MEDIA ALERT/ Arbor Networks First to Release Behavioral Fingerprint to Protect Enterprises Against the Dasher Worm.LEXINGTON, Mass. -- Dasher dash·er n. 1. One that dashes, especially the plunger of an ice-cream freezer. 2. Sports The ledge along the top of the boards of an ice rink. Worm Demonstrates the Need for Behavioral-based Anomaly Detection An approach to intrusion detection that establishes a baseline model of behavior for users and components in a computer system or network. Deviations from the baseline cause alerts that direct the attention of human operators to the anomalies. See IDS and anomaly. Security, says Arbor Networks Security Experts WHAT: The Dasher worm discovered Thursday, December 15, has spawned variants that are wreaking havoc with millions of Windows systems. The worm attacks systems with Microsoft Distributed Transaction Coordinator The Distributed Transaction Coordinator (MSDTC) service is a component of modern versions of Microsoft Windows that is responsible for coordinating transactions that span multiple resource managers, such as databases, message queues, and file systems. (MSDTC MSDTC Microsoft Distributed Transaction Coordinator ), which is ubiquitously used throughout the world on Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. servers and desktops. The Arbor Networks security team has found at least two variants of the worm - Dasher.A and Dasher.B - in the last 24 hours. WHY: Of the two identified worms, Dasher.B is the most worrisome for enterprise customers, primarily due to the quickness with which it propagates. After penetrating a vulnerable host, it then downloads a hidden keylogger - a particularly nasty accompaniment to the type of worms released today. Keylogging, or the practice of recording user keyboard strokes, is used by hackers to extract password and other sensitive information that can be used for extortion extortion, in law, unlawful demanding or receiving by an officer, in his official capacity, of any property or money not legally due to him. Examples include requesting and accepting fees in excess of those allowed to him by statute or arresting a person and, with and other criminal gain. Dasher also attempts to turn the computer into a remotely controlled "bot (1) (roBOT) A program used on the Internet that performs a repetitive function such as posting a message to multiple newsgroups or searching for information or news. Bots are used to provide comparison shopping. Bots also keep a channel open on the Internet Relay Chat (IRC). " system. Since October, Arbor Networks customers using the Active Threat Feed (ATF ATF Molecular virology Activating transcription factor A cellular protein that stimulates transcription of adenovirus E4 transcription unit, which acts early in infection at any of several 'enhancer' binding sites ) service in Arbor Peakflow X have been able to identify network traffic related to exploitation of the MSDTC vulnerability, using an ATF behavioral fingerprint. On Thursday, Arbor Networks' security team followed up on the original fingerprint by publishing another specifically engineered to detect Dasher. "This is a very aggressive worm and IT staff needs to be vigilant," said Jeff Nathan, security researcher and member of the Arbor Networks security team. "Network perimeter security and host-based security solutions do not offer enough protection today. With so many employees bringing laptops and mobile devices on home networks on to corporate networks, companies need a layered security Layered security is a new term used by information protection and online security vendors that describes the practice of leveraging several different point security solutions to protect the digital identities and information of consumer, enterprise or government environments. approach that employs network-wide behavioral anomaly detection to detect attacks and prevent dangerous worms like Dasher from propagating." ABOUT ATF AND BEHAVIORAL FINGERPRINTS Arbor's Active Threat Feed (ATF) is the first 24x7 service that delivers behavioral fingerprints of emerging worldwide threats directly to enterprise security teams. Run by Arbor's Security Response Team, the Active Threat Feed safeguards internal enterprise networks against worms, phishing, botnets and other emerging threats before they strike and harm critical business operations Business operations are those activities involved in the running of a business for the purpose of producing value for the stakeholders. Compare business processes. The outcome of business operations is the harvesting of value from assets . Arbor's Security Threat Team pulls information from honeypots, the world's largest network of service provider relationships, and other publicly available sources in order to provide network operators with instant identification -- a fingerprint -- of emerging threats that are targeting their own company's network. For example, the ATF service can help administrators identify internal botnets that are launching DDoS attacks against other networks. The ATF complements Arbor's zero-day anomaly detection capabilities and enables network operators to proactively protect their internal enterprise network. For more information on ATF and Arbor Peakflow X, please go to: http://www.arbor.net/products_x.php or contact support@arbornetworks.com. ABOUT ARBOR NETWORKS Arbor Networks ensures the security and operational integrity of the world's most critical networks. Arbor solutions are based on the proven Arbor Peakflow platform, intelligent technology for network-wide data collection, analysis, anomaly detection, and threat mitigation. Arbor Peakflow provides real-time views of network activity enabling organizations to instantly protect against phishing, botnets, DDoS attacks, worms, insider misuse, and traffic and routing instability, as well as segment and harden networks from future threats. Arbor Peakflow successfully prevents costly downtime, network cleanup, and loss of customer confidence. Arbor Networks worm researcher, Dr. Jose Nazario, is the author of the book, Defense and Detection Strategies against Internet Worms. Arbor is headquartered in Lexington, MA, with a research and development office in Ann Arbor Ann Arbor, city (1990 pop. 109,592), seat of Washtenaw co., S Mich., on the Huron River; inc. 1851. It is a research and educational center, with a large number of government and industrial research and development firms, many in high-technology fields such as , MI and overseas headquarters in London and Beijing. For more information, go to www.arbornetworks.com. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion