Wednesday, November 26, 2008

Event: Anti-Virus Researchers International Conference

One of the largest Asia-Pacific conference to discuss regarding anti virus and anti malware technologies, is going to be held in New Delhi, India, between 10th and 12th of December 2008. The experts from top antivirus software development companies would be presenting papers related to the future of anti virus, malware protection etc. Moreover the huge internet security software giant’s including F-Secure, K7 Computing, Symantec, Trend Micro, Norman, AVG, Kaspersky would be participating in AVAR 2008.

Some the topics to be presented will include

New Malware, New Environment, New Testing Standards by David M Perry (USA), Global Director of Education, Trend Micro.

Exploiting Anti-virtualization Techniques to Prevent Running of Malware by Andrew Lee, Chief Technology Officer (CTO) of K7 Computing (India).

Anti Malware Testing Standards Organization (AMTSO): The Status Right Now by Righard J. Zwienenberg (The Netherlands), Chief Research Officer, Norman. President, AMTSO

Cyber Terrorism by Swanand Dattaram Shinde (India), Software Engineer, Quick Heal Technologies.

To know more about the Association of Anvi-Virus Asia Researchers International conference & sponsors visit:

Monday, November 24, 2008

Future Trends in Internet Security

Internet is one of tremendous achievement in the recent history since the computer age started. In the beginning, when the internet was structured the commercials were not allowed. But later internet became one of the backbones for industries, shopping, banking sector and for other commercials, which resulted in high business and at the same time paved way for cyber crimes. Though in earlier days the rates of cyber crimes were less, now the advancement in computer software technology has substantially increased the online crimes causing serious cyber security threats. Now internet network is one of the most importantly considered infrastructures for commercials globally, if this is not secured properly, not only ecommerce is at risk but also the life of humans can also be at stake. That means the future is at risk without security.

Drawbacks of Unsecure Internet
An Unsecure internet is like a human without dress. So if internet is not secured then any one can trespass to connect to your computer over internet and steal your information. So internet security has become a greater challenge for both personal and commercial use. If a computer connected to internet is not secured, then it is vulnerable to multiple attacks which include packet sniffing, phishing, TCP / IP hijacking & Spoofing, redirecting the router and other such kind of active attacks. So a proper and secure infrastructure can alone prevent such kind of active attacks.

How to secure the internet from Vulnerability?
By analysing the past and present trends in the internet security, the experts have come with a new scenario about the future of internet security. The scenario when overlooked would be simple to read but it’s difficult to implement, unless and until, we people (internet users) are aware about it. The future IT trend will give the solutions that provide additional layer of security to the computer and internet. The recent IT trend is focused mostly on the future security measures which may include

1.) Website Security – Secure Sockets Layer, Web Internet Protocol (IP) Security

2.) Web Application Security - Web penetration testing, Denial of Service attack, Web Server Firewall, Protection for programming languages used in websites e.g. java, html etc used for designing the website.
3.) Desktop Security – Internet security suite, Firewall, Antivirus, Anti Spyware, Anti – Malware, Adware protection, Vulnerability Analyzer, Security based PC Utilities, Anti Spam including PGP / Smime e-mail

4.) Infrastructure Development for Enterprises – Biometric Authentication, Smart cards, Access Control

5.) Implementation of ISO (International Organization for Standardization) Model in Organisations

6.) Wi-fi or Wireless Security

Technically speaking, there are lot of confusions of what layer of security is required, or which kind of certificate is appropriate for PKI – Public key infrastructure, those suites globally and so on. Also the security measures that needs to be considered for extranets and intranets, which leads to a question of authentication level. So when a proper analysis is being made for security verticals including wire-less communications will provide a solution with key advantages. So for the base of website security the encryption and decryption level needs to be suggested by cryptographic experts. When it comes to computer security, it’s the effective desktop security solution that needs to prevent / protect an unauthorized access. This is because if the computer is vulnerable only there would be an unauthorized access, so if a comprehensive internet security suite is being installed in the computer, it works as a guard to the computer, prevent such vulnerable attacks and more over defending and shielding the computer from malicious attacks.

Though the government and internet councils has been trying to regulate the law of encrypted internet still it’s a very difficult task for them, due to lack of awareness. So once the awareness is being created, then we can assure that the future is secure. From present to future these changes will happen gradually from tiny to complex security. If any organisation wants to monopolize their security applications, then we are not getting the better security solution. The reason is more the competition is; better the product would be. So let’s welcome competition.

