In the last couple of months Infigo IS noticed a growing number of targeted attacks where attackers use various phishing techniques in order to distribute malicious programs. The latest of such attacks were targeted to CEOs and CFOs of various organizations. 

The attackers typically sent e-mail messages that spoofed the Better Business Bureau or the IRS (Internal Revenue Service). E-mail messages inform the victim about a complaint about their business service. In order to resolve the complaint, the victim must open the attached document. An interesting detail about these attacks is that attached documents are in the RTF (Rich Text Format), with embedded executables. As these documents do not exploit any Microsoft Office vulnerabilities, the attackers are using social engineering in order to entice the victim to execute the embedded file, after which various malicious programs are installed on the infected machine.

Attacks such as these once again show the need for defense in depth, as well as user awareness and education.

The 30th International Convention MIPRO took place in Opatija from 21th to 25th May 2006. The Convention covered topics in information and communication technology, electronics and microelectronics. Within ISS - Information systems security track our experts Ivana Marijanović and Hrvoje Šegudović presented their paper "Scaling of Values of Multiplicative Method for Risk Evaluation".

The paper analyzes different ways of defining multiplicative risk assessment methodology by manipulating nonlinear and independent value scales. Furthermore, the paper also discusses the possibilities of practical use of this methodology in various situations.

The paper will soon be available at INFIGO's whitepaper section.

The 7th Windays business and technology conference, organized by Microsoft is taking place in Opatija from 24th  to 27th  April 2007.

Our information security experts will hold two presentations on Windays 2007 conference. Hrvoje Šegudović will give a lecture covering the topic "Operational risk management – Croatian National Bank Guidelines and ISO 17799/27001", in which he will explain the correlation between Croatian National Bank Guidelines and International information security standards.

Saša Jušić and Leon Juranić will give a lecture covering "Security of client applications". The lecture will describe the main aspects of client applications security as well as some of the techniques and tools which can be used for discovering security flaws of client applications.

More information about the Windays 2007 conference, as well as the conference programme can be found at the official Web page.

Infigo IS was invited to hold a lecture on April, 19th 2007. covering the topic “Information security -  a new star on Croatian market” which was organized by e-STUDENT.
Saša Jušić held a lecture, and some of the topics discussed were:

- our experiences in founding a company,
- information security,
- position of information security on IT market.

Within this lecture Leon Juranić held a demonstration of system intrusion.

Internet Storm Center has published information about 0-day vulnerability in the Windows DNS Server service. The vulnerability which affects Windows 2000 and 2003 Server operating systems with the DNS Server service running has been found during a forensic analysis of a compromised server at the Carnegie Mellon University. This vulnerability is rated highly critical as the vulnerable service runs commonly on Active Directory servers.

Shortly after ISC published details about the vulnerability, HD Moore published a Metasploit module that exploits the vulnerability. Infigo IS confirmed that the Metasploit module works correctly on Windows 2000 servers. The Metasploit exploit does not work on Windows 2003 servers due to DEP (Data Execution Prevention).

Microsoft published advisory KB 935964. The advisory lists suggested workarounds. Infigo IS recommends that these workarounds are applied on all critical servers, especially those reachable over the Internet. The workaround does not correct the vulnerability, but stops attack vectors. A word of caution: the workaround will prevent remote DNS management tools from functioning. Thus, in order to manage the DNS Server service an administrator will have to run these tools locally.