With the advent and uptake of Web 2.0 and its associated server environment of P2P networking, social networking, bookmarking, media sharing, blogs, wikis and RSS feeds, the boundary between the trusted network and the Internet is quickly disappearing.

The question is, is whether this leaves an organisation open to a new generation of threats and, if so, just how bad are they and do will they compare to the known threats of today? Experts feel that these new threats may be make todays threats seem benign. If you consider that several years ago, Email was the main method for delivering malware. Now, Email is used to direct the user to a website where HTTP is used to deliver the malware.

However, this isn’t necessarily the concern for the security of the organisation. The whole premise of Web 2.0 is its collaborative nature. Sites like MySpace and FaceBook are only successful if the users, use them. Bookmarking sites like StumbleUpon, Technorati and the like allow users to share their bookmarks and Blogs allow users to disseminate information.

Whilst this in itself is not a problem, the main issue is that data can be leaked from a corporate entity very easily, and with the effectiveness of Web 2.0 technology becomes disseminated even more quickly.

If the information had been leaked using email, the threat has a short time-frame – delete the message and it’s gone. However, data that is leaked through Blogs and Social Network sites can have an extremely long life time because the data is generally stored in searchable archives, thus reasonably easy to retrieve for anyone.

This is not the only challenge though. Corporate data is being outsourced to web-based hosting not only to save money but to allow an ease of sharing across remote locations. The issue is that web-based hosting vulnerabilities can exist and these are exploited by hackers.

Phishing attackers use Web 2.0 extremely well. Phishing sites built using Rich Internet Applications (RIAs) appear legitimate and seasoned users and early-generation security solutions are fooled.

On the other side of the coin, legitimate stand-alone RIAs are powerful because they offload most of processing to the client machine via a client engine that acts as an extension of the user’s browser. This client executable can be used as a vector for malicious code.

Then, RIAs that use ActiveX plug-ins, a common RIA technique, are especially vulnerable to attack. According to Symantec, 89% of browser plug-in vulnerabilities disclosed in the first half of 2007 affected ActiveX plug-ins in Internet Explorer.

Embeded executable XML malware on popular legitimate websites, make these sites just as vulnerable to exploitation or to be used to exploit. In 2007, a virus was found to be embeded in MySpace pages.

Experts are concerned that streaming video will be the next target. What would the effect of a Trojan embedded in a popular YouTube video be?

Using SSL is not a safe guard either. SSL encrypts the data stream from the users PC to the end point and as such, the SSL tunnel is not checked by security solutions. As such, SSL can be used to sneak bots and Trojans past a corporate firewall and onto the trusted networks. Once a bot is installed, it forms botnets that use similar SSL sessions to leak sensitive data and other valuable content out of the corporate network.

Can something be done to protect your organisation?

The first reaction of an organisation is to just deny the services access to the network. This won’t work – many legitimate sites use the services.

Therefore, it is imperative that the security solution in use has the ability to scan any website visited for real-time executable malware. Organisations like PCTOOLS will release regular updates to their products.

Finally, the organisation needs to develop and establish both broad and granular user-based policy controls over IM applications and Skype, without hindering user productivity and application performance. Finally, users must be made aware of Acceptable Use Policies, which should be updated regularly to encompass new Web 2.0 technologies and applications that evolve.

Ad:Learn How To Remove Spyware From Your Computer! 10 Part Video Tutorial to keep your computer clean. See Remove Spyware Videos for more information.

With Valentines Day approaching, users are warned of a fresh outbreak of the Storm (Dorf) Trojan that uses romantic themes to infect the unsuspecting.

Targets will receive emails with Subject lines include “Falling In Love with You”, “Special Romance”, “You’re In My Thoughts”, “Sent with Love”, “Our Love Will Last”, “Our Love is Strong”, “Your Love Has Opened”, “You’re the One”, “A Toast My Love”, “Heavenly Love”, “Memories of You”, “Pages from My Heart”, “Eternal Love” and “A Dream is a Wish”.

The email body contains another phrase from the list of subject lines, plus a URL containing a numeric IP address pointing to a computer that has already become part of the botnet. If the recipient clicks on the link, they are taken to a web page that displays a heart and attempts to download malware onto their PC.

The attack is launched by an organised gang to steal access to PCs for criminal purposes.

PC Tools’ chief threat officer Kurt Baumgartner said a similar campaign occurred last year. “Interestingly, we witnessed a variant of the worm dropping files like burito.ini and burito5e84-1216.sys before killing anti-virus products and adding the victim’s computer to its botnet,” he said.

The malware ini file maintains a list of p2p peer information for maintaining communication throughout the botnet, while the sys file is a driver that injects code deep into the operating system.

Users must ensure that their Anti Spyware and Anti Virus software is kept up to date to ensure they are protected from malware. Most importantly, do not open email from people you don’t know and, if you do open the email – DON’T CLICK ON THE LINKS in the email.

The first scam uses a reference to the recipient’s holiday credit card spending pattern during the Christmas season. The start of this phishing campaign coincides with the arrival of credit card statements and is expected to last until the middle of next month. As usual, social engineering will play a major part in the attack – an email will be received by advising of problems with their credit card transactions and will target the gathering of account information, like account numbers, usernames and passwords. The concern is that people do get confused at this time of year because of the number of transactions conducted over November / December for Christmas.

