Najmi, Just a thought on the subject again. While I am a very big fan of your emails, and in fact look forward to receiving them due to the fact that I hardly get the time to surf my RSS feeds for updates, I feel there is a need to differentiate the content you send to both OWASP and MySec.
OWASP = Web Application Security related items MySec = Everything within the realm of Security. I am a big fan of unity among groups and in fact preach it alot. I hate differentiation but unfortunately for OWASP and MySec, the situation is different. Think of OWASP's domain as a subset of MySec, meaning it only gathers part of what you choose to share with MySec and only should look at Web Application related content. I am forced to bring this up because OWASP is an open group with working professionals both from Gov and Private as well and I am concerned that they might raise the question of why they are getting unrelated content. I'd like your thoughts on this as well as other members. If all of you are ok with non Web Application related content sent to the OWASP list, then I am more than happy. Just concerned with the backlash Najmi. Hope you understand. :-) -BRIAN RITCHIE On Thu, Apr 22, 2010 at 11:08 PM, Muhammad Najmi Ahmad Zabidi < [email protected]> wrote: > > > ---------- Forwarded message ---------- > From: Microsoft Malaysia <[email protected]> > Date: Thu, Apr 22, 2010 at 10:14 AM > Subject: Malware, SPAM and Phishing > To: [email protected] > > > If you are unable to view this HTML eDM, please click > here<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f29e60a2e9d220a4006165bcc1617b310d09e51fd3d666a414342dcfee1d81d262> > [image: > Malware, Email Threats and Phishing - Still a Threat and Getting More > Sophisticated in Nature!] > > In this edition of the Microsoft Security Intelligence Report Series – Part > 3, we will be looking at malicious and potentially unwanted software. > Specifically malware, email threats and phishing attacks. > Malicious and Potentially Unwanted Software > Infection data from several Microsoft security products demonstrates the > highly localised nature of malware and potentially unwanted software. > > In the United States and United Kingdom, Miscellaneous Trojans account for > the largest single category of threat with families such as Win32/Alureon > and Win32/Vundo common in both locations. > > The top threat in France and Italy by a wide margin was the Miscellaneous > Trojans family Win32/Wintrim. > > In China, many of the most prevalent families are Chinese-language threats > such as the browser modifier Win32/BaiduSobar or password stealers that > target players of online games, including Win32/Lolyda and Win32/Frethog. > > Brazil is dominated by Portuguese-language password stealers that target > online users of Brazilian banks, led by Win32/Bancos. > > Spain and Korea are both dominated by worms, led by Win32/Taterf which > targets players of online games. The prevalence of Taterf in Korea may be > due in part to the worm’s propensity to spread easily in Internet cafés and > LAN gaming centres. > > While security software is evolving, so is the sophistication of attacks. > Customers therefore need to ensure they build a defence-in-depth approach to > security and combine technology to ensure the greatest protection. *Microsoft® > Windows® 7 and Windows® Server > R2<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f2f22873822ec887b95376eef14528613d179747ad051bc7fe2fab5fc10ef56a65> > * together deliver security that extends beyond the desktop. > > *Malicious And Potentially Unwanted Software - Geographic trends by system > "location" setting* > Threat categories worldwide and in eight locations around the world, by > incidence among all computers cleaned, 1H09 > > E-mail Threats > The vast majority of e-mail messages received via the Internet are > unwanted. Not only does this tax the recipients’ inboxes and the resources > of e-mail providers, it also creates an environment in which e-mailed > malware attacks and phishing attempts can proliferate. Blocking spam, > phishing, and other e-mail threats is a top priority for e-mail providers, > social networks, and other online communities. > > Here is a snapshot of some facts on email threats around the world in 1H09: > > > - Forefront Online Protect for Exchange (FOPE) blocked 97.3% of all > unwanted messages at the network edge > - The dominant form of spam in 1H09 was product advertisements > - Most spam was sent through botnets or other automated tools > > Using technology like *Microsoft® Forefront for Exchange and > SharePoint<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f2af29925f920e53e40c97ef7b0584fcafa54433cc9017a1e0b8637d04bdb3b57e> > * reduces SPAM entering an organisation’s perimeter and from being > circulated further through email and collaboration servers. > Phishing > Legitimate websites belonging to innocent parties that have been > compromised are often used by attackers to host phishing pages or distribute > malware. In many cases, just visiting these sites can be dangerous, since > attackers often create exploits that can silently download malware to > vulnerable computers as soon as the user loads the page. Installing *Security > Updates<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f2a00816b67182013d3a99dbbb42cd70955cff23dd9c2d522c5622c5e6bb5106d9> > * for the operating system, the browser, and any installed browser add-ons > in a timely manner can greatly reduce users’ chances of being victimised. > > Microsoft maintains a database of known active phishing sites reported by > users of Internet Explorer and other Microsoft products and services. When a > user attempts to visit a site in the database with *SmartScreen > Filter<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f2488d15e128b074ba410b528c8f7d60496ca71e5d6058c89e015c5c4f66cc24be> > * in Microsoft® Internet Explorer 8 enabled, Internet Explorer checks the > URL against the database. If the site has been reported as a phishing site, > Internet Explorer blocks navigation to the site and displays a warning. > Microsoft monitors traffic to the reported phishing URLs and uses the > information to improve its filtering technology and its efforts to track > suspected phishing sites. > > *Malicious Web Sites - Analysis of phishing sites* > Unique attempts at Phishing blocked by smart screen filter in Internet > Explorer 8 > Phishing impressions tracked each month in 2H08 and 1H09, indexed to > January 2009 > > After remaining mostly consistent throughout 2H08 and through April 2009, > the number of impressions suddenly almost quadrupled in May and rose even > higher in June. However, the number of actual phishing sites decreased, with > analysis showing social networking sites the target of 76% of phishing > attacks in 1H09. > > *Malicious Web Sites - Target institutions* > Impressions for each type of phishing site each month in 1H09 > > To find out more about malware, email threats and phishing, *read > the > report<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f219ca985ad5b819b6a118eea43cdf8533be3e06dbeebfcdad961c856fc7dc2160> > * on our site. And do remember to look out for the final part of our > Security Series, Part 4, where we’ll provide some valuable recommendations > on how to keep your *computers, data and your enterprise safe*. > Unsubscribe<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f24cec7f4d564729154473bd98f7d392bfee674daf87c5a39920c77e5416051b96>| > Update > your > profile<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f24cec7f4d564729154473bd98f7d392bfee674daf87c5a39920c77e5416051b96> > © 2010 Microsoft Corporation Terms of > Use<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f2b16d5a314abf791d0be0a2bd102e60f2a4162da62efbf4d391875e2d54cb86fd>| > Trademarks<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f2f6bf09c1705ff6099723e7b0829330beb5a8c86565f2453968ab5847f6d2f8a8>| > Privacy > Statement<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f274643788b3164e97dd5199f22319419b050a7cdb99492b643c9c84daaf8bef39> > [image: > Microsoft] > > Update > Profile<http://click.email.microsoftemail.com/?qs=f808f27e3dd520f237344e7acf647126f973d3d8a9bc5ddb675d3ee14c5557545cb7747ffd014482> > > -- > You received this message because you are subscribed to the Google Groups > "MySecurity" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<mysecurity%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/mysecurity?hl=en. >
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
