<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style></style>
<table class="backgroundTable" width="100%" cellpadding="0"
cellspacing="0" bgcolor="#ffffff">
<tbody>
<tr>
<td valign="top" align="left">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top: 0px solid rgb(0, 0, 0);
border-bottom: 1px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255); text-align:
center;" align="center"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 200%;
font-family: verdana; text-decoration: none;">Email
not
displaying correctly? <a
href="http://www.oplin.org/4cast/"
style="font-size: 10px; color: rgb(0, 0, 255);
line-height: 200%; font-family: verdana;
text-decoration: none;">View
it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(51, 51, 51);
border-bottom: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255);">
<center><a href=""><img id="editableImg1"
src="cid:part2.01050207.02060208@oplin.org"
title="OPLIN" alt="OPLIN 4Cast" align="middle"
border="0"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width: 763px; height: 877px;" cellpadding="20"
cellspacing="0" bgcolor="#ffffff">
<tbody>
<tr>
<td style="font-size: 12px; color: rgb(0, 0, 0);
line-height: 150%; font-family: trebuchet ms;"
valign="top"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
bgcolor="#ffffff">
<p><!-- Make sure you modify the 4Cast title in this section -->
<span style="font-size: 20px; font-weight: bold;
color: rgb(0, 0, 0); font-family: arial;
line-height: 110%;">OPLIN 4cast #344: Basic
protection</span><br>
<!-- Make sure you modify the date of the 4Cast in this section -->
<span style="font-size: 11px; font-weight: normal;
color: rgb(102, 102, 102); font-style: italic;
font-family: arial;">July 24th, 2013</span></p>
<!-- Begin copy of Web Source here -->
<p style="text-align: justify;font-size: 16px;
font-family: arial; line-height: 110%;"><img
alt="virus"
src="cid:part4.02040909.06040700@oplin.org"
height="107" width="115" align="left">There was
an interesting posting on the <em>codeinsecurity</em>
blog a little over a month ago, which we didn't
see until recently, called "<a
href="http://codeinsecurity.wordpress.com/2012/06/13/the-anti-virus-age-is-over/">The
anti-virus age is over</a>." The author, Graham
Sutherland, argues that anti-virus (AV) programs
cannot keep up with all the new types of malware
in circulation and should just be considered "...a
filter for the most basic attacks." We know a lot
of libraries still depend primarily on AV software
for protection, so it seemed like it might be
worthwhile to look this week at some of those new
types of malware mentioned by Mr. Sutherland.
(We've put the names of the malware types in
bold.)
</p>
<div> </div>
<ul style="text-align: left;">
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.wisegeek.org/what-is-a-polymorphic-virus.html">What
is a polymorphic virus?</a> (wiseGEEK) "Human
viruses are infamous for being able to mutate
rapidly to avoid detection and prevent the
buildup of immunities, and when a computer virus
has a similar trait, the results can be
unpleasant for computer users. It can be
difficult to mount an adequate defense against a
<strong>polymorphic virus</strong>, even with
excellent antivirus software which has been
designed to attempt to detect such viruses."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.darkreading.com/vulnerability/advanced-persistent-threats-the-new-real/240154502">Advanced
Persistent Threats: The new reality</a> (Dark
Reading/Michael Cobb) "What is an <strong>APT</strong>?