- Yuvaraj
Your Marketing Partner

Wednesday, November 05, 2008

Top 10 Reasons to have an Internet Security Suite

There might be thousands of reasons to use internet, but I would like to tell the top 10 reasons, to why you should have an internet security suite installed in your computer.

1. To safeguard yourself from hackers and phishers
2. To protect your identity and confidential information
3. To stop viruses, Trojans, Keyloggers, spyware and other malicious program running in your computer
4. To manage and prevent buffer overflow attacks
5. Parental and Privacy control
6. To stop unauthorized intruder accessing your computer
7. To avoid unwanted system crashes happening due to changes in the systems security settings
8. To prevent yourself from unwanted network, web-access and email traffic
9. Web Content-Filtering
10. For you to have COMPLETE PEACE OF :)
- Yuvaraj

Monday, November 03, 2008

Types of Phishing Methods, How to report Phishing attacks?

Before we start proceeding with the types of phishing, let’s understand what is phishing? Phishing is a kind of online fraud or theft committed in disguise over the internet. The interesting thing here is phishing websites are live just for an average of 6 hours, though the latest trends report that an average time a phishing website online is around 3.8 days, with one or two updates. Within this time line lakhs of internet users fall prey to the phishers. You may ask me, is there a way to stop falling prey to the phishers completely. My answer would be a big “NO”, because most of them are not aware about what are phishing attacks, and the approach of the phishers. Once people, I mean the Internet Users are aware about the phishing technology used, then on an average of 75% of cyber users can be safe.

I see most of the people can live without a girl friend, but not without a internet says one of my blogger friend in his Everything about security blog under the topic Internet Security – The Purpose Internet Security Market Computer Security.So let me explain certain methods a phisher or an online thief uses.

Types of Phishing attacks

There are different methods of phishing; a phisher counterfeits to steal an identity and confidential information. The phishing methods include

Deceptive Phishing – is a method in which the phisher creates an email messaging stating that account is expiring or suspended and some other reason, with a URL, which intends to be looking like the original website. But if clicked the site will be redirected to a fake URL. For instance, if a original site is, the site will take you to or so. So if the user gives the information, he would be falling prey to phisher.

Also see how the a phisher shoots email and website claiming to be from Axis Bank formerly UTI Bank here -

Malware Phishing – refers to malicious software based phishing attack. The phisher creates some malicious software in form of exe and injects it into a user’s PC over the internet. So malware, gathers all the necessary information and sends it to the third party, i.e. the phisher.
Trojans and Worms Based phishing, mostly commonly enters in to the user’s PC via email or some other unwanted website, when the users downloads an email attachment or so invisibly and collects the confidential information from the user’s computer and transmits it to the phisher.

Spyware and Keyloggers are also kind of malwares, which monitors the systems activities and note the keyboard impressions and send it to the phishers. The phishers will use this key typed data and recognizes the password to hack a computer.

Online Session Hijackers monitors the users activities, and targets the sign-up, sign in times, once the session is started, the virus or worms make an unauthorized transaction without the user’s knowledge. The User would be realizing that additional funds have been transferred to some other unknown account, only when he sees the transaction receipt or statement.

DNS Phishing Method is a method where the host file is being poisoned with some other bogus fake address. A fake website is created like the same original website, and when the users believes it to be a real website and enters his confidential information he/she falls prey to the phisher. This is also known as Pharming, as a fake website is being created and managed by a phisher to steal user’s identity.

Faulty Website Phishing – A phisher registers with a website address similar to the one already available in the website. For example – my original website would be whereas a fake website would be created in the name ,which ad user won’t be able to identify it, as the name is similar. Also sometimes, when the URL is being added in the favourites in browser would be changed with the faulty website, and the phisher would be easily able to gain access as the user believes that it is from the favourites, and a true website he added to the favourite folder.

Content Injection Phishing is a method where the phishers gains access to a legitimate website and changes the content of the page, with his fake content to redirect the website visitor to his fake website, to gather their information steal their identity.

Man-in-the-Middle attacks – is a kind of phishing attacks, where a phishers plays the role of an intermediate between two users to complete an transaction, and once the any of the users go offline, they will secretly collect all the information and sell or use it for stealing financial information. This kind of phisher are difficult to identify as the transactions would be completed success but later only realised that some confidential information has reached to a third party and used when the users system is inactive.

