Peer Pressure Drives Many To Acquire Security Certifications
Mike Murray, also with InfoSec Leaders and co-founder of MAD Security, said as a manager, he has never hired or promoted someone based on a certification: "I can't remember a time I've ever done that or known anyone who did that," he said. ...
by Marcia Savage
Until this week, Malwarebytes went about its business of tracking and removing malware pretty quietly. But on Monday, the company went public so to speak, announcing that it recently reached 100 million downloads, completed an acquisition, expanded its operations, and is developing a version of its product for the SMB market.
Based in San Jose, Malwarebytes got its start back in 2004, when CEO Marcin Kleczynski was working as a technician at another company and saw many computers infected with malware. At the same time, his home machine became infected; after three days of scouring Web forums, he managed to get rid of the infection, and in 2006, he released a free anti-malware tool, Rogue Remover. Malwarebytes Anti-Malware was released to the public in 2008, and has since built a reputation for being able to remove malware that well-known antivirus programs failed to detect or clean up.
The company positions its behavior-based technology as complementary to antivirus software and works with many antivirus companies to ensure compatibility. It also partners with vendors such as Barracuda Networks, which packages Malwarebytes Anti-Malware with its hardware.
“We’re not designed to replace antivirus,” Kleczynski said in an interview. “We knew there was this gaping hope in antivirus technology. We don’t go after file infectors or certain threats. We go after what we think antivirus is bad at.”
Malwarebytes recently completed its acquisition of HPHosts, which provides a blacklist of malicious websites, ad servers and tracking servers. The company said the deal will help ensure that it can protect against the newest malicious IP addresses and block the Web servers used to distribute the malware.
Malwarebytes also announced that it expanded its operations into the EMEA market by hiring Fernando Francisco to lead its operations there.
The company’s roadmap includes a corporate version of its software designed for the SMB market, slated for release in three to six months. “On the enterprise side, we know there are specific needs… The need to pull up reports, manage the product in real time, and simplify deployment of our product on a large scale,” said Marcus Chung, executive vice president and COO.
Malwarebytes Anti-Malware currently is available in two versions: a free, manual one that removes malware from systems, and a fully-licensed PRO version that provides real-time malware protection. When it first started, the company’s business was 85% consumer but its corporate side has grown and today accounts for 25%, Chung said.
by Robert Westervelt
Phony message tricks users into logging into a bogus AdWords account to “reactivate” a Google AdWords campaign.
A new phishing attack targeting users of Google AdWords has surfaced in a variety of spam emails, according to security vendor Sophos.
Users of the AdWords service may be easily tricked by a phony email message purportedly from Google warning that their AdWords campaign has been suspended. If the user is tricked into clicking a link, the person is forwarded to a phony Google AdWords page and prompted to log into their account. Attempting to log in on the phony page immediately exposes the victim’s account credentials, according to Sophos’ Graham Cluley.
“It’s a realistic replica of the main Google AdWords page, created with some care in an attempt to phish your credentials off you. And don’t forget, your same username and password will be not just used by Google AdWords, but also Gmail, Google Docs, Google+ and so forth.”
We’ve heard that account credentials have been growing in value to cybercriminals, while at the same time credit card information, which has flooded the black market, has declined in value. Microsoft’s Security Intelligence Report, issued in May documents the trend. In 2010, according to Microsoft, phishing impressions from social networks – a single instance of a user attempting to visit a known phishing site – increased from a low of 8.3% of all impressions in January 2010 to a high of 84.5% of impressions in December.
As people put more of their daily lives on social networks and in other public forums, phishers may be gaining the upper hand. Cisco Systems Inc. recently documented an increase in Spear Phishing attacks. Those attacks target a subset of users at an organization or individuals with very specific and convincing phishing messages. Cisco said spear phishing netted cybercriminals $150 million in June by its estimate.
Symantec’s most recent Intelligence Report (PDF), which gathered statistics in found that in July phishing activity was detected in one in every 319 emails. The number of phishing websites decreased by 6.76% in July. The numbers are typically cyclical depending on the time of year with spam and phishing increasing during peak shopping seasons.
Tell device-hungry staff to BYO
SC Magazine Australia
Staff are happier and more productive using their own devices, but infosec managers must balance security with flexibility. The last six months has taught us that the consumerisation of IT continues to be the ...