Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations that go way beyond today’s ransomware and phishing campaigns.

In a new report, the cybersecurity firm predicted that agentic AI will massively increase attack volume, with automated phishing, fraud, and breach exploitation becoming continuous background operations.

Criminal ecosystems will move from a traditional Cybercrime as a Service model to what Trend Micro called 'Cybercrime as a Servant’, relying on chained AI agents and autonomous orchestration layers to run criminal businesses end-to-end.

“Agentic AI gives criminals a ready-made arsenal that scales, adapts, and keeps working even when the humans disappear. The real risk is not a sudden AI-fueled explosion of crime, but the slow, unstoppable automation of attacks that used to require skill, time, and effort. This shift is already underway,” said Robert McArdle, director of forward-looking threat research at Trend Micro.

“We will see an optimization of today’s leading attacks, the amplification of attacks that previously had poor ROI, and the emergence of brand new ‘Black Swan’ cybercrime business models.”

Researchers said they expect to see more attacks on enterprise cloud and AI systems, as these provide cyber criminals scalable power, compute, AI capabilities, storage, and access to valuable information they can use to run their agentic architecture.

This, the company warned, will introduce new kinds of attacks – many of which are unprecedented, or expected to grow in scale. Meanwhile, agentic cyber crime will influence the overall setup of today’s criminal ecosystem, giving rise to new or enhanced criminal business models and trends.

Looking ahead, Trend Micro said defensive platforms and security solutions will need their own orchestrators and autonomous agents to counter the shift, or risk being overwhelmed.

“For enterprises, this means reassessing security strategy now as well as investing in automation and AI-driven defence," McArdle said.

"Organizations also have to ensure resilience before criminals industrialize their own use of AI, or risk trying to catch up in an exponential arms race that will quickly separate those who were prepared and those were not.”

Agentic AI security warnings ramp up

Trend Micro is by no means the first firm to warn of the looming threat of agentic AI-related cyber crime.

In September, for example, Anthropic admitted that its AI tools had been "weaponized" by hackers to conduct serious attacks against organizations.

The company warned agentic AI is being used across cyber criminal operations, particularly to identify victims, analyze stolen data, and to create ransomware and malware strains.

In a blog post detailing its findings, Anthropic pointed to examples where cyber criminals used Claude Code to automate reconnaissance practices, harvest victim credentials, and penetrate networks at 17 organizations in the healthcare, emergency services, and government sectors.

A similar study from Malwarebytes in early 2025 also highlighted the growing threat posed by agentic AI in cyber criminal operations.

The company’s 2025 State of Malware report said this latest iteration of the technology will “further revolutionize cyber criminal tactics” and enable threat actors to create more potent malware strains.

While warnings over the use of agentic AI among cyber criminals are growing, the use of the technology by defenders offers huge potential, industry stakeholders claim.

AWS CISO Amy Herzog, for example, recently told ITPro that agents will herald a radical shift for cybersecurity practitioners, enabling them to react to attacks in a more efficient manner.

MORE FROM ITPRO

• ‘Slopsquatting’ is a new risk for vibe coding developers
• Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malware
• Agentic AI carries huge implications for security teams

Hackers are exploiting unprotected Docker remote API servers to deploy malware, with researchers stating the threat has reached a “critical level” and warning organizations to act now.

A report from Trend Micro published on 21 October details how researchers observed an unknown threat actor abusing exposed docker remote API servers to deploy the ‘perfctl’ malware.

The attack sequence begins with the attacker pinging servers to establish the presence of a vulnerable Docker remote API server. In the next stage, the attacker was observed creating a Docker container, deliberately giving it a similar name to a legitimate one. 

The container is configured to operate in privileged mode, and the attackers utilized the process ID ‘host’, allowing it to share the same PID namespace as the host system.

“This means the processes running inside the container will share the same PID namespace as the processes on the host. As a result, the container's processes will be able to see and interact with all the processes running on the host system in the same way as all running processes, as if they were running directly on the host,” the report explained.

Attackers then execute the Base64 encoded payload via the Docker Exec API. The payload’s initial goal is to escape the container using the ‘nsenter’ command, which effectively grants similar capabilities as if it were running in the host system.

After the payload is decoded, it checks for duplicate processes and creates a bash script that configures various environment variables to enable the subsequent stages of the attack.

The bash script downloads a malicious binary disguised as a PHP extension, helping it avoid file extension-based detection, which will then perform a number of further actions which kill processes, set permissions, update the PATH environment variable, and execute commands in the background.

Remote access API is handy but presents attackers with a juicy target

The report noted that the malware has a robust persistence strategy utilizing systemd services or cron jobs to ensure it is able to remain active after the system is restarted, making it even more difficult to eradicate.

Trend Micro warned that the exploitation of Docker remote API servers “has now reached a critical level where the attention of an organization and its security professionals is seriously required.”

“It is essential that every organization's Docker Remote API server is secured, monitored regularly for unauthorized access and suspicious activities to reduce the risk of attacks, and has security patches up to date,” the report added.

Katie Paxton-Fear, API researcher at Traceable AI, said this case underscores the risks associated with enabling the remote access API by default.

"While remote access APIs can make management a breeze, easily deploying new docker containers, you should really think twice before enabling it by default. If you are not 100% sure you need this feature, the safest thing to do is disable it. In this case the researchers were able to pivot from a single docker container to the host via a container escape, but if the management API is simply disabled when not in use the vulnerability is completely avoidable.”

Paxton-Fear said that if firms do require the remote management API, they should understand the high level of access it can offer a threat actor if compromised.

“If you do need the remote management API, it's important to remember all management APIs have extremely high levels of access, and can create and modify resources at will so you must ensure you use strong authentication and authorization to ensure that not only can only those with valid credentials access a management consoles, but also that they have the correct permissions,” she advised. 

“This allows you to easily revoke access, but if a user's credentials are leaked, it is also vital to have logging and monitoring in place for docker exec so you are aware when new containers are created and used."

New data has revealed the third quarter of 2024 saw a record spike in cyber attacks, with a significant escalation in terms of the volume and intensity of virtual threats.

Threat intelligence published by Check Point recorded an average of 1,876 attacks per organization, marking a 75% increase compared to the same period in 2023, as well as a 15% rise from the previous quarter.

The number of attacks recorded in this timeframe represents an all-time high, according to Check Point, which described it as “an unprecedented surge in cyberattacks worldwide in the third quarter of 2024.”

Speaking to ITPro, Matt Aldridge, principal solutions consultant at OpenText Cybersecurity, noted that while this represents a peak, he was not shocked by the news given the current state of the threat landscape

“The reported growth in cybersecurity attacks presented here is concerning, but not entirely surprising. We are seeing a steady overall growth in cyber attacks globally, and this data tracks with the current growth curve, although it does seem to have accelerated for this quarter.”

Aldridge offered his view on why we are to see a sustained rise in cyber threats, citing geopolitical unrest and economic uncertainty as well as the adoption and misuse of generative AI systems.

“Growth and acceleration in attacks continues for a combination of reasons, including ongoing conflicts, financial hardship in key regions, developing cyber strength in sanctioned nation states, immaturity of decentralized finance services and increasing abuse of generative AI technology.”

David Sancho, senior threat researcher at Trend Micro, told ITPro that cyber crime remains a highly profitable enterprise, which explains its ongoing growth as law enforcement agencies struggle to deter potential criminals.

“This is largely because cybercrime is very profitable. Thanks to a thriving criminal underground and the rise of criminal offerings like Ransomware as a Service (RaaS) that lower the barrier to entry for cybercrime attackers, cyber attacks can be developed and initiated more easily, and cheaper than ever before.

"Couple that with the fact that prosecuting these crimes requires a lot of coordination among different law enforcement agencies, and you have the perfect storm.”

African organizations bearing the “brunt” of cyber attacks 

Check Point found the education/research sector was by far the hardest hit during the period, receiving 3,828 weekly attacks.

This tracks with findings from the UK Department of Science, Innovation and Technology’s 2024 Cyber Security Breaches Survey published earlier this year, which stated 43% of higher education institutions in the UK reported at least one breach or cyber attack per week over the last year.

The latest Cyber Signal Report, published by Microsoft on 10 October, warned the education sector is “under siege”, stating that its own telemetry recorded an average 2,507 cyber attack attempts per week.

Following education, the other industries Check Point found were being disproportionately targeted by cyber criminals were government/military and healthcare, with 2,553 and 2,434 weekly attacks respectively.

In terms of the geographic distribution of these attacks, Africa was highlighted as an area being given increased attention by threat actors, with an average of 3,370 attacks per week, a 90% increase year on year.

Europe and Latin America also saw substantial increases in the frequency of attacks, notching an 86% and 72% increase year on year respectively, but Check Point concluded that African organizations “bore the brunt” of cyber threats this quarter.

This follows testimony from African-based security specialists claiming the region has become the preeminent “battleground” for state sponsored threat actors testing their new attack techniques against local organizations before deploying them worldwide.

Security experts have raised concerns about a new strain of malware, dubbed ‘Phemedrone Stealer’, that is being used to target Windows PCs through a vulnerability in Windows Defender SmartScreen. 

Analysis from Trend Micro describes how a bypass vulnerability in the Windows Defender SmartScreen, tracked as CVE-2023-36025, is being exploited in a new malware campaign despite a patch having been issued late last year. 

The bypass vulnerability allows threat actors to gain access to a user’s system and circumvent the SmartScreen feature’s checks and their associated prompts.

Phemedrone Stealer is then used to exfiltrate sensitive information from web browsers, cryptocurrency wallets, and messaging platforms such as Telegram or Discord.

The malware targets specific types of sensitive information depending on the source application, researchers said. For example, it harvests passwords, cookies and autofill information stored in password managers and authenticators of chromium-based browsers.

Once stolen, Phemedrone Stealer sends the data to the threat actors via a Telegram channel or the attacker’s command and control (C&C) server.

The report noted that despite the fact Microsoft patched the vulnerability on 14 November 2023, researchers have observed its use in the wild and that a large number of devices globally may still be vulnerable to this attack. 

Evidence of threat actors exploiting the vulnerability in the real world led the Cybersecurity and Infrastructure Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) list.

Here’s how Phemedrone Stealer works

In their analysis, researchers at Micro Trend found the attackers gain initial access via cloud-hosted URLs using Discord or another cloud service such as FileTransfer.io.

The threat actors try to hide their malicious intent by disguising these URLs to look like reputable sites, the report said.

“The files are also often disguised using URL shorteners such as shorturl.at. An unsuspecting user might then be enticed to or tricked into opening a maliciously crafted .url file that exploits CVE-2023-36025.“

Once the malicious .url file is executed, the attackers employ a number of evasion techniques to avoid being detected on the system and complete the delivery of the payload.

Analysis of Phemedrone Stealer itself shows when executed on the victims PC, it decrypts certain items including a Telegram API token, chat ID, and Email_To mutex. 

“This is done using a predefined salt and encryption key and the RijndaelManaged symmetric encryption algorithm. The process involves removing the "CRYPTED:" prefix from the strings, converting the remaining base64-encoded strings into byte arrays and decrypting these arrays to extract the original plain- text values.”

The malware compresses the stolen data into a ZIP file which it can then send to the attacker via Telegram, after validating the Telegram API token using the TokenIsValid method and making an API call to the app’s getMe endpoint.

The analysis concluded that malware strains such as Phemedrone Stealer emphasize the increasing sophistication of such attacks, where threat actors are able to quickly improve their infection chains using the latest critical vulnerabilities in popular software.

New research has shown that more than half of global organisations have had their supply chains impacted by potentially unsecured SMBs falling victim to ransomware attacks.

Security firm Trend Micro’s report showed that 52% of supply chains have been affected by the threat and the vast majority of those surveyed (90%) feel that either their partners and customers or both, are making them a “more attractive target” for attacks.

The same proportion of organisations that were affected by ransomware attacks in their supply chains (52%) also said that said supply chains are “very significantly” or “significantly” propped up by SMBs that may be prone to exercising less secure cyber practices.

Despite this, Trend Micro observed that organisations are reluctant to work with their partners to improve security throughout the supply chain.

“We found that 52% of global organisations have had a supply chain organisation hit by ransomware, potentially putting their own systems at risk of compromise”, said Bharat Mistry, technical director at Trend Micro.

“But many aren’t taking steps to improve partner cyber security,” he added. “The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface.”

Only 47% of organisations share information about ransomware attacks with partners or suppliers and this figure falls even lower to 25% when it comes to general threat information, the survey results showed.

This led to around one in six (15%) IT leaders reporting that they couldn’t be sure if their partner or supplier had ever suffered a ransomware attack.

Ransomware has topped the list of cyber security threats to businesses for around five years but according to Trend Micro, on average 31% of organisations still don’t feel adequately protected against the threat.

The data from other metrics were largely similar across the regions but the confidence in an organisation’s cyber security posture, looking at the data on a region-by-region basis, varied substantially.