This information was gathered from SC Magazine.

The second phishing campaign that tries to trick recipients into believing their employer committed payroll reporting fraud. The attack comes as a trojan-laced, socially engineered email run developed by a Romanian-based criminal group. The messages appears to come from the National Payroll Reporting Consortium (NPRG), a nonprofit that provides payroll processing services to employers. The email suggestst that their employer has tried to cut costs by making “numerous misrepresentations regarding worker classification”.

Of course, to rectify the problem, the recipients are urged to fill out an attached form, but the attachment actually contains a trojan that installs a malicious browser helper object that steals user data from web forms. The trojan registers itself to be called every time data is entered into a form, stores it and then sends it to the attacker’s website.

The NPRG have issued a statement on its website and advises people to immediately delete the email if it is received.

More information is available at SC Magazine.

To make sure you are protected from any malware that is contained within Emails or on Websites, use should be made of a quality antivirus / antispyware product, like PC Tools.

To manually remove spyware can be a very daunting process when you consider that each spyware program typically has it’s own list of files you will need to search for throughout your hard disk. If you miss one or more of these components you run the risk of it automatically re-installing itself or causing other programs to work improperly.

Trojan removal has become even more critical with the obvious sign that many computer users have become complacent…as though spyware, adware, and other annoying scripts are too confusing to mess with. Despite the pleas by computer manufacturers and Internet entities to encourage home computer users to use reliable spyware and firewall software, the occurrence of trojan horse viruses and spyware programs are becoming more and more widespread.

Many Trojan viruses have key-logging software embedded in them, which enables malicious users to monitor every single keystroke you make on your computer. This compromises your credit card security, your password security, as well as leads to potential identity theft. It’s easy to see why trojan removal should be of utmost importance when maintaining the health of both your PC and your pocketbook.

Trojan removal, however, should be attempted only with reliable software created for just that purpose. This is where SpyWare Doctor comes in. In addition to detecting and eliminating trojan applications, SpyWare Doctor will also destroy and completely remove spyware, adware and other such programs. Once installed, you will have effectively removed all malicious programs from your computer’s registry keys, win.ini, system.ini files, or other important components on your system.

Features of the registered version of SpyWare Doctor

• Detect and remove spyware, adware, malware, trojans, keyloggers, spybots, adbots and trackware
• OnGuard runs in the background to monitor and protect your PC from browser infections and tracking cookies
• Immunize your system against more than a thousand known web-browser hijackers (BHO) and ActiveX threats
• Real-time protection including defense against known phishing attacks, popup blocking and malicious site guard
• Intelligent and deep scanning options allow you to thoroughly check your PC for Malware infections
• Receive frequent Smart Updates to detect and guard against new threats

Attempting to remove a Trojan virus on your own, without extensive computer knowledge, could lead to serious damage to your system, rendering it useless. When you use SpyWare Doctor for trojan removal, you can rest assured that the offending bugs will be stomped out and cleaned from your computer with no further damage done. However, should you wish to try and remove spyware manually, please consider that trying to do trojan removal manually can be very difficult.

First, many of these spyware and adware programs are specifically designed to hide on a users system from installation (thus the term “trojan”). Don’t be fooled into thinking that the Windows uninstall feature will successfully delete the offending shareware or spyware program from your computer. The basic uninstall features can not remove all of the spyware or adware components properly, and in many cases, it will simply reinstall itself with your next boot.

Successful trojan removal can be very difficult and often impossible for the casual user, especially when you consider how many hidden components and cookies need to be found. And with all of the obscure names and locations, it will undoubtedly become an arduous task.

With the faceless and global environment of the Internet, trojan removal has become even more necessary. Especially when you consider the incredible amount of damage adware, spyware and trojan viruses can do to your system, privacy, and your security. But now you don’t have to do it alone!

Get your copy of Spyware Doctor NOW!

Would you like a Video Series that shows you how to better protect your PC – for under $10? Visit Spyware Videos now.

A Key-Logger is a program that when installed on your PC can record every key stroke of the keyboard which can be viewed by the owner of the PC or another person without the knowledge of the owner.

Key-Logger threats are extreme privacy risks as they can lead to identity theft and financial losses resulting form such theft. These may include theft of credit card numbers, theft of on-line bank login details and many other very serious privacy risks.

There are hundreds of known Key-Logger tools distributed via major shareware download sites. And there are possibly many more that are custom written for the purpose of obtaining confidential information and are not available for download. Key-Loggers are almost impossible to detect without using specialized privacy protection tool such as Spyware Doctor.

How do I know if a Key-Logger has been installed on my PC?

The best way to protect your self against a Key-Logger is not to allow it to be installed in the first place. There are various tools that are designed to scan for a Key-Logger in order to detect it and remove it. Some are very good but most are highly ineffective. The best way to protect yourself from a Key-Logger is to use a software tool that actively guards your PC against threats and also allow scan and removal to be performed on already infected machine. Spyware Doctor is such a tool. PC users can perform scan and removal of known Key-Loggers using Spyware Doctor’s powerful and constantly updated database of known Key-Loggers and various other Spyware, Adware and Malicious software.