FireHost Provides Customers with Real-Time View of Attacks That Are Blocked From Their Websites and Applications

FireHost, a Dallas based company that focuses on providing secure Web hosting solutions, announced a new feature today which enables its customers to see blocked attacks against their websites and applications in real-time.

As part of FireHost's customer portal and available for no charge to customers, the new “Security View” features allows customers to view topical information about the blocked attacks by specific type, date, and originating region, giving businesses awareness to help position themselves publicly as security-conscious organizations.

Network security and unified threat management (UTM) solutions provider, Fortinet, in its January 2011 Threat Landscape report, revealed a 61 percent exploitation rate of new vulnerabilities discovered in January and tracked by FortiGuard Labs.

Fortinet says that during a typical month, exploit activity falls between 30 percent and 40 percent. Half of new vulnerabilities rated as "critical" were targeted, opening doorways for an attacker to execute any command(s) on a target machine.

"It is no secret that software vulnerabilities continue to be disclosed in large numbers on an ongoing basis -- especially critically rated ones," said Derek Manky, senior security strategist at Fortinet's FortiGuard Labs. "Hackers are sinking their teeth into unprotected systems, thanks to readily available exploit code and attack frameworks that support these new vulnerabilities. Since they are freshly disclosed, not everyone may have up-to-date signatures or proper patches in place. It is imperative to ensure both are updated in a timely fashion in order to effectively combat this threat. Also, with the use of communication through common protocols, application control is becoming more important in identifying malicious activity on the application level."

Top Three Malware Detections for January 2011

The Feebs, Buzus and Virut Trojans remained persistent and active this month. Feebs is a mass mailer that uses Javascript to infect systems. The "mal"-mail typically contains a password protected archive, along with the information in the mail body. Buzus, on the other hand, was more prevalent in the spam scene, sending infected attachments of itself using a variety of spam campaigns.

Two Virut variants surfaced during this report period and, as of the time of the report, Fortinet says they are still receiving commands from Virut controllers to download and execute malware. Virut.U uses an updated IRC channel and encrypts all traffic to this IRC channel, while Virut.A continues to connect to the IRC server "proxim.ircgalaxy.pl" unencrypted. Both variants are using port 65520 for connection. Virut, which has been around since 2006 and has been in Fortinet's Top 10 and Top 100 lists ever since, is a rigid file infector that contains a bot component, making it very difficult to clean since it spreads to thousands of files on a system once it hits. FortiGuard Labs observed Virut downloading other botnets, meaning an infected system would soon have multiple pieces of malware in place. Virut is one of the most persistent botnets the lab sees today, since it is tough to remove from an infected system, uses a public IRC domain and has hybrid spreading capabilities.

It’s official. The IANA (Internet Assigned Numbers Authority) this week allocated the last IP address blocks from the global IPv4 central address pool.

While the last IPv4 addresses have been allocated, it’s expected to take several months for regional registries to consume all their remaining regional IPv4 address pools, with recent trends suggesting that Asia, Europe, and North America will exhaust in that order within a month or two on either side of July 1, 2011, according to the IPv6 Forum. Transition planning and adoption of IPv6 is critical to the on-going stability and growth of Internet Protocol based ICT, not only in the public Internet but in every facet of your office, home and mobile electronic existence where TCP/IP and other IP protocols are used. Training, management, support, billing, security and applications development need to be engaged to allow you to be IPv6 ready.

On June 8, 2011, the Internet Society (ISOC) has coordinated "World IPv6 Day," a one-day "test drive" of websites offering IPv6 support designed to offer a global-scale test flight of IPv6, where major web and networking companies and other industry leaders will enable IPv6 on their main websites for 24 hours.

“Google has been supporting IPv6 since early 2008, when we first began offering search over IPv6. Since then we’ve brought IPv6 support to YouTube and have been helping ISPs enable Google over IPv6 by default for their users,” according to a blog post by Lorenzo Colitti, a Network Engineer at Google. “On World IPv6 Day, we’ll be taking the next big step. Together with major web companies such as Facebook and Yahoo!, we will enable IPv6 on our main websites for 24 hours. This is a crucial phase in the transition, because while IPv6 is widely deployed in many networks, it’s never been used at such a large scale before.”

“Many believe that the move to IPv6 should be a board-level risk management concern, equivalent to the Y2K problem or Sarbanes-Oxley compliance. During the late 1990s, technology companies worldwide scoured their source code for places where critical algorithms assumed a two-digit date. This seemingly trivial software development issue was of global concern, so many companies made Y2K compliance a strategic initiative. The transition to IPv6 is of similar importance,” according to Ram Mohan, EVP and CTO at Aflias and a SecurityWeek contributor.

“It will take years for the Internet to fully switch to IPv6, so organizations need to prepare for a world in which both protocols are used simultaneously. CIOs who have not planned IPv6 transition plans as part of their strategic agenda must act now, or risk the entire enterprise online,” Mohan explains.

The IPv6 Forum, a group with the mission to educate and promote the new protocol, recommends to all people involved in ICT, to leverage 2011 and 2012 for planning and rolling out IPv6. Enabling IPv6 in all ICT environments is not the end game but is now a critical requirement for continuity in all Internet business and services going forward. Production quality deployments will take time, starting late and accelerating the process will compromise quality and significantly raise the costs. The last thing that everyone should avoid is to have to rapidly deploy an unnecessarily costly IPv6 infrastructure to sustain growth and communicate with customers, suppliers, and partners.