There are also phishers who creates website more attractive, stating that they can purchase things at attractive discounts using their credit cards and so. When the user gets attracted to the phishers discount offer and purchases, the credit card would be charged, but they won’t get the material or the product ordered, and finally realize that there is not physical address existing for that website.

How is a phishing attack reported?
If you find or feel that seems to be phishing website you can report it to APWG (Anti-Phishing Working Group). The life of a phishing website is minimal because, if suspected, the criminals would be caught red-handed easily. So they make it live for few hours, shoot an bulk emails, see how many people fall prey to their attack, gather the information, steal their identities , financials, and anything that is possible and make the website inactive. The mail would be shot to thousands and lakhs of internet users, out of which a few might report it and the site shut down process and tracking the criminals would be taking place. Say for example if an phishers creates a fake website for online banking or online shopping site, and shoots out a bulk email, they customer may report it to the concern organisation, bank or shopping site domain holder. So the domain holder will report it to the local Computer Emergency Response Team, who will in turn check out and report to the cyber crime authorities, and the cyber crime police authority will check from where the website is hosted, and asks the concern ISP to stop or de-activate the IP, and see who has did such kind of fake website and nap the thief. Because of getting caught the phishers make the site active only for few hours.

Also we have been updating the virus news and vulnerability news in under the topic virus and risks, thought you would be interested in knowing the lastest security threats news. :)

Also know more about adware, spyware, virus, rootkits, trojans, firewalls at

Sunday, November 02, 2008

Endpoint Security PC Protection – Anti Virus, Anti-Spyware, Firewall –Intrusion Prevention, Anti Malware Software Program

What is End-Point Security?

End-Point Security is the measures that are being taken to access the risks at endpoints and protect them. In simple words, endpoint security is the security implementation methods concerned to prevent and protect the network, which include the Enterprise firewall systems, client antivirus with anti malware software program, spyware detection and removal tools to prevent intrusions (Access Control) and delete i.e. quarantine the unwanted programs such as viruses, worms, Trojans, malware, spyware, adware and other hacking tools trying to get unauthorised access to the computer. An effective Endpoint Security system monitors the risks, takes the necessary security measures and also has a reporting system to provide the results of the security measures taken by the end-point security system (Firewall, Antivirus, or internet security suite) through log files, which would be used by the management and administration, to make more effective build.

What is the benefit of using an Endpoint Security System?
The security threats and vulnerabilities are always in an increasing rate day-to-day. So it has become essential to protect the WAN (Wide Area Network) and LAN (Local Area Network) Endpoints. So an Effective Endpoint Security if implemented maintains a safe productivity level and helps the businesses to improve their business results by preventing losses that occur due to vulnerability and security incidents happening over the computer network.

What are the current security threats and vulnerabilities?
New types of internet security threats are emerging on a regular basis, which makes our computer vulnerable to hacker attacks. The vulnerabilities include buffer overflow attacks, key-loggers (Key Stroke Loggers), spam emails, email worms, zombies, Trojan horses, DDOS Zombies host, spyware, adware’s, malware and so on. Also nowadays many of these types of vulnerabilities and threats are being injected into the computer, when a user downloads a free software, or gaming, or porn websites, and even via unsecure emails, which causes disruptions to the endpoints. Since most of the business transactions are being transmitted over the network, the endpoints have now become the primary target to phishers and hackers. So the enterprises needs to confront for the endpoint security systems to secure the core business related materials and confidential information. Click to view the current internet security threats and vulnerabilities.

Endpoint Security System – What does it consist of?
An Endpoint security System tools include Client Antivirus, Firewall – Host intrusion prevention system, Anti-Spam with Email Scanners, Anti-Spyware removal tool, adware blocker tools, root-kit prevention, anti-Keyloggers programs, endpoint vulnerability assessment tools, patch management remediation programs, client remote access (IPSec VPN , SSL VPN ie. Secure Sockets Layers Virtual Private Network), Regulatory Compliance, Endpoint management and policy enforcement, host detection and compliance, endpoint policy development and communications, Reporting and logging security threats and vulnerabilities, and action taken to prevent them.

Is taking a Bank Loan Good or Bad?

Definitely taking a bank loan shouldn't be a choice for you and should be the last resource if you need to. You may be wondering, why am...