Though the term originally referred to
nation-states engaging in cyber espionage, APT
techniques are also being used by cybercriminals
to steal data from businesses for financial
gain. What distinguishes an APT from other
threats is that it is targeted, persistent,
evasive and advanced. Unlike the majority of
malware, which randomly infects any computer
vulnerable to a given exploit, APTs target
specific organizations with the purpose of
stealing specific data or causing specific
damage. The Conficker worm, for example, used
many advanced techniques but did not target a
particular organization. It infected millions of
computers in more than 200 countries. In
contrast, Stuxnet was designed to target a
certain type, a certain brand and a certain
model of control system."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.theregister.co.uk/2013/04/04/apt_trends_fireeye/">Advanced
Persistent Threats get more advanced,
persistent and threatening</a> (The
Register/John Leyden) "Attackers are getting
even smarter by coming up with sneakier way to
evade detection. For example, FireEye has <a
href="http://www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html">uncovered
examples of malware</a> that execute only when
users move a mouse, a tactic which could dupe
current sandbox detection systems since the
malware doesn't generate any activity. In
addition, malware writers have also incorporated
virtual machine detection as a means to
frustrate security analysis of their wares and
DLL files to improve persistence. By avoiding
the more common .exe file type, attackers using
DLL files stand a better chancing of avoiding
detection for longer."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.networkworld.com/newsletters/techexec/2013/032213bestpractices.html">New
course teaches techniques for detecting the
most sophisticated malware in RAM only</a>
(Network World/Linda Musthaler) "The part of The
Invisible Man is now being played by highly
sophisticated malware that is <strong>memory-resident</strong>
only. Because it only exists in RAM, the malware
never gets written to disk, which is where you
would normally look for most kinds of malware.
It's a real challenge to find the malware in RAM
until you follow the subtle clues that indicate
something is there that shouldn't be there."</li>
</ul>
<div style="text-align: left;"> </div>
<p style="text-align: left; font-size: 20px;
font-family: arial; line-height: 110%;"><small><strong><em>Sandbox
fact:</em></strong></small><br>
</p>
<div style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;">One
article above mentions a "sandbox." Anti-virus
software can sometimes combat difficult malware by
using a virtual environment (sandbox) on a
computer to run and test code from untrusted
sources before it is installed for actual use.
</div>
<div style="text-align: left;"> </div>
<!-- End paste of web source here --> </td>
</tr>
<tr>
<td style="" solid="" background-color:="" rgb(255,=""
255,="" 255);="" >="" valign="top" width="760"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"><span
style="font-size: 10px; color: rgb(96, 96, 96);
line-height: 100%; font-family: verdana;">
<hr><!-- Begin standard subscription verbiage -->
<div style="text-align: justify;">The <strong><em>OPLIN
4cast</em></strong>
is a weekly compilation of
recent headlines, topics, and trends that could
impact public
libraries. You can subscribe to it in a variety
of ways, such as: <br>
</div>
<div style="text-align: left;"> </div>
<ul>
<li style="text-align: justify;"><strong>RSS
feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the following
URL:
<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/index.php/?feed=rss2">http://www.oplin.org/4cast/index.php/?feed=rss2</a>.
</li>
<li style="text-align: justify;"><strong>Live
Bookmark.</strong>
If you're using the Firefox
web browser, you can go to the 4cast website
(<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/">http://www.oplin.org/4cast/</a>) and click on the
orange "radio wave" icon
on the right side of the address bar. In
Internet Explorer 7, click on
the same icon to view or subscribe to the
4cast RSS feed. </li>
<li style="text-align: justify;"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and
OPLINtech) by subscribing to
the 4cast mailing list at
<a class="moz-txt-link-freetext" href="http://mail.oplin.org/mailman/listinfo/OPLIN4cast">http://mail.oplin.org/mailman/listinfo/OPLIN4cast</a>.
</li>
</ul>
</span> </td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 204);" valign="top"
width="760"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickfooter.jpg">
<br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<title>OPLIN 4Cast</title>
<style>
.headerTop { background-color:#FFFFFF; border-top:0px solid #000000; border-bottom:1px solid #FFFFFF; text-align:center; }
.adminText { font-size:16px; color:#0000FF; line-height:200%; font-family:verdana; text-decoration:none; }
.headerBar { background-color:#FFFFFF; border-top:0px solid #333333; border-bottom:0px solid #FFFFFF; }
.title { font-size:20px; font-weight:bold; color:#000000; font-family:arial; line-height:110%; }
.subTitle { font-size:11px; font-weight:normal; color:#000000; font-style:italic; font-family:arial; }
.defaultText { font-size:12px; color:#000000; line-height:150%; font-family:trebuchet ms; }
.footerRow { background-color:#FFFFCC; border-top:0px solid #FFFFFF; }
.footerText { font-size:10px; color:#996600; line-height:100%; font-family:verdana; }
a { color:#0000FF; color:#0000FF; color:#0000FF; }
</style>
</body>
</html>