Tenable Blog

Which Vulnerabilities Are You Looking For?

When Microsoft releases their patches each month, I find it interesting to review the criticality of each vulnerability. Microsoft has, in their typical fashion, used some very interesting wording to describe the latest batch of vulnerabilities. When reading each security bulletin, I try to imagine the worst-case scenario and look at the glass as half empty. Microsoft seems to paint a picture and believes the glass to be half full by using phrases such as:

In MS10-042: "The vulnerability cannot be exploited automatically through e-mail." - I believe what they are stating here is that the user can't just open up an email to have the exploit trigger. Instead, the user has to either open an attachment or click on a link. I can tell you from first-hand experience that it’s not difficult to get someone to click on a link. Typically, you just need to tell them that they've qualified for a free iPad. Getting the user to open an attachment is a little bit trickier, and usually requires more research about the target audience and/or organization. However, this does not mean the attack can't scale to trick thousands of people, as did an email appearing to come from the World Cup with an Excel document attached. The Excel document posed as a schedule for the World Cup, but really contained malware that attempted to infect the end-user's computer.

Welcome to the Tenable Network Security Podcast - Episode 42

You may even find an answer to the ultimate question of life, the universe and everything in this very episode!

Hosts: Paul Asadoorian, Product Evangelist

Announcements

• Several new blog posts have been published this week, including:
  • Tenable at Black Hat USA 2010!
  • Research Spotlight: Oracle Patch Auditing
  • Nessus and the Fight against Viruses
• New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
  
• Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.


• We're hiring! - Visit the web site for more information about open positions. There are currently 9 open positions listed, including a Digital/Web Strategy Coordinator.


• You can subscribe to the Tenable Network Security Podcast on iTunes!


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, Nessus plugin statistics and more!

We’ve blogged many times over the past few years about how Nessus can be used to scan systems for both the presence of some viruses as well as the presence of an effective antivirus solution. This blog provides an overview of all current Nessus virus and antivirus technologies available to HomeFeed, ProfessionalFeed and SecurityCenter users.

It’s All About the Information

"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information!"

The last part of the quote above always seems to play in my head during the course of an average day in information security. It really is all about information in many different aspects. One aspect I would like to highlight is collecting information about those who are attacking you. Specific information potentially useful to those defending networks and systems could be:

• The Software Itself - Perhaps the most useful information you can have, understanding what the malicious software (a.k.a. "malware") does is critical in being able to detect, prevent and remove it from your systems.
• The Users - Understanding how and why the end-user is using the software can provide some useful information (admittedly not as useful as analyzing the software itself). Malware can give an attacker a host of features. Knowing which ones are using it for denial of service attacks, and which groups are stealing bank data can help aid detection and forensics analysis (on both the system and the network).
• The Programmer - Probably the least useful to those defending networks on an everyday basis. Most authors of malware are most-likely motivated by profit, and create software to sell on the black market. Sometimes interesting things can be found in the software itself, indicating potentially where the software was created and providing hints as to the author's skill level.

I'd like to highlight some of the above information in this article (and an upcoming podcast) as it relates to botnets and malware. There is an endless supply of malware designed to perform a wide-array of "evil biddings". There is an entire economy behind botnets, including outsourcing, marketing and shady business schemes. All of this activity is happening on our networks today, leading to service disruptions from distributed denial of service (DDoS) attacks to theft of banking information.

Tenable has produced several configuration audits and updates to enterprise products, such as the Log Correlation Engine (LCE) and Passive Vulnerability Scanner (PVS), to help detect this activity in your environment. Nessus ProfessionalFeed customers can download the configuration auditing files that detect malware from the Tenable Support Portal Virus Detection Policies page (requires a Tenable Support Portal Login). For more detailed information on how Nessus is able to detect viruses, refer to the article Auditing Infected Systems for Viruses and Trojans with Nessus.

Welcome to the Tenable Network Security Podcast - Episode 40

Hosts: Paul Asadoorian, Product Evangelist

Announcements

• One new blog post has been published this week (several more are in the queue!):
  • Tenable Black Hat USA 2010 Party !
• New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both Black Hat Las Vegas 2010 and BruCon 2010. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner.
  
• Be certain to check out our video channel on YouTube that contains the latest Nessus tutorials.


• We're hiring! - Visit the web site for more information about open positions. There are currently 9 open positions listed, including a Digital/Web Strategy Coordinator.


• You can subscribe to the Tenable Network Security Podcast on iTunes!


• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, list Nessus plugin statistics and more!

Dennis Brown - Evil Malware, PDF Attacks, and more!