Security Advisor

Trojan May Cause Users To Reinstall Windows

Trojan:Win32/Popureb.E can only be completely removed by wiping a system and starting from scratch. Plus: Microsoft vs. Mozilla heats up; Sony readying for wave of class action lawsuits based on PlayStation Network outage.

• By Jabulani Leffall
• 06/27/2011

Rootkits and bootkits are not only taking root but knocking the boots of Windows systems, compelling admins to reboot, according to this blog post .

According to Redmond, a new variant of a Trojan "Popureb" bores so deeply into the OS that the only way to keep it from literally taking root is a full wipe and reinstall with the actual installation disk out of the box -- or as Chun Feng with the Microsoft Malware Protection Center puts it, restoring the OS to its  "pre-infected state."
"If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system.... "wrote Feng.

The post is called  "Don't write it, read it instead!," referring to code changes in pertinent disk sectors affected by the bug. The advise given is to make sure malicious code isn't inadvertently written into lines of code because Popureb is designed to prevent "the malicious MBR and other malicious data stored as disk sectors from being changed."

Whether it's reading or writing of code, or reading the signs of more intelligent malware, admins would do well to read between the lines on how rootkits can muck up their Windows architecture.

Reinstallation can be a pain, but top-line planning can streamline tasks. So speaking of writing, IT pros should be writing effective change control, system restore and segregation of duties policies and procedures to make sure programmers and in-production developers (as well as network admins and IT security personnel) are separately assigned tasks related to their own specialties in the larger processing environment.

IE vs. Firefox Becomes Backdrop of Blogathon
Browser wars between Microsoft and its competitors continue this week with more salvos lobbed at Mozilla Firefox.

The latest tiff involves IE director Ari Bixhorn's assertions on his personal blog that as Mozilla winds down support for Firefox version 4, Internet Explorer continues to pick up that slack.

The twist here is that Bixhorn made a personal overture to John Walicki, workplace and mobility manager under the chief information officer of IBM in the post.

"I think I speak for everyone on the IE team when I say we'd like the opportunity to win back your business," said Bixhorn. "We've got a great solution for corporate customers with both IE 8 and IE 9, and believe we could help you address the challenges you're currently facing."

Such overtures are not widely uncommon, but when coming on the heels of another beef over the viability and integrity of WebGL, (Web-based Graphics Library) an application programming interface (API) function used by Firefox, Microsoft's competitive agenda seems pretty transparent.

Or does it?

In a clear departure from the company line and in a previously separate and seemingly unrelated personal blog entry Avi Bar-Zeev, principal architect of Microsoft's Bing Mobile,  said such assertions by Microsoft give the impression that "Microsoft runs away from security issues that require some modest technical mitigation."

He goes on to say that operating systems and security mitigation are what Microsoft is known for.

 "[Operating systems are] our bread and butter. Why would we run away from that challenge with such an alarmist attitude of 'shut it off, shut it off, it might hurt me!'"

A sidebar to this exchange of words and ideas is the growing power and circulation of corporate blogs and personal blogs of corporate employees, and how leaks, arguments and ultimately competitive advantage all coincide in the blogosphere. Such a trend bears watching, especially where security is involved.

New Lawsuit: Sony 'Cut Corners' Ahead of PlayStation Breach
Three New York PlayStation Network users are proving IT security is not a game, even among gamers. An announcement came late last week that they were filing suit in a federal court in California alleging that Sony spends  "lavishly" to secure its own proprietary data, yet it is noticeably "cutting corners" when it comes to safeguarding the personally identifiable information (PII) of the customers on its network.

The joint plaintiffs, Felix Cortorreal, Jimmy Cortorreal and Jacques Daoud, say, among other things, that Sony was negligent in doing proper due diligence on its own privacy violations and judiciary duties to users. Specifically a "breach of contract," is alleged on as far as protecting customer data is concerned.

This follows an earlier suit filed in Alabama by Kristopher Johns of Birmingham, who also filed suit in a San Francisco federal court based on essentially the same thing about negligence.

Although Sony has done plenty of damage control -- like this blog post saying there was no financial harm done to network users -- it's clear that Sony will not become a sort of sacrificial lamb, at the very least from a PR standpoint, of large security breaches, both in the entertainment industry and in the corporate world.

Sony has already provisioned a special charge against earnings in an effort to determine a monetary damage of the breach and demonstrate that action's being taken.

Specifically, the company's $171 million in losses will cover repair, enhanced security measures and identity theft protection architecture, plus a "welcome back" program that offers customers free digital content. But, according to earnings forecasts released in May, the true cost the company has provisioned for is $3.2 billion is in anticipation of class-action lawsuits and other legal entanglements.