Hong Kong was the region with the most confidence in its organisations’ cyber security resilience. An average of the 102 respondents from the region showed just 18% were unconvinced about their security posture, despite it reporting the greatest proportion of organisations by region that experienced a ransomware attack in the last three years (83%).

Other regions were more aware of the situation, such as Norway and 58% of its 105 surveyed organisations reported a lack of confidence in their cyber security resiliency.

This was a more accurate reflection given the 75% of organisations reporting at least one ransomware attack in the past three years - a figure that placed it on the upper end of average compared to other nations.

Trend Micro said that “there is no silver bullet when it comes to reducing ransomware risk in the supply chain”, but there are several important steps that businesses aren’t currently taking.

“The key is first to gain a comprehensive understanding of the supply chain itself and corresponding data flows so that high-risk suppliers can be identified,” it said.

“They should be regularly audited where possible against industry baseline standards. And similar checks should be enforced before onboarding new suppliers.”

Implementing security controls such as least-privilege policies for all devices and services, enabling multi-factor authentication (MFA), scanning open source components for security flaws before building into CI/CD pipelines, and performing regular back-ups, among others, can all go a long way in becoming more cyber resilient.

Trend Micro offers an endpoint protection choice for every business: firms that want to keep it all in house can install Worry-Free Business Security Standard on their own server, while those that prefer a hosted solution can use this fully cloud-based option.

It’s aimed at companies with up to 250 devices to protect, and the price is SMB-friendly. Yearly pricing starts at £58 for two devices, rising to £520 for 25, with each licence covering one Windows or Mac workstation, one Windows server or one mobile device.

All the key security features are present. Along with anti-malware scanning you get protection against web threats, web content filtering, a client firewall, removable device controls and mobile device security. A standout feature of both the standard and cloud-hosted versions is an advanced data-loss prevention module, which comes preconfigured to recognise (and optionally block) 244 different types of sensitive data, including British financial and healthcare information.

Ransomware is very much on Trend Micro’s radar, too. The software subjects suspicious processes to a range of tests including predictive machine learning, behaviour monitoring and new program detection – and if the malware isn’t immediately stopped, the program can also directly detect malicious encryption attempts and undo any suspicious changes made by untrusted programs.

As the name implies, another focus of the Worry-Free suite is keeping deployment and administration simple. The cloud portal is easy to use, with a dashboard that keeps you posted on all client activity, detected security risks and policy violations. Clicking on any of the threat categories takes you straight to the portal’s log page, where you can quickly identify the threat type and which clients are affected.

The one place you might hit a hiccup is with initial client setup, as the email invitation process requires a standalone mail client running on your local system. This isn’t a huge obstacle, though: after logging on from a computer with Outlook installed, we were easily able to email invitations to our Windows 10 users. The messages pointed them to a tiny 7MB executable, and after launching the installer, they had the agent running and connected to the portal in less than five minutes, with settings applied from the portal’s default groups for instant protection.

Agents can then be manually moved into specific groups in the portal, each with custom policies. These define real-time and manual scan behaviour, apply predictive machine learning and use one of three web reputation levels to classify and block suspect web pages. Optional global settings can be applied for malware scanning, approved and blocked websites (which override URL-filtering policies) and password protection to stop users disabling the agent.

Data-loss prevention can be set up here too. We created a policy to block all sensitive data, then tried to use Gmail on a client PC to send an email containing a credit card number. The attempt was instantly blocked and logged, leaving Gmail complaining about a lack of network access.

Mobile protection is a mixed bag. Android devices get malware scanning, plus access to the web reputation service and password controls; if you’re using a Chromebook, you get web threat prevention too. As usual, however, iOS options are far more limited. All you can do is enforce complex unlock passcodes, set expiration limits and apply device lock timeouts.

Even so, Trend Micro’s Worry-Free Business Security Services provides great desktop security, plus exceptional DLP and ransomware protection. For small numbers of users it’s good value, and SMBs will find the cloud portal very easy to work with.

Cyber security researchers have uncovered a new underground business model dubbed 'access-as-a-service' in which access to an organisation's network is sold rather than an exploit or zero-day vulnerability.

So-called access brokers are selling direct access to a company's network in which they're already embedded via shared remote VPN connections. Attackers can pay different sums for varying levels of access.

The business model, discovered and detailed by Trend Micro, could lead to a new way for ransomware operators to launch attacks without having working exploit themselves.

Attackers are now able to buy their way into a network, paying only as much as they need for the right level of access to achieve their objective.

The business model relies on stolen credentials for access brokers to have a viable service and Trend Micro said businesses will have to place a greater emphasis on protecting credential theft to avoid future breaches.

"Access brokers in the criminal underground often advertise this service like it’s a cinema ticket: Somebody buys this ticket, and they get straight in," read the report. "In reality, however, things are a bit different.

"For example, what exactly do customers get in exchange for their money? Sometimes, it’s access to a web shell or a similar straightforward method of getting a command prompt into the compromised network. More often than not, however, it’s just a set of credentials and a VPN server to connect to."

Remote Desktop Protocol (RDP) access and VPN-based access were the two most common products being advertised, primarily in the United States, Spain, Germany, France, and the UK.

After viewing more than a thousand adverts for services online, the most common targets Trend Micro observed were universities and schools (36%), 11% offered access to manufacturing firms and professional services, with other miscellaneous companies comprising the remainder.

Online adverts typically offer access to a company with a broad description such as 'big German energy company', offer details of the level of access available, type of access on offer (RDP or VPN), cost of the service, and in some cases details of the company's turnover and employee numbers.

Prices for services can range between a few US dollars for access to a single machine and six-digit sums for admin credentials to an entire business, but most dedicated brokers don't advertise their prices openly, according to the researchers.

Access brokers are typically advertising their products either on deep web criminal marketplaces, through a network of connections throughout underground forums, and in less common cases dedicated online shops are used for smaller-scale, single-machine access.

Trend Micro made several suggestions for businesses wary of being exploited using this new business model. Monitoring public breaches can be useful in determining if credentials may have been stolen and triggering a password reset for all staff if one is detected.

Enabling two-factor authentication (2FA) for remote staff will also help prevent remote access from criminals, as will closely monitoring user behaviour on the network.

For the most cautious, operating on a zero-trust model and assuming all staff have lost their passwords to criminals before is recommended, applying the necessary security measures where appropriate.

Researchers have discovered bugs in Trend Micro's Home Network Security Station that could let threat actors mount denial of service (DoS) attacks, escalate privileges, and execute code.

According to researchers at Cisco Talos, three security vulnerabilities in the product are labeled CVE-2021-32457, CVE-2021-32458, and CVE-2021-32459.

Trend Micro's Home Network Security Station is a device that plugs into a home router to prevent internet-connected devices from being hacked. Unfortunately, the bugs mean that the device itself can be hacked.

The first two flaws, CVE-2021-32457, CVE-2021-32458, lead to privilege escalation. The former bug exists in the tdts.ko chrdev_ioctl_handle functionality of the product. A specially crafted ioctl can lead to increased privileges. An attacker can issue an ioctl to trigger this vulnerability, causing a kernel panic leading to DoS and leveraging privilege escalation.

The latter flaw is caused by the lack of input validation on a user's ioctl request. The stack-based buffer is smaller than the maximum ioctl request copy size of 0x3FFF and thus overflows. A user can carefully craft input to gain control over a PC due to this copy.

The CVE-2021-32459 flaw is a hard-coded password vulnerability in the SFTP Log Collection Server function of Trend Micro Inc.'s Home Network Security 6.1.567. A specially crafted network request can lead to arbitrary authentication. An attacker can send an unauthenticated message to trigger this vulnerability.

From there, a hacker could create files, change permissions on files and upload arbitrary data to an SFTP server.

"The log server is utilized to dump all information that the device collects back to Trend Micro's infrastructure and can include identifiable information of the networks that the data originated from. The username and password are hard-coded in the core binary of the HNS device as diamond:bahV6AtJqZt4K. On the SFTP server, these credentials can be used to create files, change permissions on files and upload arbitrary data to the server. This could result in the loss of the logs if files are overwritten, or data exfiltration could occur if it is possible to download data," the advisory warned.

Cisco Talos said it worked with Trend Micro to address these security issues. Trend Micro has released an update for affected customers. The researchers didn't observe active attacks on these flaws.

Cloud-based applications are made up of a continuous integration and delivery of APIs, virtual machines (VMs), and serverless functions. Securing these applications, as well as their underlying infrastructure and automation platforms, requires a constant review of threat models in order to gain organisational effectiveness.

Additionally, as security and DevOps continue to converge, cloud security controls are being consolidated and project teams are moving towards a unified strategy to secure cloud-native applications and platforms.

Download this study to:

• Gain insight into these trends from IT and cybersecurity professionals
• Understand the current and future environments of cloud-native apps
• Explore operational challenges and threat landscapes
• Assess the top priorities and approaches for securing cloud-native environments.

Provided by

Trend Micro and Snyk have announced a jointly developed SaaS solution called 'Trend Micro Cloud One - Open Source Security by Snyk'.

This industry-first solution, which targets security operations (SecOps) teams, provides real-time insight into open source vulnerabilities for enhanced risk management.

"Open source software is used in nearly all organizations. This introduces risks from readily exploitable vulnerabilities; an expanded attack surface through which malware and malicious code can gain access, compromising proprietary code and infrastructure; and legal and intellectual property exposures," stated Gartner in its market guide for software composition analysis.

Snyk stated the new Trend Micro Cloud One - Open Source Security by Snyk will help resolve the long-standing cultural barriers between security and development teams with a centralized solution that delivers unique visibility early in the software development lifecycle, further protecting the application stacks.

The new Trend Micro-Snyk SaaS proactively identifies vulnerabilities in licensing, so security teams can better monitor and prioritize risks within DevOps projects. It also corporates an integrated automation feature that helps security teams spot indirect dependencies in their applications.

Over 650 hours of development time can be saved per application through increased automation, according to Trend Micro.

Trend Micro Cloud One - Open Source Security by Snyk is available as part of the Cloud One platform on the AWS Marketplace. Organizations have the option to integrate the service with standard source code platforms, including GitHub, GitLab, BitBucket, Jenkins, and more.

"Together Snyk and Trend Micro are investing in the future of the cybersecurity industry, where security and development teams effectively work together to make their organizations safer," said Geva Solomonovich, global alliances CTO at Snyk.

Solomonovich continued, "Adding Snyk's developer-first security technology to Trend Micro's Cloud One allows more customers to tackle open source risk on a single platform, minimizing the need to manage multiple vendors and tools. We look forward to our continued collaboration with Trend Micro to foster more innovative, effective ways to solve key security concerns for our customers."

Cyber security company Trend Micro has unveiled Cloud One - File Storage Security, a service that secures files directly in the cloud by scanning them as they're uploaded.

The system, which currently supports Amazon Web Services (AWS), is a serverless offering based on Amazon's Lambda function-as-a-service architecture. This means administrators don't need to run a separate virtual machine to support it. Instead, it triggers only when a user uploads a file.

Cloud One —-File Storage Security scans files uploaded to S3 buckets, which are the logical systems that Amazon uses to store objects and files. When it sees a new file upload, Cloud One - File Storage Security scans it for known malware signatures, polymorphic variants, and obfuscated malware. The service supports various files, including JPEGs, MP4 media files, PDFs, and compressed ZIP files.

After completing a scan, the service tags the file with the scan results, and admins can then configure actions based on those results, such as sending an email or calling another serverless function. This enables admins to move a file to a different S3 bucket or delete it altogether, allowing for the creation of post-scan plugins for common operations.

Admins can set up the system using an AWS CloudFormation template, which is a document declaring and configuring collections of AWS services. According to Trend Micro, admins can get up and running quickly with nothing more than the URI for the S3 bucket to scan.

The system only runs on AWS for now, but Trend Micro promises support for Microsoft Azure Blob Storage and Google Cloud Storage soon.

The system will enable development and deployment teams to stand up security services quickly in the cloud, helping them to meet compliance requirements, Trend Micro said. Offering it as a serverless function should enable them to fold it easily into their custom workflows.

Plus, as a cloud-native tool, it should be a useful addition to DevOps workflows and cloud migrations, helping companies to sanitize files as they enter a cloud environment.

This is the latest in a series of Trend Micro Cloud One services that include image scanning for containers, security for serverless functions, network-layer intrusion prevention systems in the cloud, and automated cloud security compliance checks.

A rogue agent within Trend Micro has been selling its customers' data to unknown criminal third parties, the cyber security company has announced.

A blog post on the company's website revealed that a Trend Micro employee was discovered to have harvested the personal details of around 70,000 customers, which they then sold to an "unknown third-party malicious actor".

The insider infiltrated a Trend Micro customer support database containing names, email addresses, support ticket numbers and some customers' telephone numbers. The company stated that it has found "no indication" that the culprit accessed any financial or payment information, and stressed that the attack exclusively affected its consumer customers, as opposed to enterprise or government clients.

