Spanish authorities report that they have arrested the masterminds behind a string of online criminal activities using the botnet dubbed Mariposa. Mariposa is the original name of a commercially distributed Do-it-Yourself malware kit, sold online for 800/1000 EUR for “wannabe” hackers.  Along with the arrest, authorities seized sensitive data belonging to about 800,000 users in 190 countries, gathered from an estimated 12M+ infected host computers on the Internet.

What’s particularly interesting is that the cybercriminals arrested were not themselves the author of the malware, nor were they any more techincally adept than many ordinary users. They simply had access to malware widely available on the Internet, and were able to conduct a crime of such a wide scale and reach.

This illustrates that it’s become easier for many cybercriminals to conduct their nefarious deeds online, and highlights the need for more vigilance on the part of law-abiding netizens in keeping their network secure from hackers and malware.

Is your network safe? Contact us to find out.

Related articles:

• How FBI, police busted massive botnet (go.theregister.com)
• Botnet takedowns ‘don’t hurt crooks enough’ (go.theregister.com)
• Vodafone distributes Mariposa Bot, Conficker and Lineage in HTC Magic (techie-buzz.com)

SaaS has several characteristics that set it apart from other services:

1. SaaS allows the access and use of commercially available software through a remote, network, or internet connection. This means that the software is not installed in the subscriber’s computer, but rather on the SaaS provider’s server. This also makes the software accessible to the subscriber regardless of his or her location.
2. SaaS provides commercially available software, not custom made software, meaning that a particular software service is made available to multiple clients, so customization is limited to only what the software or SaaS provider allows.
3. The SaaS provider shoulders the responsibility of updating the software, and subscribers can request updates, upgrades, and additional features.

Regarding implementation, SaaS architecture is classified into four “maturity” levels based on factors such as configurability, multi-tenant efficiency, and scalability.

1. Level 1 is the “ad-hoc/custom” level, in which a modified version of a particular piece of software is offered to subscribers, which is then run on the provider’s host server. This level is requires the lowest maintenance.

1. The second level offers more customization and allows subscribers to configure the metadata of a program. This then allows a customized version of the same software, based on the needs of the subscriber.

1. Multi-tenant efficiency is added to the third maturity level, which means that the SaaS servers are made more conducive for subscribers to use separate instances of a single application.

1. The fourth and most “mature” SaaS architecture offers all four factors, with the service reaching optimum efficiency.

Considering SaaS for your business? Let us help you sort through the details.

Microsoft recently released a number of security bulletins and patches addressing vulnerabilities in Windows and Office that are of high risk to users. It’s widely believed that many will be exploited by hackers within the next 30 days. One of them could potentially allow hackers or malware authors to easily compromise systems by tricking users to download malicious AVI-formatted files. Others require nothing more than just visiting a website. Another specifically targets Powerpoint Viewer 2003, and opening a malicious .ppt file could affect your system.

This latest round of patches and vulnerability updates is really nothing new – although the sheer number made public in one day is notable. This highlights the need for a comprehensive security policy, because vulnerabilities do exist in even the most mundane or old versions of software. Customers under our Managed Services plan can rest easy since we monitor and update their computers as soon as these patches and advisories are released. Find out more about what we do to make your systems safe and secure. Contact us today.

Related links:

• Patch Tuesday: Microsoft plugs critical Windows worm holes (zdnet)
• Researchers warn of likely attacks against Windows, PowerPoint (computerworld)
• Microsoft delivers huge Windows security update (computerworld)

A malicious piece of software making the rounds of news websites this week is believed to be behind the compromise of over 75,000 systems in over 2,500 international organizations – many of which are government agencies and large Fortune 500 companies.

Called the Knebner botnet after the name in the email used to register the initial domain used in the campaign to propagate the malware, the software infects computers and captures user login access to online financial services such as Paypal and online banks, social networking websites such as Facebook, and email. Infected computers can be centrally controlled from a master computer, which presumably harvests the data captured for nefarious means.

The Knebner botnet itself is not new. It’s based on the ZeuS botnet, and has gained prominence lately because it’s slipped under the radar of so many organizations. However, there are ways to prevent compromises from botnets – one of which is to have a proactive security system and policy in place. Our Managed Security customers have this assurance in place since we continuously protect their system from botnets and other malware. If you’re not sure that you’re protected, talk to us today.

Related articles:

• Kneber botnet described as ‘massive’ and ‘worldwide’ (inquisitr.com)
• Kneber attack resurrects notorious Zeus Trojan, say experts (guardian.co.uk)
• Malicious Software Infects Corporate Computers (nytimes.com)

For businesses of all types and size, managing data online is critical to the smooth operation of a website. However, incorporating data collection programs can be time consuming, especially if any of your data is “time bound” – meaning it’s only valid and useful during a specific period of time.

