Security UPDATE--Security Trends and Highlights of 2004--December 15, 2004

To make sure that your copy of Security UPDATE isn't mistakenly blocked by antispam software, add [email protected] to your list of allowed senders and contacts.


This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

The Key to Stopping Email Attacks: Sender ID Can't Do It

Free Solution Brief: Security Protection Strategies for NT4 Devices


1. In Focus: Security Trends and Highlights of 2004

2. Security News and Features

- Recent Security Vulnerabilities

- New IM and P2P Threat Center

- Spyware Trends

- When Tar Is Your Friend

3. Security Matters Blog

- Hands On Lab: Security with Web Services Enhancements 2.0

- Creating an Encrypted Disk Image on Mac OS X

4. Instant Poll

5. Security Toolkit


- Security Forum Featured Thread

6. New and Improved

- File Compression Software Adds Security Features

- Block Spyware and Other Pests


==== Sponsor: Postini ====

The Key to Stopping Email Attacks: Sender ID Can't Do It

"Going nowhere fast," is how the media described recent efforts to develop an industry-wide email sender authentication standard. Even if some form of Sender ID is eventually adopted, spammers and hackers may be able to exploit the registration of IP addresses with Sender ID to improve their delivery of junk email. Effective real time IP address analysis and filtering is necessary — not sender authentication. This white paper explains why enterprises do not need to rely on Sender ID and discusses better, proven email intrusion prevention solutions that already work today to stop spam, viruses and email attacks. Get answers now!


==== 1. In Focus: Security Trends and Highlights of 2004 ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

The year is coming to a close, so I thought I'd offer a sort of 2004 in review (albeit 2 weeks early) regarding highlights and trends in the information security industry. So here are some interesting tidbits that I've collected from various sources around the Internet.

CyberSource released some interesting results from its Sixth Annual CyberSource Fraud Survey, which polled companies involved in e-commerce and drew 348 responses. Companies said that e-commerce-based orders originating from New York were the most likely to be fraudulent, with Miami and Los Angeles coming in second and third, respectively. Companies accepting international orders said that Nigeria was the top source of fraud in locations outside of North America. The findings should open the eyes of those who run e-commerce sites, particularly those hoping to capture the currency of last-minute online shoppers this season (although the results reflect year-round trends).

According to data collected by antivirus vendor Sophos, the worst offending malware programs in 2004 were Netsky-P, Zafi-B, and Sasser, in that order. Netsky-P accounted for almost a quarter (22.6 percent) of all incidents, Zafi-B accounted for 18.8 percent, and Sasser accounted for 14.2 percent. According to MessageLabs, the most serious outbreak of 2004 involved MyDoom.A.

Regardless of which worm or virus was worst, we shouldn't forget that 2 weeks remain in 2004, and who knows what viciousness will be unleashed? Many people will receive new computers as holiday gifts, and many of those people will plug their new computers into the Internet first and think of system security some other day, and intruders are certainly aware of that.

In other trends, I think it's safe to say that spyware has been one of the fastest growing areas of concern this year. You can read the "Spyware Trends" blog item below for more information that supports this notion. Antispyware maker Webroot Software says that the most insidious forms of spyware so far are PurityScan, n-CASE, Gator, CoolWebSearch, Transponder, ISTbar/AUpdate, KeenValue, Internet Optimizer, Perfect Keylogger, and TIBS Dialer. Computer Associates (CA) lists KaZaA, GameSpy Arcade, Download Accelerator Plus, Ezula, and as the top offenders.

Another fast-growing concern is the ever-increasing number of phishing scams, which when combined with naive computer users, represent a major problem. The seriousness of the matter has prompted the recent formation of Digital Phishnet, which is "a joint enforcement initiative between industry and law enforcement designed to ensnare those who perpetrate phishing attacks" (see the first URL below). The Anti-Phishing Working Group counted 6597 unique phishing-based email messages spreading around the Internet in October. The number of phishing-related Web sites increased from 543 in September to 1142 in October (see the second URL below). As you might suspect, the vast majority of phishing scams are targeted at customers of businesses in the financial services industry.

What trends are in store for 2005 obviously remains to be seen; trying to think about what the highlights might be would be little more than guessing at this point. But I'll give it a try anyway: I suspect that by the end of 2005, we'll see significant advances in patch management across all computing platforms. Even if that prediction turns out to be a dud, one thing remains almost certain: Information security will continue to be one of the topmost concerns across the entire computing industry.

Until next time, have a great week.


==== Sponsor: eEye Digital Security ====

Free Solution Brief: Security Protection Strategies for NT4 Devices

Do you have legacy applications running on NT4? Did you know that Microsoft will no longer support the platform with security hot-fixes leaving many organizations without a credible protection strategy? Enterprises worldwide are frequently faced with the task of migrating their critical digital assets to newer, more advanced, platforms as vendors 'sunset' or 'end of life' older platforms and versions. Unfortunately, this upgrade is not always an option for certain market verticals or types of assets within the enterprise. Download this free white paper to learn how to protect the Windows platform without relying on patching.


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

New IM and P2P Threat Center

IMlogic, maker of Instant Messaging (IM) and peer-to-peer (P2P) management software, has launched a new IM and P2P threat center in conjunction with numerous industry partners. The new IMlogic Threat Center is designed to provide a comprehensive knowledge base for potential threats such as spam, viruses, and worms.

Spyware Trends

According to a recent study by IDC, revenue from sales of antispyware solutions will rise from $12 million in 2003 to approximately $305 million by 2008. The 600 companies in IDC's survey ranked spyware as their fourth most pressing enterprise security concern.