Trend Micro was first alerted to the issue in August this year, after customers using its consumer security product started to complain about fraudulent calls from scammers claiming to represent Trend Micro support agents. The subsequent investigation, which concluded at the end of October, identified a specific employee who was immediately locked out of the system and summarily terminated.

"Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls," the blog post stated.

"That said, we hold ourselves to a higher level of accountability and sincerely apologise to all impacted customers for this situation. Based on the current status of our investigation, we believe that all of the consumers who were potentially affected have already received individual notices from Trend Micro, but we will continue to investigate and provide further notices in the event that any further affected customers are identified."

The company has warned customers it will never call them unexpectedly and that any supposed support calls which have not been pre-arranged are the work of scammers. Trend Micro has also reminded customers that any further assistance or technical issues related to the incident should be referred to its technical support team and will be covered by their existing license.

For Paul Watts, Domino's UK & Ireland CISO and IT Pro Panellist, this case underlines the risk that insider threats can pose.

"This is a perfect example of what happens when you focus all your energy on protecting the perimeter of your fortress without considering the potential enemy from within," he said. "It is never an easy conversation to have but when it comes to insider threats in your business, trust isn't enough to manage the risk to any level of adequacy."

Trend Micro could also find itself in hot legal water over the breach. Supermarket chain Morrisons is currently embroiled in a Supreme Court battle over whether or not it is liable for the actions of an employee who stole and leaked the data of tens of thousands of staff members; if the case does not go in its favour, companies like Trend Micro who get hit by insider data breaches could find themselves sued by victims.

Botnets were originally invented as simple docile systems, designed to run tasks repeatedly. They were so good at it, however, that they soon quickly became a technology of interest for the wrong types of people.

Essentially, botnets (the malicious ones, at least) are made up of an army of infected machines and they grow by infecting new targets, such as PCs, smartphones, tablets, and all kinds of internet-connected devices - from smart doorballs to coffee machines.

The earliest uses of botnets can be traced all the way back to before the millennium, and they've changed significantly in the years that followed. What we know as botnets today are far more sophisticated, and dangerous.

There are countless computers around the world that are currently under botnet control, with thousands of operations still active despite numerous and successful takedowns.

What we've described above, however, doesn't even scratch the surface of what a botnet is, nor what it's capable of. For a full, in-depth look at the technology, we've rounded up all you need to know about them.

Not all botnets are bad

Now, as mentioned above, they're not inherently bad, often they used to perform much of the background work and repetition that goes into the delivery of online services.

The problem came when someone worked out a way to mobile these types of networks against other ones. From then on, countless botnets have emerged to cause havoc for a relatively low cost attack.

The purpose of a botnet is to self-propagate, spreading to machines and infecting them with a Trojan that typically sits idle and remains hidden until activated. Once switched on, an infected system will go to work in tandem with other devices on the bot network, pooling resources into a single action.

What that action is depends on the purpose of the botnet. It's common for criminals to use the processing power of an infected machine to launch distributed denial of service (DDoS) attacks against other networks.

Yet most the of work performed by botnets is behind the scenes. They're often deployed to churn out spam emails to millions of users, usually laced with Trojans designed to ensnare new devices. Botnets can even be hired to bombard a website with traffic to artificially inflate a site's visitor rate.

Analysing the economic impact of botnets

Historically, botnets targeted online financial institutions as that's where the money is at. Today, currencies have spread to all corners of the internet, making every business a target.

Business intelligence is one crucial, but previously overlooked area for organisations. Now, firms are finding more utility in analytics tools than ever before and certainly rely on such insights to remain competitive.

Botnets armed with an array of weaponry are wreaking havoc with such data, rendering much of it meaningless and causing harmful economic repercussions.

Web-scraping bots can copy copyrighted or trademarked data and reuse it on other websites. Two versions of the content diminish your site's search authority, negatively affecting SEO rankings.

Disrupted denial-of-service (DDoS) attacks can disrupt applications and networks, making them unavailable and creating false leads which affect traffic metrics. Poor marketing decisions may be made as a result.

Advertising fraud occurs when bots click on advertisements. Consequently, data reported to the advertisers is skewed, costing money for non-human clicks leading to no additional revenue.

Customer trust can deteriorate as inboxes are filled with unwanted mail, fake social accounts relentlessly pushing biased views, and controversy is stirred through comments and vote-rigging. Frustrated customers are usually not long-term customers.

Whether in the form of an unresponsive website, traffic being redirected to a competitor, sales chasing false leads or paying for more ad clicks, botnets cause a failure in business intelligence that directly correlates with a negative economic impact on the organisation.

Where did botnets come from?

It's unsurprisingly difficult to pinpoint the moment where botnets became a reality, but Sub7 and Pretty Park, a Trojan and a worm, are seen as malware that helped to fuel the rise of the botnet.

They were spotted just before the turn of the millennium and introduced the concept of an infected machine connecting to an internet relay chat (IRC) channel to listen for malicious commands.

One of the next significant moments in the botnet timeline was the emergence of the Global Threat bot, otherwise known as GTbot, in 2000. This was a new breed of botnet, capable of running custom scripts in response to IRC events. It also had access to raw TCP (transmission control protocol) and UDP (user datagram protocol) sockets, so it was perfect for simple denial of service (DDoS) attacks.

Another significant development came in 2002 when Agobot emerged. This introduced the concept of a staged attack, with payloads delivered sequentially. An initial attack would install a back door, the second would try to take out antivirus software and the third blocked access to security vendor websites.

Bredolab, one of the largest botnets ever recorded, emerged in 2009 with an estimated 30 million bots under its control. A network of this size was capable of sending out 3.6 billion malicious spam emails every day.

Then, in 2016, we saw the rise of Mirai, a notorious botnet that's widely believed to have been behind the attack on the Dyn network in October of that year, which saw Spotify, Netflix, Amazon and others taken offline. Since then the botnet has evolved; in March 2019, for example, a new Mirai variant that targeted vulnerable business devices was uncovered.

Social botnets

Hackers have been forced to evolve the way they build botnets over the years, most notably in the early 2000s when a shift was made from IRC communications to peer-to-peer.

IRC communication had proved highly effective, however, security researchers soon found they could simply blacklist the IRC command and control (C&C) to kill off the botnet.

Hackers, being the savvy denizens of the virtual world that they are, looked to P2P networks instead to decentralise the command and control infrastructure. In the case of the Waledac botnet, zombie machines were used to provide a P2P network that effectively hid the key servers. This effectively made it near impossible to disrupt their operations.

Future botnets

As botnets evolved, so did their ability to disrupt. The Cutwail botnet, active in 2007, introduced further camouflaging techniques and has made a significant mark in the growth of the botnet industry.

Cutwail included the concept of backup connections, allowing each bot to cryptographically generate alternative hostnames for their command and control servers on a daily basis.

The Conficker botnet, which appeared in 2008, adopted a similar technique and was capable of generating 50,000 alternative names every day.

Continual developments such as these have helped cyber criminals conceal their botnet activity, leaving law enforcement at a loss.

Taking on the bad botnet

It has not been a completely easy ride for cyber criminals, however, and there have been some major busts in recent times.

The McColo takedown in 2008 was one of the most famous. The hosting firm was taken offline after a Washington Post reporter contacted two of the company's internet service providers to warn them of malicious activity going through McColo servers.

The provider was found to be hosting command and control servers for a number of big-time botnets, including both Rustock and Cutwail.

When McColo was pulled off the internet that November, a global drop in spam levels of almost 80% was reported. However, spam would soon return to its previous prominence soon enough.

More recently, following an investigation by the FBI, the mastermind by the Kelihos botnet was arrested in 2017 while holidaying in Spain. Russian hacker Peter Levashov was thought to have orchestrated the activities of as many as 300,000 enthralled computers.

The dismantling of the network was only made possible thanks to fresh powers granted to the FBI allowing it to remotely access computers that it's unable to physically confiscate.

Perhaps the largest botnet takedown took place in December 2017, when the two-million strong Andromeda army was silenced by a joint task force comprising agents from the FBI, Europol's European Crime Centre, Eurojust, the Joint Cybercrime Action Task Force, as well as representatives from private organisations such as Microsoft.

The Andromeda botnet was thought to have involved in the propagation of at least 80 different families of malware with a global reach, making it one of the most complex takedown operations in recent times.

How do you protect yourself?

The most important, and perhaps obvious step all users should take is making sure they have the latest security software installed on a PC or network. Most security vendors today have some sort of built-in malware detection and removal tools as standard and should be switched on at all times.

But basic security hygiene is also highly recommended. Always be vigilant to emails that are from outside your organisation or from those you don't know, particularly if they arrive with attachments. This is a favoured way to spread Trojans and it's possible your system won't pick up on the infection.

It's also highly recommended that you keep all your devices updated with the latest security patches. These are significantly more important than new feature patches, as they tend to plug system holes that are either being actively exploited by hackers or are likely to be in the near future.

Generally, botnets favour those targets that are easy to reach, and quick to infect, and even basic security measures are usually enough to thwart an attack.

Like most forms of cyber crime, however, bringing an end to botnets is inconceivable.The real task is to simply try to come out victorious in each battle, all the while accepting the fact that the war can never be won.

They say that only two things in life are certain, death and taxes. But in the world of enterprise security you can add a third element to this mantra: you will get breached.

The evolutionary fight between cybercriminals and their targets grows more intense with every year that passes. The attackers develop new and more insidious weapons,which security firms and their enterprise clients try to defeat with new and more complex defences.

But, how did we get to this point and is there any way to break the cycle - or, at least, make things a little simpler for those operating on the right side of the law?

Our latest report, brought to you by IT Pro, in association with Trend Micro, aims to provide answers to key questions and help you navigate the increasingly complex security maze.

We've blended real-world insight with practical guidance and hope you fnd the report very useful going forward.

Download your copy of the report here

BigTec UK has struck a distribution agreement with Nuage Networks from Nokia, a provider of software-defined networking (SDN) solutions for enterprise datacentres.

The deal was announced at the BigTec Live 2016 event in London, along with more details about the full BigTec UK reference architecture. Big Tec UK will distribute the full Nuage Networks portfolio, which today includes the Virtualised Services Platform (VSP), Virtualised Network Services (VNS) and Virtualised Services Assurance Platform (VSAP).

“The inconvenient truth about datacentre virtualisation is just how tough it becomes to manage multiple hypervisors, multiple clouds, and an explosion in the number of virtual endpoints,” says Jason Dance, managing director at BigTec UK.

“With Nuage Networks SDN technology, organisations no longer will find it prohibitively complicated to scale up and harness the true power of their underlying networks. Nuage Networks provides great opportunities for our reseller partners, and works in tandem with our other vendor technologies – particularly security and software defined WANs.”

The vendor says its SDN overlay helps large enterprises simplify network operations, deploy applications with more agility and adapt network services instantaneously to match changing IT demands.

“The UK is a growing market for Nuage Networks, as large enterprises continue to adopt cloud and virtualisation technology. To meet growing and rapidly changing IT needs, enterprises must make the network infrastructure as dynamic and easily consumable as the compute infrastructure,” says Charles Ferland, VP, business development, Nuage Networks. “With BigTec’s skills and relationships, we will build a committed cohort of local partners and help them succeed.”

BigTec says it will provide demand creation marketing activity, events as well as technical pre-sales and support.

See also:

Software Defined Networking: A quick guide

Trend Micro has announced the acquisition of intrusion prevention system company HP Tipping Point for an estimated $300m (195m).

TippingPoint will enable Trend Micro to offer a complete intrusion prevention and breach detection solution to safeguard businesses against increasing threats to their data. The integrated security software will cover endpoints, network, data centre and the cloud and will be distributed via Trend Micro's new Network Defense division.

Organisations remain at risk of large-scale cyber threats and businesses should have the systems in place to prevent, detect and respond to threats, Trend Micro said.

However, hackers and cyber criminals are increasingly able to circumvent many of the measures put in place, taking control of sensitive data using internal networks.

"To face this problem, organisations need a layered threat defense working seamlessly across the enterprise to address threats before, during and after an attack," said Eva Chen, CEO, Trend Micro.

"As an ideal complement to our market-leading protection for data centers and endpoints, this new next-generation network defense solution combines our best-in-class network breach detection system with proven intrusion prevention and response capabilities from TippingPoint. "

Trend Micros's combined intrusion protection and breach detection solution means if a compromise occurs, the system can quickly detect it and put measures in place to prevent escalation and further damage occurring.

"This acquisition complements Trend Micro's current threat defense expertise, extending its strength in endpoint, cloud, data center and breach detection to the network," said Mike Spanbauer, vice president of research, NSS Labs.

"By combining two strong brands, this move accelerates Trend Micro's enterprise position into a non-competing segment, and provides a single, complete threat defense solution for enterprises seeking to make a critical security investment."

With less than 24 hours to go until the Windows 10 launch, Microsoft has released yet another patch for the new operating system, this time to fix a bug introduced by a patch brought out over the weekend.

