Relaying Spam, Sophos Reports
Report: United States is world’s top spammer
US Has Most Botnet-infected PC’s
Microsoft Report: 2 Million US PCs Part of Botnets
Microsoft: Over 2 million U.S. PCs caught in botnets
Millions Of US Computers Completely Pwned By Botnets
Microsoft: Your Computer Could be One of 2.2 Million Infected Botnet PCs
Microsoft: Botnets are the ‘launch pad of cybercrime’

If you’re not sure whether you have an infected computer, run Microsoft’s Malicious Software Removal Tool (MRT). Go to Start/Run and then type in “mrt”.

/if you’re not part of the solution, you’re part of the problem

Patchapalooza Tuesday

It’s a triple witching day for computer patches.

Microsoft, Adobe, and Oracle Patch Nearly 100 Vulnerabilities

It’s a busy day for IT administrators and information security professionals. Not only is today Microsoft’s Patch Tuesday for the month of April, it is also the day of Adobe’s quarterly security updates. In total, there are 40 vulnerabilities being addressed today–many of them rated as critical and exposing systems to potential remote exploits.

Microsoft Patch Tuesday

A Microsoft spokesperson e-mailed the following “Today, as part of its routine monthly security update cycle, Microsoft is releasing 11 security bulletins to address 25 vulnerabilities: five rated Critical, five rated Important and one rated Moderate. This month’s release affects Windows, Microsoft Office, and Microsoft Exchange. Additionally, the Malicious Software Removal Tool (MSRT) was updated to include Win32/Magania.”

Qualys CTO Wolfgang Kandek noted in his blog post “Microsoft’s patch release for April contains 11 bulletins covering 25 vulnerabilities. The bulletins address a wide array of operating systems and software packages, IT administrators with a good inventory of their installed base will have an easier time to evaluating which machines need patches.”

“The critical Microsoft WinVerifyTrust signature validation vulnerability can be used to really enhance social engineering efforts,” said Joshua Talbot, security intelligence manager, Symantec Security Response in an e-mailed statement. “Targeted attacks are popular and since social engineering plays such a large role in them, plan on seeing exploits developed for this vulnerability.”

Talbot continued “It allows an attacker to fool Windows into thinking that a malicious program was created by a legitimate vendor. If a user begins to download an application and they see the Windows’ notification telling them who created it, they might think twice before proceeding if it’s from an unfamiliar source. This vulnerability allows an attacker to force Windows to report to the user that the application was created by any vendor the attacker chooses to impersonate.”

Andrew Storms, director of security operations for nCircle offered this analysis “More movies and more malware: that’s what we’ve got to look forward to on the Internet. Microsoft is patching critical bugs in Windows Media Player and Direct Show this month–both of these bugs lend themselves to online video malware. If you put these fixes together with Apple’s recent patch of Quicktime, it’s pretty obvious that attackers are finding a lot of victims through video.”

nCircle’s Tyler Reguly points out that there is also a greater message to be learned from the patches. “As an avid Windows XP user, I’m leaning more and more towards making the jump to Windows 7; with the added security it just makes sense. Looking at the top two vulnerabilities (MS10-027 and MS10-026), my Windows XP systems are vulnerable to both, yet my Windows 7 laptop isn’t affected by either of them. The newer operating system just makes sense.”

Adobe Quarterly Update

As if eleven security bulletins fixing 25 different vulnerabilities wasn’t enough, IT administrators must also address the critical updates released today from Adobe. nCircle’s Storms points out that “Every one of the 15 bugs can be used for remote code execution. Given the increase in the number of attacks that use Adobe PDF files, all users are strongly urged to upgrade immediately.”

Storms added “In stark contrast to Microsoft’s patch process, Adobe’s security bulletin information lacks details, especially critical information about potential workarounds. For enterprises that have a long test cycle, it can take weeks or even months to roll out updates. With no workaround information, Adobe leaves their enterprise customers vulnerable and security teams everywhere frustrated and annoyed.”

Andrew Brandt, lead threat research analyst with Webroot, warns “What’s more, they should be aware that Foxit Reader–which also reads PDFs–is actually more vulnerable.”

It is also worth noting that Adobe has rolled out its new update system which it has been beta testing over the past couple of months. Users can now configure Adobe software to automatically install updates, enabling security patches to be applied without requiring any user intervention.

Don’t Forget Oracle

Wait, there’s more! Not wanting to be left out of the patch day festivities, Oracle has also unleashed its own deluge of updates–more than Microsoft and Adobe combined.

There is a little bit of good news, though. Very few organizations will actually be impacted by every single one of the disclosed vulnerabilities. Qualys’ Kandek points out “This is a big release for Microsoft, addressing a wide selection of software. IT administrators probably will not have all of the included software packages and configurations installed in their environment and therefore will need to install only a subset of the 11 bulletins.”

The same logic holds true for Oracle and, to a lesser extent Adobe–although Adobe Reader is fairly ubiquitous. Have fun!

See also:
Microsoft, Adobe, Oracle offer fixes in big Patch Tuesday
Patch Tuesday: Microsoft safeguards video, Adobe secures PDFs
Microsoft Patch Tuesday Fixes 5 Critical Flaws
Microsoft Targets Media Flaws In April Patches
Microsoft blocks ‘movies-to-malware’ attacks
Microsoft Releases Multiple Updates; Vista SP0 Support Ends
Microsoft Security Bulletin Summary for April 2010
New Adobe Auto-Updater Debuts On Super (Patch) Tuesday
Adobe Patches Acrobat/Reader Vulnerabilities, Updates on Updating
Security update available for Adobe Reader and Acrobat

/so, you know the drill people, get busy downloading those patches, hope you’re not on dial up!