Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.

Wednesday, November 16, 2011

No Surprise: Android Malware is Increasing

It should be no surprise to anyone in the security industry that Android-based malware is up 472% since July 2011 according to Juniper. If you've been following the news this year, you would already have known malware on Android has been increasing faster than on any other platform. Malware targeting smartphones is up 250% from 2009 to 2010.

It's a good reminder why you need security on your network, and for mobile devices. While your secure web gateway provides security when you're on the corporate network, mobile devices like those running Android typically roam to other networks as the end-user takes the device home and on trips.

That's when cloud based security becomes important. Cloud and mobility make sense together, since the mobile client will be tied to a cloud security solution regardless of the network the end-user is using. As we see more mobility, you'll undoubtedly see more secure web vendors touting cloud as the solution.

Thursday, November 10, 2011

7 Charged With Using Malware to Rack Up $14 Million

The recent news that the Department of Justice has indicted seven people for allegedly hijacking millions of computers, manipulating traffic on popular websites, and generating more than $14 million in fraudulent advertising revenue, shows that malware does indeed enable cyber-criminals to make plenty of money, which is a good indicator that there will continue to be waves of cyber-criminals and malware in the foreseeable future.

From the PC World article on the recent news:

The defendants -- six Estonians and one Russian -- allegedly hijacked more than 4 million computers using malware that rerouted Internet traffic to websites where they would get a cut of the ad revenue. Infected computers with users looking for popular websites such as Netflix, Amazon, and iTunes were rerouted to webpages that featured the defendants’ ads.

This case is supposedly the "first of its kind," according to US Attorney Preet Bharara, because the suspects set up their own "rogue servers" in order to perform the rerouting. Using their rogue servers, the defendants were allegedly able to substitute legitimate Internet ads with their own ads, thereby generating millions in advertising revenue.

According to BusinessWeek, the indictment cited a case in which an American Express ad on the Wall Street Journal's home page was replaced -- instantly, once users clicked on it -- with an ad for "Fashion Girl LA."

About 500,000 of the infected computers were located in the United States, Bharara said in a news conference in New York. The alleged scheme, which ran from 2007 to 2011, was first discovered at NASA, where 130 computers were infected.


It's an interesting case, because it uses malware to redirect the end-users browsers and basically force them to click on ads that would help the hackers make money. It could just as easily have redirected users to more malware sites.

This particular news item highlights the need to have visibility into where end-users are going on a corporate network, and to figure out what computers have been hacked and are sitting on your corporate network.