The original patch, KB3074681, was pushed out on Saturday and brought in various unspecified bug and security updates, but complaints that it was crashing Windows Explorer soon started coming in.

According to WinSuperSite, the error occurred when users on build 10240, the RTM build that will be generally release tomorrow, tried to disable an active network adapter or uninstall a program using the path Programs and Features>Uninstall or change a program.

Gabe Aul, general manager for the OS Group Data and Fundamentals team, told WinSuperSite that "a fix is in the works for this [bug] and will be pushed out soon". True to Aul's word, the new patch, KB3074683, was rolled out overnight specifically to fix this problem and, by all accounts, does work. The buggy update has since been withdrawn.

Emergency update

While these latest updates fix minor issues, another patch released last week for Windows 10 and all other currently supported systems, was far more significant.

The emergency, out of band patch fixed an exploit first discovered by surveillance firm Hacking Team.

The patches, named MS15-078 for Windows Vista through to Windows Server 2012 and KB3074667 for Windows 10, fix a remote code execution vulnerability in the Windows Adobe Type Manager Library. The hole, which has been given the reference CVE-2015-2426, could be used by hackers to escalate privileges and remotely control a system if the user opened a specially crafted document or visited a website that uses OpenType fonts.

This is the third Windows vulnerability patch related to information released in the massive Hacking Team data breach, which saw 400GB of stolen documents leaked online. Included in those documents was information on zero-day vulnerabilities it had discovered in Windows, which were sold as part of its "offensive security" software that allowed unauthorised users to gain access to and collect data from systems undetected.

Since the leak at the beginning of the month, security researchers have been scouring the data to identify and patch the vulnerabilities documented within. Thanks for this particular discovery can be laid at the door of Trend Micro, which published a detailed analysis of the threat on its Security Intelligence blog.

According to Microsoft, however, while the exploit was listed in Hacking Team's documents there is no current evidence it has ever been used in an active attack.

While the out-of-band patch will protect all currently supported Windows desktop and server operating systems, those using older software such as Windows XP or the recently expired Server 2003 will not receive the update, meaning they will remain vulnerable to potential attack.

Online and mobile ads are one of the biggest threats IT security this year, Trend Micro has revealed in its Q1 2015 roundup.

The company's latest report, Bad Ads and Zero-Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices, has revealed that adware on mobile devices is the top threat in the mobile category - although Trend Micro has identified a mammoth five million Android threats to date. It is, however, predicting this will rise to eight million by the end of this year.

Zero-day exploits are the biggest threat to desktop systems, but again, these are related to advertising and, in particular, are being used on adverts in Adobe software. This means victims don't even need to head to a malicious site for their computer to be infected.

Raimund Genes, CTO at Trend Micro said: "It is clear 2015 is shaping up to be noteworthy in terms of volume, ingenuity and sophistication of attacks... It is clear businesses and individuals alike need to be proactive in protecting against threats. As a business, how would your IT-Security policies look like in a Zero Trust Environment? An aggressive and different security posture is critical to keep financial, personal and intellectual property safe."

In the enterprise space, Trend Micro said the healthcare sector was most at risk of cyber attacks, specifically in iOS and POS system applications. However, these types of threats have existed for the last few years and it would appear that their widespread nature is down to companies not being prepared for such assaults.

Genes finished: "The question we have to ask is, are we doing enough to protect ourselves from security threats? While we need to constantly update our systems to protect against new attacks, the first quarter of 2015 clearly showed we need to also watch out for older threats, and how no industry or system should feel exempt."

Trend Micro has bolstered its UK distributor line-up with the addition of e92plus, in a move to expand its partner network and grow midmarket sales.

Based in Surrey, and with additional offices in Manchester and the Netherlands, security distributor e92plus joins existing Trend disties Arrow ECS and Blue Solutions.

The vendor says its chose e92plus after “a rigorous selection process”, citing its skills at delivering quick growth and partner enablement for midmarket resellers.

James Munroe, channel sales manager, UK & Ireland at Trend Micro says it will be working with e92plus to provide “a wide breath of technical and marketing resources as well as closely align our channel team to show our ongoing commitment to this partnership.”

Mukesh Gupta, MD at e92plus, describes Trend Micro as “a perfect complement to our product range that covers huge growth areas of security, virtualisation and data protection.”

Trend Micro announced a major expansion in its UK channel team last year, comprising a three-fold increase in regional account managers (RAMs) and a doubling of its technical sales team.

It also launched a global channel programme that it said combines the best elements from its regional programmes.

Spyware targeting iOS 7 and iOS 8 devices has been uncovered by security firm Trend Micro, who claim it could be used to steal users' text messages, photos and contact data.

The surveillance software is one of a number of tools used by members of Operation Pawn Storm, an ongoing cyber-espionage project targeting government, military and media organisations.

"The actors of Pawn Storm tend to first move a lot of pawns in the hopes they come close to their actual, high-profile targets," the company said in a blog post.

"When they finally successfully infect [one], they might decide to move their next pawn forward: advanced espionage malware."

The spyware highlighted by Trend Micro falls into the latter category, and tends to be installed on devices that have already been compromised in the form of two malicious applications - XAgent (detected as IOS_XAGENT.A) and the one using the name of a legitimate iOS game, MadCap (detected as IOS_ XAGENT.B).

Their aim is to spy on activities of iOS device users and in the process steal their personal data, take screenshots, record audio and pass this data on to a command-and-control (C&C) server somewhere.

While the spyware works on iOS 7 and iOS 8 devices, its modus operandi depends on the operating system being used.

"After being installed on iOS 7, the app's icon is hidden and it runs in the background immediately. When we try to terminate it by killing the process, it will restart almost immediately.

"Installing the malware into an iOS 8 device yields different results. The icon is not hidden and it also cannot restart automatically. This suggests that malware was designed prior to the release of iOS 8 last September."

Interestingly, iOS devices do not need to be jailbroken in order to fall victim to this malware, Trend Micro added, and infection could be caused by connecting them to another compromised piece of hardware.

"One possible scenario is infecting an iPhone after connecting it to a compromised or infected Windows laptop via a USB cable," the blog post concluded.

The coming year will see cybercriminals increasingly harness the anonymity of the dark net to pedal malware and organise attacks, Trend Micro has warned.

The security vendor made the prediction in its latest report, which sets out how the threat landscape is anticipated to evolve in 2015.

In anticipation of this uptick in the dark net's use, the report says law enforcers and IT security firms will need to adjust their approach to tackling cybercrime accordingly.

"As the bad guys move deeper into the web, security firms and law enforcers need to extend their reach as well to cover the Deep Web and darknet services," the report states.

"This will require greater effort and investment... [and] lawmakers worldwide, meanwhile, need to agree on what constitutes cybercrime to aid enforcers, regardless of jurisdiction, to bring the bad guys to justice."

The report also warns users of open source apps and technologies to prepare themselves for a further onslaught of attacks aimed at exploiting vulnerabilities found in them over the coming year.

This comes on the back of the Heartbleed and Shellshock IT security scares that emerged in 2014, which were heavily exploited by hackers despite being undetected in the software for many years.

"Attackers will continue their search for seemingly dormant vulnerabilities like Heartbleed and Shellshock in the coming years," the report warns.

"They will keep tabs on oft-forgotten platforms, protocols, and software and rely on irresponsible coding practices to get to their targets."

Furthermore, cybercriminals will become increasingly compelled to target open source platforms as makers of proprietary operating systems and software continue to tighten up the security of their software.

"Continuous security improvements in Microsoft Windows and other big-name operating systems will lead to a decline in [the] number of vulnerabilities [found in them]. This will push attackers to instead focus on finding vulnerabilities in open source platforms and apps," the report continues.

"Individuals and organisations can, however, stay protected by regularly patching and updating their systems and software."

Security vendor Trend Micro has today launched a new channel programme for its 50,000 partners globally.

The firm claims the new tiered Trend Micro Partner Programme combines the best elements from its regional programmes. It includes an enhanced compensation structure, deal protection for Gold and Platinum partners and the extension of deal registration to include Bronze partners that have completed one or more specialisations.

Trend claims there are particular opportunities for partners of strategic alliance partners such as AWS, HP, IBM, Microsoft and VMware.

The Japanese company has also introduced a referral partner programme to target ‘born-in-the-cloud’ technology firms, and dedicated channel account teams, equipped with common standards, processes and performance measurement guidelines, to help ensure partners capitalise on business opportunities.

“After a comprehensive evaluation of our programmes, we’ve applied best practices from around the globe to establish a common structure for a single, more cohesive program that can help our partners drive sales like never before,” expalins Partha Panda, VP of global channels and strategic alliances, Trend Micro.

“We are confident that this new approach will allow them to more quickly identify and respond to business opportunities for our comprehensive security solutions. Most significantly, it will enable us to replicate successful initiatives across all regions to help partners grow their business and increase profitability.”

As part of the roll-out, Trend says it has also simplified its education programme, which provides two levels of training and certification.

In addition, it has refreshed it partner portal to offer new sales and marketing tools. Further, Trend says it is developing a new partner portal that will provide improved deal registration, content syndication and social media network access, as well as quicker access to support, and other enhancements.

Distributor Arrow recently announced it was targeting MSPs with the addition of Trend Micro’s portfolio to its ArrowSphere xSP Central platform.

Trend says roll-out of the new programme will be completed by Q1 2015.

Facebook is partnering with F-Secure and Trend Micro to offer an extra level of security in its quest to keep the service a safe place to network.

The company announced in a blog post that it would be adding malware detection and the opportunity to download and run either Trend Micro's or F-Secure's solution to remove the threat on computers, phones or tablets.

If malware is detected following a quick scan, the user will get a pop up with a recommendation from F-Secure or Trend Micro asking if they would like to use F-Secure's malware scanning and cleanup technology or HouseCall from Trend Micro to eradicate the threat.

Once the threat has been cleaned up, the software will remove itself from the user's system. Social networkers with an infected device are able to skip the malware removal, but they will be prompted later if a threat is detected again.

Chetan Gowda, a software engineer on the site integrity team at Facebook, wrote in the blog: "Although a single product isn't sufficient to defend against all modern security threats, the general recommendation persists because the technology remains effective in blocking categories of known threats and cleaning up malware infections if they find their way onto your computer.

"Since resolving a malware problem is a little bit different each time, we're committed to working with our partners to give people on Facebook the help they need in keeping their information secure."

Facebook has made user security one of its main focuses this year, introducing a ThreatData security tool which collects information about threats on the internet in arbitrary formats, stores the information and makes it "accessible for both real-time defensive systems and long-term analysis."

Every one of the 12,500 secondary school pupils in St Vincent and the Grenadines will soon have access to a computer of their own at home and school.

Tech giants Acer, Microsoft and Trend Micro have come together on the deal, which has been spearheaded by IT Pro's (and Dennis Publishing's) owner and publishing and business guru Felix Dennis.

By giving these children access to leading edge technology, the initiative aims to level the playing field and help inspire and encourage the next generation while also boosting the local economy of St Vincent and the Grenadines.

The scheme can be traced back to last summer when the Prime Minister of St Vincent and the Grenadines, Dr The Hon. Ralph Gonsalves, made contact with Felix about how best to put state-of-the-art hardware and software into the hands of local children. Together, the two discussed and embarked on plans to provide a secure environment - in the form of the classroom - for children to unleash their creativity and hone their business and other skills.

Felix instructed a team at Dennis Publishing - which is the UK's largest publisher of technology titles - to bring the scheme to life, whilst ensuring criteria such as usage, longevity and security were met. Manageability of the technology was also key and it needed to free from the shackles of traditional IT management demands.

Industry specialist Carteme was also enlisted to help choose the right products for the job, while Westcoast - which has forged fantastic industry partnerships with the likes of Acer and Microsoft - was also brought onboard to help the scheme achieve its goals.

"This project is the result of two extraordinary partnerships; one between the government of St. Vincent and the Grenadines, the maestro' Felix Dennis and his team at Dennis Publishing, Acer, Microsoft, and Trend Micro; and the second between my government and the Bolivarian Republic of Venezuela led first by Hugo Chavez and then by Nicholas Maduro which provided the financing," said Dr The Hon. Ralph Gonsalves.

"The special personal relationships between Felix, on the one hand, and between Hugo, Nicholas and me, on the other, were instrumental in putting together this amazing project. I thank them and everyone else who has been engaged in it."

Within the next two months, 12,500 Acer TravelMate laptops running Microsoft Windows 8 and equipped with Trend Micro security tools will be winging their way to the pupils.

Felix and his team plan to follow the pupils and the achievements of the scheme over the next year to see just how successful it has been in achieving its aims and transforming the life skills of the students.

"We're delighted that this scheme has come to fruition. The hope of all the partners is that this programme can demonstrate what passionate companies can do when they work together on such a worthy cause. We all hope that St Vincent and the Grenadines becomes a fantastic testimonial for what technology can do to inspire children and a new generation. We hope that this could be the start of similar programmes in the future," added Julian Lloyd-Evans, managing director of advertising at Dennis Publishing, who helped broker the deal.

