D-Link, the end-to-end networking solutions provider announced recently that TheGreenBow – a leading developer of enterprise security software for computer and mobile devices, has aligned itself as a D- Link Solutions Partner. Now part of D-Link’s Global Alliance Program (GAP), TheGreenBow’s specialization in VPN Client software will enable D-Link to extend its portfolio of remote access solutions to Small and Medium-Sized Businesses (SMB) corporate network markets worldwide.

Through collaborative efforts, both companies have certified all D-Link VPN products including routers, the D-Link DIR and DI Family, as well as the D-Link NetDefend Firewall series. TheGreenBow VPN Client software comes with full IPSec and IKE support, along with strong network authentication including two-way factor/OTP token, smartcards or digital certificates, smooth integration with corporate infrastructures such as RADIUS servers or Lightweight Directory Access Protocol (LDAP), an Internet protocol that email and other programs use to look up information from a server, a strong network encryption through DES, 3DES, AES and RSA, support for multiple connection types including Ethernet, cellular and Wi-Fi, as well as multiple simultaneous tunnels.

“The SMB market requires easy to use and easy to deploy software with the highest level of security available. TheGreenBow VPN Client Software coupled with D-Link networking products will provide a secure and strong yet very simple solution to extend enterprise applications such as e-mail and CRM to the mobile workforce.” said Roger Simon, co-founder and CEO of TheGreenBow. “We are proud that D-Link has chosen our technology to bring a powerful yet innovative solution to its clients worldwide.”

“By pairing TheGreenBow’s ISPeC VPN client with D-Link security products, we will be able to offer a more comprehensive, secure and complete end-to-end remote access solution to our customers worldwide,” said Tony Tsao, President of D-Link Systems, Inc. “VPN solutions are a critical a part of the solutions we offer, and we are excited to partner with a strong player in this market.”

The companies will work together on solutions design and joint marketing programs to provide pre-sales support to channel partners and coordinating technical support. Further announcements will follow to address distribution details and pricing.

Designed to create effective partnerships with innovative and industry-leading companies to co-develop solutions and services that meet varying customer requirements and help manage their business, the D-Link Global Alliance Program (GAP) was created to complement and extend the unique value proposition of D-Link’s product service offerings for large customers and resellers and is divided into three tiers: strategic, solution, and technology. It aims to assist D-Link’s vendors to better address their time-to-market and technology advancement needs.

Furthermore, the program creates unique opportunities for alliance members to expand their market reach by developing solutions or services that enhance D-Link’s existing solutions for both customers and channels. The three-tiered program extends a variety of benefits to chosen partners, including early access to enhanced products, joint marketing, partner branding, solution testing and interoperability, training, technical support and sales tools.

Kaspersky Lab has implemented detection and treatment for a new variant of a unique MBR rootkit.

The new variant of Sinowal, a malicious program that is capable of hiding its presence in the system by infecting the Master Boot Record (MBR) on the hard drive, was detected by the company’s experts at the end of March 2009.

Throughout 2008, Kaspersky Lab’s analysts provided detailed reports about other variants of this rootkit: in the first quarterly report on malware evolution and in the article “Bootkit: the challenge of 2008”. However, the new variant has come as a surprise for researchers. Unlike earlier versions, the new modification, Backdoor.Win32.Sinowal, penetrates much deeper into the system to avoid being detected. The stealth method used in this variant hooks device objects at the operating system’s lowest level. This is the first time cybercriminals have used such sophisticated technologies. This explains why no antivirus products could treat computers infected with the new Sinowal modification or even detect it when it first appeared. Once the bootkit penetrates the system, it conceals the payload’s activities, which are designed to steal user data and various account details.

According to Kaspersky Lab’s experts, over the last month the bootkit has been actively spreading from a number of malicious sites that exploit Neosploit vulnerabilities. In particular, it can penetrate a system via a vulnerability in Adobe Acrobat Reader that allows a malicious PDF file to be downloaded without the user’s knowledge.

Implementing detection and treatment for the bootkit, which is still spreading throughout the Internet, is the most difficult task that antivirus specialists have faced for a number of years. Kaspersky Lab was one of the first major antivirus vendors to incorporate both detection and successful treatment for the new Sinowal modification in its personal antivirus solutions.

To check whether the bootkit has infected a computer, users must update their antivirus databases and perform a complete system scan. If the bootkit is detected, the computer will need to be rebooted during the treatment process.