Here’s a solution. FormSpring provides free and paid website data collection services that eliminate the need for additional programming or the purchase of additional software.

If your website includes contact or event registration forms, surveys, and the like, FormSpring provides services ranging from a basic free option to more feature-intensive offerings with custom made forms based on your unique requirements. There’s no long-term registration contract, and you may cancel at any time. FormSpring also offers a 30-day money back guarantee.

It’s worth noting that the data is stored on FormSpring’s servers, so if you have special compliance requirements for privacy or security you might want to check to ensure you remain compliant.

Overall, FormSpring is a very useful website for companies or groups that need a hassle-free way to collect data through their website. Check out their free version of the plan or use the 30-day money back guarantee to explore whether FormSpring meets your data collection needs.

If you suspect that you’ve responded to a phishing scam with personal or financial information or entered this information into a fake Web site, take these steps to minimize any damage.

Read more

Phishing, pronounced “fishing,” is a type of online identity theft that uses e-mail and fraudulent Web sites that are designed to steal your personal data or information such as credit card numbers, passwords, account data, or other information. Follow these guidelines to help protect yourself from phishing scams sent through e-mail.

Read more

The growing reach and power of the internet has changed the way people do business, with more and more web-based services popping up. One of these is SaaS.

SaaS stands for Software as a Service, which refers to any licensed software being “rented” to a company by another company on an as-needed basis.

To illustrate, let’s say Company A is in need of licensed software, but only for a specific period of time because of a one-time client or project. Company B, as the SaaS provider, rents out the use of the software  to Company A for the time Company A needs to use it – weekly, monthly, and so on. (Company B is specially licensed to do this, of course.)

The term became popular near the end of 2000, but the service started in 1998 with a website called siteeasy.com. The concept has become increasingly popular because the legal alternative to rent/outsource the use of the software spares the expense and hassle of procuring software licenses.

As with other outsourced services, the hardware used for SaaS are remotely located and hosted, and accessed through the internet by the subscriber. Virtually all kinds of software can be used through a SaaS service, and availability of the software depends on the subscriber.

There’s vast potential in the use of the internet and web-based services such as SaaS, but the nature of the remote hosting service is not for everyone. If you’d like to learn more about the pros and cons in relation to your business model, we’d be happy to discuss a possible SaaS road map with you.

Most small and medium businesses can’t afford the luxury of a qualified IT administrator, let alone an entire IT department. If you’re in this position, how do you maintain the information technology infrastructure that’s critical to your organization?

One option is Managed Services, in which you outsource this role to an IT expert called a “managed services provider,” which will typically offer on-site or remote network and security monitoring, data backup and technical support.

Because the Managed Services model allow a business to focus on its core competencies, it is increasing in popularity—but sometimes it’s hard to separate the real benefit from the hype.

What’s the value to you?

• Peace of mind. Your managed services provider will monitor your IT infrastructure and prevent or resolve any problems—a sharp diversion from the traditional “fix it when it breaks” model of IT management.

• Simplicity. Your managed services provider will provide many of its services remotely, via the Internet, instead of through on-site visits. This reduces time and cost.

• Constant support. You don’t have to worry about support; your  managed services provider will offer the assistance you need, when you need it.

• Affordability. Managed services providers typically offer several price structures, including a per-month fee—which is much lower than the cost of building an in-house IT support department.

• Accountability. Have you ever tried to resolve an IT problem only to find that one vendor blames it on another who blames it on another? With managed services, you don’t have to go to multiple vendors to figure out why your network is down or you’ve experienced a security breach. You’ll have one point of contact: your managed services provider.

Want to learn more about how Managed Services can give you dependable IT with predictable costs? Give us a call.

In a report by security firm Websense, an alarming rise in the growth of malicious websites was identified in 2009 as compared to 2008 – almost 225 percent. The study also found an increased focus among hackers and spammers on targeting social media sites such as blogs and wikis. Social media or so-called Web 2.0 sites allow user-generated content, which can be a source of vulnerability. Researchers identified that up to 95 percent of user-generated comments to blogs, chat rooms, and message boards are spam or malicious – linking to data stealing sites or to downloads of malicious software. Email also continues to be a target for malicious activity with tens of thousands of Hotmail, Gmail and Yahoo! email accounts hacked and passwords stolen and posted online in 2009, which resulted in a marked increase in the number of spam emails.

For our clients on our Managed Service plans, we work hard to ensure your systems are protected from harmful or malicious activity coming from the Internet. If you’re not under our Managed Service plans perhaps now is a good time to talk – let’s make sure your systems are safe in 2010.

Related articles

• Top search results riddled with malware (v3.co.uk)
• Email phishing attack spreading say experts (telegraph.co.uk)
• Fraudsters Go Phishing For Victims’ Friends (news.sky.com)