"The St Vincent and the Grenadine Government, Dennis Publishing and Felix Dennis would like to personally thank Carl Oxley from Westcoast Distribution, Simon Hallworth from Carteme, and our fantastic partners at Acer, Microsoft West Indies and Trend Micro, for their patience, tenacity and help in putting this programme together."

Sensitive business data is being put at risk by the thoughtless behaviour of employees, a new report by Trend Micro has found.

The survey of 2,500 UK adults, published in a report entitled Britain's culture of carelessness with mobile devices, found over a quarter of smartphone users have had up to three work devices lost or stolen, and 63 per cent have no password protection on their phone at all.

The Tube is the most likely place for a phone to be lost or stolen in London (26 per cent), with the District and Circle lines proving to be particular blackspots.

A bar is the second most likely place for a smartphone to disappear (22 per cent), followed by a cafe (11 per cent) and a restaurant (8 per cent), according to the report.

At a roundtable to discuss the report's findings, representatives from Trend Micro, information security consultancy First Base, and law firm Taylor Wessing said the implications were clear for business.

James Walker, a security specialist at Trend Micro, said: "We talk about a watering hole from the point of view of compromising a website, [but if I were a criminal] I could know a bar where a certain target organisation would drink in after work, I could steal a mobile phone that's not password protected, send out a lot of phishing emails to lots of contacts within the organisation... and compromise a lot of people."

Vinod Bange, a partner at Taylor Wessing, added: "If you have an employee within an organisation who kept going to the accounts team and saying can I have 300 from petty cash please?' and came back the following day saying I lost it, can I have another 300?' and then the next day said sorry, I did it again, can I have another [300]?' Who would do that?

"That is because cash is treated in a very particular way and it is about time organisations drew that link to treat information assets, whether it's personal data, confidential IP, or whatever it happens to be with the same degree of [restrictions]."

The report also examined the potential for data loss when using public Wi-Fi hotspots.

A team of ethical hackers from First Base used apps that were openly available on Google Play to clone a recognised Wi-Fi network, which volunteers' devices would then connect to automatically.

A hacker using this type of attack, known as an evil twin', is then able to see all the data sent, including sensitive corporate data and things that would normally be encrypted, like passwords. They could also restore sessions, to further mine data collected during the attack.

The volunteer victims' involved in these experiments said they felt scared that such an attacking method exists and that their privacy had been violated, even though it was just a simulation.

Android phone users should tread carefully when downloading apps, as figures suggest the number of malicious apps for the platform will hit the one million mark this year.

According to figures from security vendor Trend Micro, the first six months of 2013 saw a surge in the number of malicious Android apps, as hackers continue to set their sights on Google's increasingly popular mobile operating system.

Its figures suggest the number of malicious Android apps has increased by 350,000 during the first half of 2013, and now totals 718,000.

In light of this, the security firm said it expects there to be more than a million malicious Android apps before the end of the year.

"Malware has even been found on the official Google Play store, making security software no longer a nice-to-have for Android handset owners, but an increasingly essential tool to prevent malicious downloads," said Trend Micro in a statement.

JD Sherry, vice president of technology and solutions at Trend Micro, said the fractured nature of the Android ecosystem makes it hard for users to protect themselves from threats.

"It is very difficult for patches to reach all users in an effective timeframe. In some cases, users will never get the patches as vendors leave their customers at risk of attack," claimed Sherry.

"Until we have the same urgency to protect mobile devices as we have to protecting PCs, this very real threat will continue to grow rapidly.

"At the rate this malware is accelerating almost exponentially we appear to be reaching a critical mass," Sherry added.

As well as mobile threats, the company's Q2 Threat Report also flagged a marked rise in online banking malware, from 113,000 infections to 146,000, as well as an increased prevalence of malicious toolkits being traded on the black market.

Many of these are being offered online free of charge or as part of a two-for-one deal, the company claims.

"Making toolkits more affordable in this way will increasingly democratise the means to launch attacks and cause havoc for internet users and businesses," the company claimed.

The Zeus malware has re-emerged and is being used by criminals to steal financial information, according to IT security company Trend Micro.

The firm claims the malware has re-appeared amidst a spike in numbers of active threats in the wild and has predicted that this year will be characterised by slightly modified old threats resurfacing, with new features added in order to avoid detection and infect more systems.

The Zeus or ZBOT variants began to increase from the beginning of February, according to Trend Micro's Jay Yaneza.

"ZBOTvariants surged in the beginning of February and continued to be active up to this month. It even peaked during the middle of May 2013. The malware is designed to steal online credentials from users, which can be banking information or other personally identifiable information (PII)," said Yaneza in a blog post.

Yaneza warned that this variant of the Zeus malware was now more dangerous as it uses advanced techniques to avoid detection by security systems.

"ZBOTmalware of this generation are found to be mostly either Citadel or GameOver variants. Unlike earlier versions, the mutex name is randomly generated," said Yaneza.

"Both variants send DNS queries to randomised domain names. The difference in GameOver variant is that it opens a random UDP port and sends encrypted packets before sending DNS queries to randomised domain names. Zbot malware connects to a remote site to download its encrypted configuration file."

He said that these configuration files contain banks and other financial institutions that ZBOTs monitor in browsers.

"Since configuration files are downloaded from remote sites, the contents of these files may change any time. Malicious actors can change the list of sites they want to monitor on the affected system."

The firm said that there are ways to stop the Zeus malware in its tracks.

"There are several avenues for detecting ZBOT variants. First, as the malware tries to write to the registry Userinit' entry in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Secondly, detecting the call-back routine to the remote site upon execution, as it acquires its configuration file," he said.

Yaneza said that old threats like ZBOT can always make a comeback because cybercriminals profit from these. "Peddling stolen banking and other personal information from users is a lucrative business in the underground market," he said. "It is important to be careful in opening email messages or clicking links. Bookmark trusted sites and avoid visiting unknown ones."

Microsoft is warning users to be on the lookout for fake Java updates that will download malware onto their computers.

The cybercriminals behind the malware seem to be tapping into the current awareness of problems with Java, after several exploits were found in web browser versions of the plug-in.

"Cybercriminals often use fake virus alerts to lure you into buying fraudulent antivirus software," said Microsoft employee Eve Blakemore in a post on the company's blog.

Users must seriously consider their use of Java. Do they really need it?

"In the case of the fake Java updates, cybercriminals are taking advantage of news about security vulnerabilities in Java and recommendations to update Java immediately.

"We agree that if you use Java on your device you should update it directly from the Oracle website," Blakemore added.

The problem was first reported by anti-virus giant Trend Micro, which said it had been alerted to a piece of malware posing as Java Update 11.

Paul Pajares, fraud analyst at Java, said in a blog post: "The fake update in question is javaupdate11.jar (detected as JAVA_DLOADER.NTW), which contains javaupdate11.class that downloads and executes malicious files up1.exe and up2.exe.

"Once executed, this backdoor connects to a remote server that enables a possible attacker to take control of the infected system."

Trend Micro also observed JAVA_DLOADER try, unsuccessfully, to download a ransomware Trojan to the user's computer.

Pajares claims while the malware installed via the fake update does not exploit any java-related vulnerability, it is "clearly piggybacking on the Java zero-day incident and users' fears."

Pajares said users might be better off ditching Java completely.

"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it?" he said.

Security vendor Trend Micro has shed some light on the scale of the malware problems blighting Android users, after discovering 350,000 threats to the mobile platform in 2012.

The company claims there was nearly five times more malware found on Android devices during 2012 than on Windows-based ones.

Criminals will be looking for ways to exploit other connected devices in the future.

"Malware growth reached [a ratio of] 14:3 for Android verses PC [in 2012], and it only took Android three years to reach the PC volume of malware threats achieved within 14 years," said Trend Micro in a statement.

The company claims that only a fifth of Android device owners have a security app installed on their smartphone or tablet, which could spell trouble for users in future.

"By the end of 2012, there were 350,000 threats facing this relatively new mobile platform...[and] Trend Micro predicts that Android threats will increase to one million in 2013," the company added.

The firm's Android security findings formed part of a wider investigation by Trend Micro into the threats PC and mobile users faced in 2012.

Other issues flagged by the firm include the risk posed to enterprises by social media sites, data breaches and attacks on Oracle's Java platform.

"Social media platforms continued to grow as areas of concern with attackers targeting them more, users putting themselves at risk by oversharing on them, and the legitimate services being co-opted to support cybercriminal activities," said the company.

"Enterprises suffered from data breaches and targeted attacks at an alarming rate...and attackers adopted more professional software development practices," it added.

Meanwhile, Rik Ferguson, vice president of security research at Trend Micro, said along with the threats already mentioned end users should also be on their guard against the threat posed by other connected devices.

"With the advent of IPv6 opening up the available address space and the rise of the smart device, we can expect to see many more [electronic appliances] being brought online," said Ferguson.

"Each of these connected devices must run an operating system...[and] Android is already the criminals mobile OS of choice, [so] it is not too much of a stretch to think of criminals looking for ways to exploit other connected devices in the future."

Imperva has been forced to defend the findings of one of its recent security reports, following accusations the methodology used to create it was flawed.

The security vendor released its "Assessing the Effectiveness of Anti-virus Solutions" report last week, which pitted 80 previously non-catalogued viruses against more than 40 anti-virus products.

In the report, the company claimed that less than five per cent of these products were able to detect new viruses and that some took up to a month or more to update their signatures.

In the run up to the report's release, Tal Be'ery, web research team leader at Imperva, told IT Pro the findings were not designed to put people off adopting anti-virus.

They were not exposing the products to threats in the way they would be in the wild.

"[The research shows] malware has windows of opportunities and it shows there are a few weeks before it gets detected by the anti-virus products," he said.

"[Even so] you should definitely have anti-virus to protect against most malwares and [because] after a time it recognises and can protect against them."

The company used the website, VirusTotal, to analyse the samples before each one was tested by the anti-virus products.

This resulted in the creation of a report, which revealed whether or not the sample was picked up by the anti-virus product.

However, the study's findings have been criticised by one security expert for not exposing the products to viruses in the same way they would be "in the wild".

Speaking to IT Pro Rik Ferguson, director of security research and communications at rival security vendor Trend Micro, described the study as flawed.

"Simply scanning a collection of files, no matter how large or how well sourced misses the point of security software entirely," he said.

"They were not exposing the products to threats in the way they would be in the wild."

For instance, where was the email with the malware attached, he asked, or - if the threat was URL-based where was the analysis of its content?

"To decide whether or not a threat would be blocked, it must be processed in a test in the same way it would be delivered to the victim," he added

In a follow-up statement to IT Pro, Be'ery defended the research, claiming the evolving nature of security threats mean Ferguson's recommendations may not work for every testing scenario.

"[The recommendations] address an old threat model in which the attacker would try to infect many possible targets with a single campaign," he said.

"When the old threat model is considered...and all the defences are tested, the same conclusion holds: while anti-virus is effective in fighting widespread malware, for new [threats], there is a good chance it will evade the anti-virus solutions."

Security researchers have identified a new malware strand that steals image files from computers and sends them to a remote server

The program, detected under the name TSPY_PIXSTEAL.A (Pixsteal-A), is a Trojan that opens all .jpg and .jpeg image files, as well as .dmp memory dump files, and delivers copies of the first 20,000 to the FTP server being used by the cyber criminals behind the malware. It is currently only operational on Windows computers, according to Trend Micro's threat response engineer Raymart Paraiso.

"Though it appears tedious, the potential gain for cybercriminals should they be successful in stealing information is high. Users typically rely on photos for storing information, both personal and work-related, so the risk of information leakage is very high," he said in a blog post.

The collected images could potentially be used for identity theft, blackmail or to tailor future targeted attacks on individuals or corporations, Paraiso added.

Rik Ferguson, director of security research and communications told IT Pro: "[I believe] this is the first malware that has particularly focused on such a limited set of file types. In some of the nation state sponsored attacks, stealing photographs is of interest ... but if we are talking about the commercial, cybercriminal, widespread side of things ... then this does represent a shift."

Ferguson claims it is possible we will see more of this type of malware, but it will depend on how successfully Pixsteal-A can be monetised.

"There was a report recently on BBC Newsbeat that said self-generated intimate photos were being stolen and used on porn sites. So there is one obvious way that this kind of activity could bring an income for criminals, but whether it becomes more widely adopted and more widespread depends on how successful [this one is at generating revenue]," Ferguson concluded.

Security researchers have urged users to disable internet browser Java plug-ins, despite concerns about the impact it will have on their line-of-business applications.

As reported by IT Pro earlier this week, the US government has urged internet users to switch off Java in their web browsers following the discovery of two Oracle Java 7 zero-day vulnerabilities.