Kaspersky Lab specialists also recommend users to install all the necessary patches to close vulnerabilities in Acrobat Reader and any browsers that they use.

About Kaspersky Lab

Kaspersky Lab delivers the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. Kaspersky Lab products provide superior detection rates and the industry’s fastest outbreak response time for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers. For further information, please visit www.kaspersky.com. For the latest on anti-virus, anti-spyware, anti-spam and other IT security issues and trends, please visit www.viruslist.com.

The first Top Twenty is based on data collected by Kaspersky Lab’s version 2009 antivirus product. The ranking is made up of the malicious programs, adware and potentially unwanted programs most frequently detected on users’ computers.

Position / Name
1 Net-Worm.Win32.Kido.ih
2 Virus.Win32.Sality.aa
3 Trojan-Dropper.Win32.Flystud.ko
4 Trojan.Win32.Chifrax.a
5 Trojan.Win32.Autoit.ci
6 Trojan-Downloader.Win32.VB.eql
7 Packed.Win32.Krap.b
8 Worm.Win32.AutoRun.dui
9 Exploit.HTML.CodeBaseExec
10 Packed.Win32.Black.a
11 Virus.Win32.Sality.z
12 Virus.Win32.Virut.ce
13 Trojan.JS.Agent.xy
14 Worm.Win32.Mabezat.b
15 Virus.Win32.Alman.b
16 Packed.Win32.Krap.g
17 Packed.Win32.Klone.bj
18 Worm.Win32.AutoIt.ar
19 Exploit.JS.Agent.agc
20 Email-Worm.Win32.Brontok.q

Making an impression this month were two newcomers, Virus.Win32.Virut.ce and Exploit.HTML.CodeBaseExec.
Virut.ce entered near the top of our second ranking in February and now looks set to dominate the first ranking as well. New versions of the virus are appearing every day, which suggests that cybercriminals are monitoring how and when the malware is detected by antivirus programs and trying to increase the size of the botnet made up of infected machines. The epidemic caused by this virus is gaining momentum and May could well see Virut.ce moving several places up the rankings.

The second newcomer is a little piece of malware history – the first version of this program was detected by Kaspersky Lab way back in 2004. It featured regularly in our malware rankings in 2006, but is now flagged as a newcomer because the format and methods used to compile our Top Twenty rankings have changed. The malware exploits a simple vulnerability in versions 5.01, 5.5 and 6.0 of Internet Explorer. It seems that the cybercriminals are hoping that there will still be a significant number of people who have not installed the relevant security updates or who still use older versions of Internet Explorer.

Trojan.Win32.Chifrax.a dropped out of our ranking last October but has now returned and gone straight in at number four. This Trojan, like RaMag.a, is a modified WinRAR archive, which in this instance is a self-extracting archive.

The April ranking includes two script downloaders – Trojan.JS.Agent.xy and Exploit.JS.Agent.agc – that are perfect examples of the type of programs used in drive-by downloads, a topic they recently published a paper on (http://www.viruslist.com/en/viruses/analysis?pubid=204792056).

All malicious, advertising and potentially unwanted programs in the first Top Twenty can be grouped according to the main classes of threat detected. In the past few months, the changes in the balance between these classes have not exceeded 5%.
TrojWare – 25%
VirWare – 45%
MalWare – 30%
A total of 45190 unique malicious, advertising, and potentially unwanted programs were detected on users’ computers in April. This figure is almost exactly the same as last month’s.

The second Top Twenty presents data on which malicious programs most commonly infected objects detected on users’ computers. Malicious programs capable of infecting files make up the majority of this ranking.

Position / Name
1 Virus.Win32.Sality.aa
2 Worm.Win32.Mabezat.b
3 Virus.Win32.Virut.ce
4 Net-Worm.Win32.Nimda
5 Virus.Win32.Xorer.du
6 Virus.Win32.Sality.z
7 Virus.Win32.Parite.b
8 Virus.Win32.Virut.q
9 Virus.Win32.Alman.b
10 Virus.Win32.Small.l
11 Email-Worm.Win32.Runouce.b
12 Net-Worm.Win32.Kido.ih
13 Trojan-Downloader.HTML.Agent.ml
14 Virus.Win32.Virut.n
15 Virus.Win32.Parite.a
16 Virus.Win32.Hidrag.a
17 Worm.Win32.Fujack.k
18 P2P-Worm.Win32.Bacteraloh.h
19 Trojan-Clicker.HTML.IFrame.acy
20 Virus.Win32.Virut.av

There was little change to the second Top Twenty ranking in April. The only real activity of note was the appearance of another Virut modification in the ranking – Virus.Win32.Virut.av. This virus was first detected by Kaspersky Lab in 2007 and is still active.