When Tar Is Your Friend

Spammers send spam because they make money at it. What if you could make spamming uneconomical (let alone unprofitable) for the spammer? If you could somehow make each bogus delivery attempt take an unreasonable amount of time--say, 30 seconds--a spammer who wanted to send your organization 10,000 messages would need a little more than 83 hours to do so and would probably decide it wasn't worthwhile. Intentionally slowing down or delaying illegitimate connections is a process known as "tarpitting," and it has an illustrious history. Microsoft released a Windows Server 2003 SMTP service hotfix that lets you tarpit incoming SMTP messages that have been sent to nonexistent addresses on your network. Read all about it in this article by Paul Robichaux.


==== Announcements ====

(from Windows IT Pro and its partners)

Holiday Offer from SQL Server Magazine For a limited time, order SQL Server Magazine and get 30% off the newsstand price! As a special holiday bonus, you'll also receive the latest Top SQL Server Tips Guide free--includes over 60 helpful tips! In addition, you'll get free access to every article published in the magazine--online! Sign up now:

Try a Sample Issue of Windows Scripting Solutions

Windows Scripting Solutions is the monthly newsletter that shows you how to automate time-consuming, administrative tasks by using our simple downloadable code and scripting techniques. Sign up for a sample issue right now, and find out how you can save both time and money. Plus, get online access to our popular "Shell Scripting 101" series--click here!

Can Your Antispam Content Filter Inside Your Firewall Cope with New Email Threats and Intrusions?

Stopping these new techniques requires detection and prevention in real time at the SMTP connection point. In this free on-demand Web seminar, learn how you can prevent these new and evolving intrusions from harming your email system, while improving your email server performance, reducing IT infrastructure costs, and restoring worker productivity. Register now!

Get Your Fax Servers Up and Running Smarter, Faster, and More Cost-Effectively

In this free on-demand Web seminar, you'll learn the latest trends and developments in the fax market and best practices for seamless integration with Exchange and Outlook with real-time fax technologies. Find out integration faxing architecture and Multi-Function Device tactics, deployment techniques, and more. Register today!


==== 3. Security Matters Blog ====

by Mark Joseph Edwards,

Check out these recent entries in the Security Matters blog:

Hands On Lab: Security with Web Services Enhancements 2.0

Microsoft has a new hands-on lab that can teach you how to secure Web services, how to develop security policies, and how to use Web Service Enhancements 2.0. You can download the lab course (3075KB) at Microsoft's Web site.

Creating an Encrypted Disk Image on Mac OS X

If you use Mac OS X, you might wonder how to create encrypted disk space to store sensitive information. I found an interesting article that explains how, step-by-step.

==== 4. Instant Poll ====

Results of Previous Poll:

Do you use an enterprise antispyware solution?

The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 18 votes.

- 17% Yes, a standalone solution

- 0% Yes, as part of our Web content filtering solution

- 17% Yes, as part of our antivirus solution

- 17% No, but we plan to soon

- 50% No

(Deviations from 100 percent are due to rounding.)

New Instant Poll:

Are Instant Messaging (IM) or peer-to-peer (P2P) threats a problem on your network?

- Yes, both are

- Yes, IM threats are

- Yes, P2P threats are

- No

Go to the Security Hot Topic and submit your vote for

==== 5. Security Toolkit ====


by John Savill,

Q. Where in the registry are my passwords for Microsoft Fingerprint Reader stored?

Find the answer at

Security Forum Featured Thread

A forum participant writes that somebody on his network has a password sniffing tool. He wants to know what steps to take to secure his systems and trace the person with the sniffer. Join the discussion at


==== Events Central ====

(A complete Web and live events directory brought to you by Windows IT Pro at )

Are You Using Best Practices when Managing Software Packaging and Pre-Deployment Preparation?

In this free on-demand Web seminar, you'll learn best practices for managing software packaging and pre-deployment preparation. Discover how your organization can benefit from managing the workflow of the pre-deployment process to cut time and costs. Plus, you'll learn about different business scenarios that show ROI improvements from accurate workflow management. Register now!


==== 6. New and Improved ====

by Renee Munshi, [email protected]

File Compression Software Adds Security Features

Acubix offers PicoZip 3.01, a file compression program for Windows. PicoZip lets you create new compressed archives as well as add, extract, view, and delete files. In addition to ZIP files, it supports popular archive formats such as ACE, ARC, ARJ, BH, CAB, GZ, JAR, LHA, LZH, RAR, TAR, WAR, and ZOO without using external programs. PicoZip 3.01 has 128-bit and 256-bit Advanced Encryption Standard (AES) encryption capabilities to secure the data in your ZIP files and provides security warnings for unsafe file types. PicoZip 3.01 costs $24.95 for a single-user license, and a 30-day trial version is available. For more information, go to

Block Spyware and Other Pests

PrivacyAnywhere Software offers PestBlock 2.1, which scans your PC's memory, registry, and drives for known adware, spyware, key-loggers, browser helper objects, dialers, and other unwanted software and lets you delete these pests with one click. PestBlock has an integrated update module that lets you download pest-database updates from the Web. PestBlock runs under Windows 2003/XP/2000/NT4/Me/98/95 and costs $39.95 for a single-user license. Multi-user-license discounts and a free trial version are available. For more information, visit

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Sponsored Link ====

Data Protection from NSI and Microsoft

Instant recovery and data protection solutions for Exchange and SQL servers;12746138;8214395;l?


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


This email newsletter is brought to you by Security Administrator, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.