The issue is understood to affect web browsers that use the Java 7 plug-in, including Mozilla Firefox, Google Chrome, Internet Explorer and Apple Safari.

Removing Java from computers eliminates the attack surface, but it will break browser-based apps.

The bugs allow Java applets to carry out arbitrary operating system commands without permission, which could allow vulnerable systems to be infected with malware.

Despite this, IT security experts claim some enterprise users might be tempted to ignore the US government's advice because of the disruption it could cause to their business.

For instance, Ziv Mador, director of security research at Trustwave SpiderLabs, said companies that use browser-based Java apps would experience problems.

"Removing Java from computers eliminates the attack surface, but it is used in line-of-business and consumer applications and will clearly break [them].

"[It] is an issue administrators will need to take into account before they act on this [advice]," he added.

This is a view backed by Rik Ferguson, director of security research at anti-virus vendor Trend Micro, who said this could put some users off disabling Java.

"Some users, depending on who their security vendor is, might feel confident enough in its ability to detect every single variant of malware [this could expose them to], which is, perhaps, not that sensible," said Ferguson.

"There are some workarounds, though, most of which are pretty clunky," he added.

For instance, IT administrations could tell staff to use a different browser, such as Google Chrome, to run their business applications in and another for general internet use.

"It means having two separate browsers and relying on users to maintain that policy for as long as that alert's in place, which is why it's a bit clunky," he explained.

"The simplest solution would be for Oracle to release a patch, especially as this is a vulnerability that is affecting so many different platforms.

Meanwhile, Tal Be'ery, web research team leader at security vendor Imperva, said it is "nearly impossible" for IT administrators to disable a single software component on every machine they are responsible for.

"The current case of disabling Java components is no different," he said.

"Individual users should turn off Java 7 browser plug-ins and only enable them [for] trusted sites, such as [those hosting] Java-powered line of business applications."

Pressure is growing on Oracle to patch the vulnerabilities ahead of its next Java 7 update, which is due in October, following claims that a Polish IT security research team alerted the software giant to the problem back in April.

Google has been forced to remove another slew of dodgy apps from the Android Market, after 37 were found posing as real games.

Also known as fan apps,' these applications sent user data, including OS version, International Mobile Equipment Identity (IMEI) number and phone number to various remove servers as soon as the fake games were activated, Trend Micro found.

The apps also used aggressive marketing techniques, forcing users to share on Facebook what they downloaded as well as give them a rating on the Android Market.

The apps being taken off the Android Market does not eliminate this threat entirely.

Trend notified Google of the rogue apps, which were subsequently removed from the market.

"The apps being taken off the Android Market does not eliminate this threat entirely. Cyber criminals can still choose to upload them to other sites such as third-party app stores, forums and others," said Trend threats analyst Kervin Alintanahin, in a blog post.

"Quite obviously, this trend of apps being equipped with aggressive advertising methods especially those related to search monetization will be seen for quite a while. Thus, users are advised to be extra careful when installing apps."

Trend has seen various scams spreading across Android Market. It caught one developer posing as Rovio Mobile, the Angry Birds creator, but replaces the L' in the word Mobile' with a capitalised i'.

Another scam saw a fake version of the popular game Temple Run appear on the market.

Recent research from Juniper Networks showed Android malware rose 3,325 per cent in last seven months of 2011 alone.

Google has launched a feature known as Bouncer to bring added protection to the Android Market.

It will perform scans on new applications, apps already in Android Market and on developer accounts.

A botnet sitting on more than four million computers has been taken down by the FBI, with six suspects arrested.

Two datacentres in New York and Chicago were raided and over 100 servers taken offline as the botnet's infrastructure was dismantled as part of Operation Ghost Click.

Machines in over 100 countries were infected with the DNS Changer malware, which silently changed systems' DNS settings to point to foreign DNS servers.

We've managed to dismantle the infrastructure we've managed to disrupt the entire criminal operation.

This allowed the attackers to point victims to malicious IP addresses when users visited certain domains. When redirected in this way, users are at risk of getting yet more malware on their systems.

The FBI said 500,000 machines in the US were infected, including Government and NASA computers. The malware also prevented anti-virus installation and OS updates.

Six Estonian nationals were arrested under suspicion of running the illegal campaign, whilst another suspect, Russian Andrey Taame, is still at large, the FBI said.

It is believed they monetised the operation by inserting ads onto websites or forcing people to visit certain web pages. The perpetrators would get money for every click on an advertisement, or each time a victim was redirected to a particular site. They were able to acquire $14 million along the way, the FBI said.

In one example included in the FBI indictment, an infected user clicked on a link for the official Apple iTunes website only to be taken to a website unaffiliated with the tech giant and yet purportedly sold its wares.

Trend Micro, which helped supply information to the FBI on DNS Changer, hailed the law enforcement operation as the "biggest cyber criminal takedown in history."

"It's not the biggest botnet in terms of bots and that's why the headlines don't say the biggest botnet takedown in history," Rik Ferguson, director of security research at Trend, told IT Pro.

"We've seen botnet takedowns in the past and what you're actually getting rid of, although the activity is commendable and it should continue, is a symptom. What we've managed to achieve here, in working in partnership with the FBI, Team Cymru and the other partners, is that we've managed to dismantle the infrastructure we've managed to disrupt the entire criminal operation."

There have been a number of significant botnet takedowns in recent months, including Rustock and Kelihos, both of which were taken apart thanks to collaborative work led by Microsoft.

Ferguson believes the DNS Changer case has shown the war on botnets does not require Microsoft to lead the way.

"The fight against cyber crime and effective cooperation with law enforcement isn't dependent on any one company," Ferguson added. "The whole industry welcomes these kinds of successes."

He revealed Trend is continuing to work with law enforcement on various other cases.

Who was running it?

An Estonian company known as Rove Digital, a seemingly legitimate IT company, was allegedly responsible for controlling the DNS Changer botnet, Trend revealed in a blog post.

Vladimir Tsastsin, one of those arrested by the FBI and who had previously been convicted of credit card fraud in Estonia, was the owner of one of Rove's domain registrar companies called Estdomains, Trend explained.

Another of Rove's companies called Esthost was asked to cease activities in 2008 after many believed it was hosting criminal activities, but it continued to operate. Once Rove recognised law enforcement was on its back, it moved the command and control infrastructure across the world, shifting many of its servers to New York.

Trend claimed Esthost and Rove Digital were also spreading fake anti-virus and Trojan clickers, as well as "selling questionable pharmaceuticals" amongst other cyber crimes.

Each defendant has been charged with five counts of wire and computer intrusion crimes. Tsastsin has been charged with an additional 22 counts of money laundering.

"Today, with the flip of a switch, the FBI and our partners dismantled the Rove criminal enterprise," said Janice Fedarcyk, the FBI's New York assistant director in charge.

"Thanks to a coordinated effort of trusted industry partners, a mitigation plan commenced today, beginning with the replacement of rogue DNS servers with clean DNS servers to keep millions online, while providing ISPs the opportunity to coordinate user remediation efforts."

Whilst the rogue DNS servers have been replaced, many may still be infected. Head here to learn about how to check if your system is part of the DNS Changer botnet.

The mobile threat is real and companies as well as citizens need to get protected, according to a web security campaign launched today.

As more people use their smartphones for transactions and hosting valuable data, cyber criminals are increasingly looking to attack the devices, the Get Safe Online team warned.

Research from the campaign found 17 per cent of smartphone owners were using their mobile device for "money matters."

The volume of mobile malware has not yet reached the epidemic proportions of computer-based malware.

"While accessing the web via a mobile device can be fun and save time, it's important to be vigilant," said minister for cyber security Francis Maude.

"This week, we are encouraging everyone to take a few moments to visit www.getsafeonline.org and make sure they follow the right advice for using mobile devices securely and safely."

One of the main tricks mobile attackers are using is placing malicious apps on popular app stores, as seen with the DroidDream outbreak earlier this year when numerous dirty applications were found on the Android Market.

Many such apps look to force users into texting premium rate numbers, thereby handing money over to cyber criminals.

"With users now installing and removing apps with increasing frequency, this overall volumemeans the chance of encountering a rogue app is now higher than ever before," said Trend Micro's director of security research and communication Rik Ferguson, writing in the Get Safe Online report.

"The volume of mobile malware has not yet reached the epidemic proportions of computer-based malware, but criminal interest is clearly there and growing."

It's kind of a big deal

Despite widespread concerns about the mobile threat, there have been no significant attacks in which large sums of money have been stolen from smartphones.

In the whole of 2010, Kaspersky only spotted around 135 different species of mobile malware, compared to the vast number of PC-focused malicious software.

However, there is a consensus across the industry that mobile security is something businesses should worry about. Recent figures from G Data showed mobile malware spiked 273 per cent in the first half of 2011, compared with the same period in 2010.

"The mobile threat is a real thing as we are increasingly using mobiles for banking and social media," Bob Tarzey, security analyst at Quocirca, told IT Pro.

Tarzey suggested many of the attacks would focus on Android, the most popular mobile OS in the world and one of the easiest to develop for.

For businesses, the analyst recommended taking the half glass empty approach. "The rule of thumb is to assume the device is going to be compromised and work from that principle," Tarzey added.

"It's all quite manageable."

Read on for our feature on why it's time to worry about mobile security.

Trend Micro has today unveiled an aggressive new partner programme that promises to reward proactive resellers, while ditching those that are underperforming.

The firm is pledging a “leaner, more agile, more lucrative” programme that includes a “much-boosted set of rewards around profitability”.

The vendor cites analyst research that shows the internet security sector continues to post year-on-year growth. The vendor’s own channel-based research also indicates it’s a significant revenue opportunity for partners selling both traditional and cloud computing security.

Yet it says many partners rely too heavily on easy repeat business, rather than working proactively to ‘hunt and farm’ opportunities within existing and new customers.

“Most vendor partner programmes are seen as nothing more than a restrictive table of discounts and this means that much of the channel has tended to adopt coping strategies, rather than engagement strategies,” explains Anthony O’Mara, SVP EMEA Trend Micro (pictured). “Our programme raises the stakes and will challenge and reward both our commitment to the channel and the channel’s commitment to Trend Micro as a vendor.”

Trend has split the new programme into a traditional three tiered structure of Bronze, Silver, Gold and Platinum partners, which is claims offers improved flexibility and vastly reduced administration, plus a clearer line of accountability to partners.

Other features include deal registration where partners will be rewarded financially for working more closely with Trend on developing business, plus upfront discounts and rebate schemes for the outperformers.

Partners will also be eligible for further training and certification to enable them to develop market specialisations, addressing areas such as cloud & datacentre security, endpoint & mobility, data protection and SMB.

O’Mara maintains the programme will plug partners in to the expanding cloud security and virtualisation markets: “If our partners work with us to develop profitable, sustainable business, we will reward it with training, certification, specialisation, business planning, and marketing tools, as well as very competitive margins...Underperformance is no longer an option.”

Nick Bannister, divisional director security solutions at Trend – and VMware – distie Arrow ECS, calls the new programme a “very welcome move.” He comments: “Partners are asking for help in capturing a share of the growing virtualisation and cloud security market and this strategy will enable them to gain expertise, increase profitability and drive new business. As the leading distributor of VMware, we are very excited about the new programme and look forward to jointly realising our growth goals.”

David Caughtry, director of core technology at Computerlinks says the firm has anticipated the arrival of the new programme for a while: “It is clear from the version that we have been presented that Trend has gone to great measures to address the needs of its partners. We were particularly impressed by the initiative and reward scheme, through which the partners will receive the recognition they deserve.”

Adds Mark Charleton, director at another Trend distie Blue Solutions: “Feedback from our resellers has shown that vendor marketing support, training and certification are essential to help them win more business, provide a better service to their customers, and boost margins. We are confident that the new programme will achieve just that.”

Another widespread Advanced Persistent Threat (APT) has been found controlling 1,365 computers in 61 different countries, focusing heavily on Government bodies.

The main targets were Russia, Kazakhstan and Vietnam, with the 47 victims identified coming from various organisations, including Government ministries and diplomatic bodies, Trend Micro said.

In some cases, the attackers attempted to steal specific documents and spreadsheets.

Russia was far and away the most targeted country, with 1,063 systems compromised.

Over 300 targeted attacks, hackers managed to have users install the Lurid Downloader malware, otherwise known as Enfal, on thousands of machines.

That malware has been used to target the US Government and non-governmental organisations, although this Lurid APT appears to have no relation to those attacks, Trend said.

This newly-uncovered series of attacks exploited a number flaws in Adobe Reader. Once compromised, infected systems may have had their data stolen and sent to a C&C server over HTTP POST.

"Through communication with the command and control servers, the attackers are able to issue a variety of commands to the compromised computers," wrote David Sancho and Nart Villeneuve, Trend senior threat researchers, in a blog post.

"These commands allow the attackers to send and receive files as well as activate an interactive remote shell on compromised systems. The attackers typically retrieve directory listings from the compromised computers and steal data (such as specific .XLS files)."