It means the Virut family claims four places in this Top Twenty, which amounts to 20% of the self-replicating programs in our second ranking.

About Kaspersky Lab
Kaspersky Lab delivers the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. Kaspersky Lab products provide superior detection rates and the industry’s fastest outbreak response time for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers. For further information, please visit www.kaspersky.com. For the latest on anti-virus, anti-spyware, anti-spam and other IT security issues and trends, please visit www.viruslist.com.

Unified Threat Management (UTM) solutions provider Cyberoam today announced the Q1 2009 email threat report, in collaboration with partner Commtouch. While Conficker worm took the limelight, a key highlight is that attackers have reached new levels of sophistication in their social engineering techniques, using fear, emotion and security loopholes to perpetuate attacks.

Spammers tricked users on Facebook, Myspace, Twitter into divulging personal information. Exploiting users’ fear of finding scandalous images of themselves online, spammers sent wall posts proclaiming that such pictures have surfaced on Facebook. Also used on Facebook were desperate messages from friends supposedly in a financial bind. Users clicking on the link were taken to what looked like the Facebook login page, but actually it was an imposter site collecting usernames and passwords of unknowing users.

Spammers sent direct Twitter messages to users of blog posts and funny photos related to them. Security loopholes on Twitter like the use of TinyURL to replace long URLs with short ones to fit into Twitter’s 140 character limit meant that users did not know where the link led before they clicked.

Vice President-Product Management, Cyberoam, Abhilash Sonwane, said, “Attackers have confirmed once more that they work on both sides of the equation – user and the platform. They play on the emotions of users while exploiting loopholes on the platform being used. Used in combination, it is an effective way to propagate malware. While Cyberoam offers protection from evolving threats, we also recommend user education to effectively contain threats,” he added.

Blended threats created near perfect mirror sites and official looking emails from CNN and the US tax departments. While Google Docs was used to compromise ZDNet, spammers used “borrowed” images from legitimate sites like CBS and Pizza Hut in addition to masking their email addresses to bypass spam filters.

Loan spam jumped from 3% of all spam messages in Q4 2008 to first place, with 28% of all spam messages this quarter, reflecting the global economic situation.

Cyberoam uses the Commtouch RPDTM technology to analyse large volumes of Internet traffic in real-time. Unlike traditional spam filters, it relies not on email content, but on message pattern enabling it to detect spam in any language and message format. Its language and content agnostic nature enables it to provide effective spam blocking capabilities. Cyberoam incorporates RPDTM within its unique Identity-based UTM appliances which show who is doing what in the network and enable the creation of policies based on the username rather than just IP addresses.

About Cyberoam
Cyberoam Identity-based UTM appliances offer comprehensive protection against existing and emerging Internet threats, including viruses, worms, Trojans, spyware, phishing, pharming and more. Cyberoam delivers the complete range of security features such as stateful inspection firewall, VPN – SSL & IPSec, gateway anti-virus and anti-spyware, gateway anti-spam, intrusion prevention system, content filtering in addition to bandwidth management and multiple link management over a single platform. Cyberoam is certified by the West Coast Labs with CheckMark UTM Level 5 Certification, ICSA Lab, an independent division of Verizon Business, and the Virtual Private Network Consortium. Cyberoam has received the 2008 Emerging Vendor of the Year award by Frost & Sullivan, ZDNet Asia IT Leader of the Year award for 2008-09, 2007 Global Excellence Awards for Integrated Security Appliance, Security Solution for Education and Unified Security, the 2007 Tomorrow’s Technology Today Award for Unified Security and was rated Positive by Gartner in its Marketscope for SMB multi-function firewalls. Cyberoam has offices in the Woburn, MA, USA and India. For more information, please visit www.cyberoam.com.

About Elitecore Technologies Limited
Elitecore Technologies Limited is the global provider of Cyberoam UTM appliances. Elitecore’s other divisions include Crestel Convergent Billing Solution that meets the voice, data, video billing and customer care requirements of Tier-1 service providers and 24online Billing and Bandwidth Management Solution for hotels, hotspots and Internet service providers. Elitecore has a strong R&D base and support center in India; it has sustained a healthy growth rate of over 75% since inception. For more information, please visit www.elitecore.com