Trend said it was difficult to ascertain who perpetrated the attacks, as it is easy to mislead researchers by manipulating sources, such as IP addresses.

"Although our research didn't reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets," the Trend researchers added.

The security company's discovery comes after McAfee uncovered a similar APT. The Operation Shady RAT attacks lasted over five years and went after Governments as well as private businesses.

The security giant identified 72 of the compromised parties. Of those 72, 22 were Government organisations.

Read on for our look at whether we can now confidently talk about cyber war.

Iranian web users were the real target of the hack on Dutch certification authority (CA) DigiNotar, which resulted in over 500 fake certificates being issued, evidence has suggested.

The CA was hacked in July, leading hackers to produce a host of fraudulent SSL certificates for sites including Google.com and an MI6 website.

Trend Micro said it had "concrete evidence" suggesting the DigiNotar attack was used to spy on Iranian internet users "on a large scale."

"We found that Internet users in more than 40 different networks of ISPs and universities in Iran were met with rogue SSL certificates issued by DigiNotar," a blog post from Trend read.

"Even worse, we found evidence that some Iranians who used software designed to circumvent traffic censorship and snooping were not protected against the massive man-in-the-middle attack."

What we think...

The use of attacks at both the CA and DNS levels shows the hackers were determined, or perhaps ISPs themselves were involved.

The involvement of an ISP was suggested by an Iranian web user the same one who discovered the fake Gmail certificate that kicked off this unsavoury saga in the first place. For Iranian citizens, the situation will only fuel their fury against the Government more.

Tom Brewster, Senior Staff Writer

Trend noted a spike in the number of Iranian users who loaded the SSL certificate verification URL of DigiNotar. As DigiNotar is a Dutch authority, most of its traffic normally comes from Dutch end users, so it is odd to see any noticeable Iranian traffic coming through.

"These aggregated statistics from the Trend Micro Smart Protection Network clearly shows that Iranian internet users were exposed to a large-scale man-in-the-middle attack wherein SSL-encrypted traffic can be decrypted by a third party," Trend Micro added.

"Because of this, a third party was probably able to read all of the email messages an Iranian internet user sent with his/her Gmail account."

The security firm even found evidence suggesting Iranians using anti-censorship software could still have had their internet usage watched over.

"Closer analysis of our data revealed even more alarming facts like outgoing proxy nodes in the US of anti-censorship software made in California were sending Web rating requests for validation.diginotar.nl to the cloud servers of Trend Micro," the company added.

"This very likely means that Iranian citizens who were using this anti-censorship software were victimized by the same man-in-the-middle attack."

Meanwhile, Fox-IT, the security auditors brought in to investigate the DigiNotar hack, found that in the lookups on DigiNotar's OCSP servers, which browsers check to see if a certificate has been revoked, more than 99 per cent of queries originated from Iran during the "active attack period."

Fox-IT found almost 300,000 unique IP addresses from Iran attempted to gain access to Google services using rogue certificates from DigiNotar.

"This is the most solid evidence yet that these certificates may have been used by the Iranian government or ISPs to spy on private communications of Iranian internet users," said Chester Wisniewski, Sophos senior security advisor, in a blog post.

"Many of the other requests not originating from Iran appear to have originated via Tor exit nodes or other proxies used by Iranians to avoid censorship. This indicates that the method used to perform the man-in-the-middle attacks with these certificates likely depended on DNS poisoning at the ISPs."

Android officially became the most attacked mobile operating system by far in the second quarter (Q2), indicating it is emerging as the Windows of the mobile hacking world.

McAfee data showed the amount of Android focused malware spiked 76 per cent in Q2 of 2011, when compared to Q1.

Of all new mobile malware created in the second quarter, approximately two thirds was aimed at Android. The second most targeted platform was Java ME, with around 12 per cent of new malware aimed at the OS.

The Android malware writing scene is heating up as the season of summer holidays is coming to its end.

Symbian was the third most attacked, whilst BlackBerry was fourth. Neither iOS nor Windows Phone 7 even featured in the McAfee rankings.

In its Q2 threat report, McAfee listed a host of Android malware examples that have tried to infiltrate phones via maliciously crafted apps. One examples was the DroidKungFu family, similar to the notorious DroidDream malware, which was able to install additional software and updates.

The overall number of mobile malware samples has doubled since 2009, with Android emerging as the hackers' pick. Microsoft's Windows has been cyber criminals' top choice for years, so Google will be pressing hard to ensure its OS does not become the mobile equivalent.

Mounting evidence?

Meanwhile, the pile of evidence pointing to Android's popularity amongst cyber criminals has been growing.

Security researchers have picked up on a piece of malware known as Gingermaster, which was discovered in a Chinese alternative Android marketplace.

The malware was spotted hiding within apps offering "Beauty of the day" pictures.

"Apart from displaying the photos, Gingermaster creates a service that steals information from your device, sending it out to a remote website in an HTTP POST request," explained Sophos researcher Vanja Svajcer, in a blog post.

"The information grabbed includes: user identifier, SIM card number, telephone number, IMEI number, IMSI number, screen resolution and local time If the root exploit is successful, the system partition is remounted as writable and various additional utilities installed, supposedly to make removal more difficult and allow for additional functionality."

Svajcer noted how Sophos had recorded a significant spike in Android malware too.

"The Android malware writing scene is heating up as the season of summer holidays is coming to its end," he added. "Last week, we received a record number of samples which are now waiting to be analysed in detail."

Trend Micro this week noted on its blog it saw a 1,410 per cent increase in the number of Android malware samples discovered from January to July 2011.

However, as Trend Micro itself said, malware is not a massive issue for Android users just yet.

"Our researchers opine that we have yet to reach a tipping point where malware becomes the biggest security issue for Android-based device users," said Trend researcher Paul Oliveria.

"The fact that these malicious apps are out there to invade one's privacy, to take control of a device, and to cost users money because of unnecessary billing charges are some things that should be taken seriously though."

A new body bringing together businesses, governments and law enforcement has been launched to fight cyber crime on a global scale.

The International Cyber Security Protection Alliance (ICSPA) was announced today, with a host of major security companies getting involved, including McAfee and Trend Micro.

Europol is the only major law enforcement body officially signed up, whilst the UK Government has given its backing to the ICSPA too.

The not for profit body wants to improve security by establishing a more collaborative approach, saying it would provide help to those nations which needed most assistance.

There is quite a lot of money out there that isn't providing the best results.

It will also seek to improve training across the world, with standardised accreditation and training programmes.

Where's the money coming from?

The body will attempt to raise funds from both governments and any private companies wishing to help out. The body will also look to squeeze some money out of the EU.

"We are not looking for new money here. There is quite a lot of money out there that isn't providing the best results," said John Lyons, chief executive of the ICSPA.

"We're looking at diverting some funds to provide a better framework. If I could get 5 million in next 18 months, I'd be delighted."

Former Home Secretary and chairman of the ICSPA, David Blunkett, offered an example of how businesses can help with funding.

"I've helped organisations in the Yorkshire and Humber region, who've been awarded 4 million to help fight crime," Blunkett told IT Pro.

Security, for those who need it most

As for how the body would decide on which countries will benefit from special attention, Lyons indicated it would go through Europol to determine who was most in need.

Symantec and Kaspersky are notable omissions certainly they are conspicuous by their absence.

Little talk went on discussing how communication channels would be opened up with nations where cyber crime is a serious issue, such as China.

"You've got to go beyond Europe. We need to make sure make this doesn't turn into an all English club," said Rik Ferguson, director for security research in EMEA for Trend Micro.

"With countries like China you have to go through official channels... For a country like China, where infrastructure is being abused, there's no reason why they would not become a big part of ICSPA."

Absentees?

There were some notable absentees from the sponsors list. In particular, of the security industry's big four, Symantec and Kaspersky were not on the list.

"Symantec and Kaspersky are notable omissions certainly they are conspicuous by their absence," Ferguson added.

"But the more who join, the more the merrier."

Organisers said they would continue to work on adding more sponsors and partners in the future.

A poisoned search engine optimisation (SEO) campaign has duped over 100 million web users into visiting malicious web pages, a security firm has warned.

The campaign, run by a well-known blackhat SEO operator, has used Google image search to redirect users to fake anti-virus downloads in a bid to compromise users' systems.

"In just one month, this campaign was able to redirect nearly 300 million hits from 113 million visitors to the malicious landing pages," Trend Micro explained in a blog post.

"In addition to generating pages full of bad links and keywords to boost search engine results ranking, the operator also embedded images taken from legitimate sites so its pages can get a high Google Image Search index."

To date, Trend Micro said it had identified 4,586 compromised servers connecting to the blackhat SEO command server.

Using these servers, the hackers have implanted two kinds of pages inside various websites, one being a standard fake anti-virus scanning page, the other a Traffic Direction System (TDS) page.

"TDS pages are used as landing pages to direct traffic to malicious content based on a variety of criteria such as OS, browser version, and geographic location," the security firm explained.

"This particular campaign uses the well-known SUTRA TDS to redirect users to [fake anti-virus] landing pages or to pages that host the Black Hole Exploit pack."

In the past 30 days, that TDS redirected 220,175,652 hits from 82,568,468 visitors.

This campaign targeted Mac users in particular by using landing pages designed to imitate the appearance of the Mac OS.

"This campaign again demonstrates how effective blackhat SEO techniques are in driving traffic to malicious websites," Trend Micro added.

"Despite low conversion rates in terms of exploitation and [fake anti-virus] downloads or purchases, this operation is still likely generating a considerable amount of money for its operators."

Over 50 malicious apps found their way onto the Android Market, but have now been removed, according to reports.

Reddit contributor Lompolo was first to notice the issue, when he found 21 Android legitimate apps had been repackaged with an exploit known as "rageagainstthecage" designed to gain root access to users' devices.

A report from Android Police indicated that between 50,000 and 200,000 versions of the malicious apps could have been downloaded before Google pulled the plug.

The apps were able to steal device details such as IMEI numbers and could even download more code and install extra malware designed to take even more data from users.

Various apps released under the developer names "Kingmall2010, "we20090202 and "Myournet" were affected. In a follow-up blog post, Android Police claim that the exploits used no longer work under Android 2.3. If true, this incident highlights one of the disadvantages of the delays Android users often face in getting the latest operating system updates.

Google have removed the apps and banned the rogue developer it believes to be responsible from Android Market, reports indicated. The tech giant has also ensured the apps were remotely removed from the affected handsets.

However, Rik Ferguson, senior security advisor at Trend Micro, said just taking the apps offline may not help those who downloaded the infected apps.

"Of course this remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection," Ferguson said in a blog.

"So if you are one of the estimated 50,000 people who have downloaded these malicious apps it could be worth your while investigating the possibility of getting a replacement handset or reinstalling the operating system on the one you have if possible."

At the time of publication, Google had not responded to a request for comment on the situation.

There have been plenty of concerns over the security of the Android Marketplace, but before this there had not been any major issues.

Instead, most threats had been seen passing through third-party app stores.

As Android becomes more popular, however, the marketplace will become more of a target for cyber criminals.

Philip Dall, mobile security expert with internet security company BullGuard, said users should ensure where the app has come from in the first place.

"First and foremost, you should think twice before you download applications by finding out who uploaded it, check which rights and actions the app wishes to make use of, and consider whether this sounds right or not," Dall said.

"Secondly, you should install security software on your phone."

IT PRO recently warned about the potential security time bomb facing the plethora of app stores now open to consumers and businesses alike.

Trend Micro has introduced an Android security app as it looks to ramp up efforts in the mobile sphere.

The Trend Micro Mobile Security app promises to be one of many such offerings from the vendor and focuses on protecting digital files and banking transactions over Android smartphones.

Other features include download protection, call and text filtering as well as 'safe surfing' to help counter phishing efforts.

"Trend Micro has a proven track record of being a long-time leader in the mobile security market, from protecting Windows Mobile 2003 devices to our recent Trend Smart Surfing iPhone application," said Carol Carpenter, general manager of Trend Micro consumer and small business.

"With the Android platforms rapid growth, cyber criminals will be rushing to take advantage of these mobile devices anyway they can."

Trend uses cloud-based security intelligence to help protect Android users from today's threats in real-time.

Given the number of threats which have targeted the Google Android operating system, users may do well to invest in some extra protection.

Last month, research from AdaptiveMobile suggested malware aimed at the OS had quadrupled in 2010 in comparison to 2009.

Meanwhile, Google said it would issue a fix for an Android bug that saw text messages sent to the wrong recipients, albeit in a small number of cases.

"It took us some time to reproduce this issue, as it appears that it's only occurring very rarely," explained Nik Kralevich, an engineer on the Android security team, posting on a forum.

"Even so, we've now managed to both reproduce it and develop a fix that we will deploy."

In 2010 many of the security predictions made in the previous year came true, from increasing attacks on social networks to more mobile malware.

Clear trends emerge each year and 2011 looks likely to be no exception to the rule.

Whilst it is extremely challenging to predict the exact nature of future threats, it is certainly viable to map out possible occurrences.

With this in mind, we look at what some of the industry's more prescient security experts expect to see next year.

War, what is it good for?

So much talk this year focused on Stuxnet. Whilst Microsoft has patched up all the holes Stuxnet was exploiting and the incredibly sophisticated piece of kit has been outed, what it made clear was that nation states are getting serious about cyber warfare.

Now Stuxnet has made its mark, it would not be a huge surprise if a country's critical infrastructure was impacted in a major way in 2011. Indeed, Websense said similar exploits will be carried out once or twice in 2011.

Whilst copycats will not be hugely prevalent next year, they could certainly be trickier to detect.

"Compared to the number of more traditional cyber criminal attacks that will occur, those with Stuxnet's level of sophistication will be few and far between," said Alexander Gostev, chief security expert at Kaspersky Lab.

"However, when they do, they will be potentially far harder to detect and as they are unlikely to affect the average user, the majority of victims are unlikely to ever know they have been targeted."

Nevertheless, nations will be busy shoring up their security across departments next year and preparing their armies to make strikes against hostile nations.

Hacktivism

Tech portmanteaus are often irritating beasts but there is something rather cool about hacktivism' it just seems to fit.

Anyone involved in the Anonymous hacktivist group was no doubt clinking champagne glasses when New Year's Eve rolled around after a 2010 in which they made headline news for their pro-WikiLeaks DDoS attacks.

Anonymous hackers were also involved in attacks on anti-piracy sites, so expect their work to continue in any left-wing agenda that goes under their radar. No doubt as the WikiLeaks saga runs on, other firms who pull the plug from Julian Assange's operation will be on the wrong end of a DDoS strike.

"Despite hasty attempts in many countries to pass legislation to counter this type of activity, effectively by criminalising it, we believe that in 2011 there will be yet more cyber protests, organised by this group or others that will begin to emerge," Panda said.

Many predicted social networks would become virtual playgrounds for hackers in 2010 and they were right. Disconcertingly, 2011 looks likely to get even worse, according to a wide range of security experts.

Joona Airamo, chief information security officer at Stonesoft, warned one attack could affect millions of users.

"Hackers will use malware that copies a user's address book and sends out malicious emails/files to all their friends," he said.

"Just like the old email scams, the malicious file will look like it has been sent from the initial target so recipients will trust the source."

Given the introduction of Facebook Messages, an attack like the one Airamo outlined could become even more widespread. With some hope, Zuckerberg and Co will be on their security game to protect users.

Social engineering will continue to be big in 2011 in general, with Trend Micro claiming cyber criminals will launch malware campaigns by bombarding unwitting users with emails that "drop downloaders" containing malware.

Rising zero-days

In 2010, zero-day threats were disturbingly common, affecting various pieces of much-used technology, including Adobe Reader, Windows and Internet Explorer.

This year, expect to see plenty more such sudden dangers and vendors scrambling to issue fixes.

"Zero-day vulnerabilities are widely considered something of a common occurrence. Sadly, that trend is set to continue in 2011, with zero-day threats becoming even more prevalent," said Kaspersky's Gostev.

"The rise in malicious exploits that seize on programming errors won't just be down to new vulnerabilities they will also occur because of the speed at which cyber criminals react to such loopholes."

Whilst Windows will remain the chief target for hackers, in terms of operating systems, cyber criminals will look to spread their net further as Microsoft's market share is eaten away by the likes of Apple's different offerings.

Already this year there has been a significant rise in malware targeting Apple users and a specialist version of the notorious Koobface worm was spotted.

"As the Apple OS becomes more commonly used, there will be a nasty worm or virus which is going to target it specifically," said Stonesoft's Airamo.

Of course, Windows will remain the central target for hackers given the dominance it has over competitors, but there will be a change in tactics amongst cyber criminals, explained David Harley, senior research fellow at ESET.

"While there won't be a big shift towards specific targeting of other operating systems, as more people start using them, there will be increased interest in finding weaknesses." Harley said.

Mobile and consumerisation

As workers get increasingly mobile and as they use the same device for personal and business use, the more threats IT administrators are likely to face.

The fact is, with manufacturers like Apple, Google and Microsoft trying to cater to both businesses and consumers, and with the move to the cloud, people are entering the workspace expecting to be able to use a range of devices for work and pleasure.

"With the blurring of the lines between business and personal use, the increased sophistication of the devices and the consolidation of mobile platforms, it is inevitable that attackers will key in on mobile devices in 2011 and mobile devices will become a leading source of confidential data loss," Symantec said in a blog post.

In a Symantec survey, over half of respondents said they will install security software on their mobile device in the future, so at least some are realising the threat facing smartphones and tablets.

Hopefully, 2011 will also be the year when everyone begins to understand the importance of securing their companies' and their own data.

A Microsoft Security Essentials (MSE) update has been released without any accompanying blog post or press release.

Updates normally come with some kind of blurb but Microsoft has decided to push out an update without any fanfare.

This may seem strange given some decent features have been added to the software, which can be downloaded for free by Windows users operating on XP SP2 and higher, Vista and Windows 7.

MSE 2.0 comes with improved malware detection and behaviour monitoring, which should help protect against zero-day threats, according to the Redmond giant.

Integration of Windows Firewall means users can manage the firewall within MSE.

MSE 2.0 has not been included in the software's own upgrade mechanism, so Windows users who want to download the new version can do so from Microsoft's site here.

Microsoft was recently criticised by security rivals Trend Micro and Panda Security after both took umbrage with the firm's decision to include MSE in Windows Update.

Panda said consumers should be able to choose between all the various anti-virus options available to them when updates occur.

The firm warned homogenising the anti-virus market would only benefit hackers, as they would just need to crack one form of security rather than many.

Trend Micro has entered into a definitive agreement to buy Mobile Armor for an undisclosed sum.

The US data protection company focuses on securing a range of mobile devices, from smartphones to laptops, and will help Trend Micro increase its play in the market.

"Mobile Armor brings device level and file and folder level encryption technologies to Trend Micro which will complement our existing endpoint and mobile security offerings," Rik Ferguson, senior security advisor at Trend Micro, told IT PRO.

It will also have its part to play in Trend Micro's cloud computing strategy going forward, with the increased need for remote access that comes from cloud technologies.

"As data and individuals become more mobile and dissipated, information is regularly accessed on portable devices which is often held in cloud based storage," added Ferguson. "If the cloud is secured but the endpoint left unprotected, then your security is not complete."

"We as corporate entities have responsibility for our data and we need tools that we can effectively manage and configure to help us deliver on that responsibility."

The deal is expected to close before the end of the year, if all the regulatory approvals go smoothly.

Despite a year of economic strife, acquisitions have been hitting the headlines regularly in 2010 as companies sought to buy in technologies rather than spending on their own research and development.

However, Ferguson assured IT PRO this was not the direction Trend Micro was taking.

"Trend has a long history of ground-breaking innovation and we fully intend to continue," he concluded.

A zero-day privilege escalation flaw has hit Windows that could allow hackers to bypass user account control security found in Vista and Windows 7.

The flaw was posted briefly on a programming education site and could allow even limited user accounts to execute code in kernel mode, although researchers have found the vulnerability exploited on its own would not allow remote code execution.

"This is a serious flaw because it resides in win32k.sys, the kernel mode part of the Windows subsystem," explained Prevx's Marco Giuliani, in a blog.

A vulnerable API in Windows could be manipulated by having its input changed to cause an overflow in the kernel, he noted. This would then allow arbitrary code to run in kernel mode.

"A malicious attacker is able to redirect the overwritten return address to his malicious code and execute it with kernel mode privileges," Giuliani said.

All versions of Windows XP, Vista and 7, in both 32 and 64 bit, are vulnerable to this attack, but no attacks have been seen in the wild as yet, he added.

Paul Ferguson, senior threat researcher at Trend Micro, said the timing of this flaw was "crucial" given the holidays are coming.

"With users spending more time online in search of discounts and Black Friday deals, it may become easier for cyber criminals to spread malware exploiting the zero-day vulnerability," Ferguson explained in a blog.

Sophos senior security advisor Chester Wisniewski had a more positive outlook for users.

"The good news? For this to be exploited, malicious code that uses the exploit needs to be introduced," Wisniewski added in his own blog.

"This means your email, web and anti-virus filters can prevent malicious payloads from being downloaded."

Microsoft had not responded to our request for comment at the time of publication.

Earlier this month Microsoft confirmed another zero-day flaw had hit Internet Explorer, affecting all versions of the browser.

The UK has been given the unenviable crown of the king of malicious spam in Western Europe, research has shown.

While spam generally saw a decline in the third quarter, a Trend Micro report found one in ten spam messages sent by the top 10 spam-sending nations was from the UK.

Cyber criminals were particularly intent on using spam advertising for quick and simple weight-loss products and programmes.

Indeed, a quarter of all scams detected by Trend were centred around these spam messages.

"The research shows that despite media reports about the rise in other online threats, traditional spam techniques are still favored by cyber criminals", said Rik Ferguson, senior security advisor at Trend.

"Consumers continue to fall prey to these types of scams and that's why they continue to be popular. My advice would be, if it looks too good to be true, it probably is."

The research was carried out in support of the Get Safe Online week, which kicked off on Monday.

"It's vital we make people aware of the threats and how to deal with them, to ensure they continue to use the internet safely and confidently," said Tony Neate, managing director of Get Safe Online.

"It is about education and making people aware that, yes, these dangers are real, but armed with the right knowledge, we can all continue to enjoy using the internet securely."

Some believe whilst education is indeed needed, the awareness week does not go far enough.

"We're now seeing malicious emails and rogue or compromised websites become more difficult for the average consumer to identify," said Julian Lovelock, director for commerce markets worldwide at authentication solutions provider ActivIdentity.

"Get Safe Online week shouldn't be just one week in the year to reflect on security, but an ongoing program of education to help customers and employees guard against these threats."

Panda Security and Trend Micro have jumped on a Microsoft decision to include free anti-virus software in its Windows Update.

The Redmond giant now includes Microsoft Security Essentials (MSE), a year after the software was made available to download for free.

Both Panda and Trend have taken umbrage at the situation, with the former hinting Microsoft should push all of the various forms of anti-virus on the customer rather than only MSE.

"The way the guys in Redmond are executing the idea is risky from a security perspective and could very well make the malware situation much worse for internet users," said Luis Corrons, technical director of PandaLabs, in a company blog post.

"That's why we encourage Microsoft to continue using Windows/Microsoft Update but instead to push all free anti-virus products available on the market, not just MSE."

This could translate into something similar to the browser ballot scheme introduced earlier this year, after the European Commission ruled Microsoft's bundling of Internet Explorer into Windows was harming competition.

Corrons told IT PRO Panda is not considering taking matters any further just yet, but will see how the situation pans out.

"We'll see what's Microsoft's reaction is on the different issues we've pointed out in our blog post," he added.

"Anti-trust regulations are already in place."

He stressed Panda had a good relationship with Microsoft, but this was "an issue that affects all the industry."

Corrons also warned homogenising the anti-virus market would only benefit hackers, as they would just need to crack one form of security rather than many.

Reports also claimed Trend Micro had raise concerns about the impact Microsoft's decision would have on the security sphere as a whole.

We contacted Microsoft for a reponse, but it had not responded to our request at the time of publication.

Trend Micro has launched Worry Free Business Security 7, designed to help small businesses fend off the various threats facing them today.

Included in the package is email data leakage prevention, allowing firms to monitor and stop any accidental or deliberate loss of confidential information being sent via email.

The service comes with Mac client protection as well, meaning both Windows and Mac users can take advantage of the services without having to pay for additional software.

Another feature provides the business with the ability to control access to USBs and other removable devices, again to prevent data loss from the organisation.

"Data loss, either through internal data leaks or malware, is a serious issue for small businesses," said Caroline Hodson, head of UK channel sales and marketing at Trend Micro.

"Worry-Free Business Security 7 offers small businesses data leakage protection while stopping threats before they reach their networks."

The announcement came after Trend released its 2010 corporate end user survey, which showed 60 per cent of small businesses expressed concerns over data-stealing malware, while 56 per cent said they were anxious about data leaks - both intentional and unintentional.

Despite clear concerns over security, the research indicated bigger firms were more aware of the issues at hand.

In the UK, 73 per cent of employees from large companies claimed to be aware of confidential data compared to 63 per cent from small companies.

However, in the US, UK, Germany and Japan, employees at bigger firms were significantly more likely to admit other employees have leaked data from within their organisation.

According to analyst firm Context, the Worry Free line of products has been something of a money-spinner for Trend.

Almost half (49 per cent) of the total sales of licenses in September this year in the sub 100 seats small to medium sized business segment went on a Worry Free offering.

Elsewhere in the security sphere, Webroot acquired Derby-based Prevx this week, claiming the pair will lead a "revolution in the security industry."