Week in Security: BugBear Variant, Security Budget Forecast
• A variant of last fall's Bugbear worm surfaced Wednesday and spread through the Internet rapidly, prompting a slew of alerts from antivirus vendors. Bugbear-B is a polymorphic worm that spreads via e-mail and network shares. It can install a keystroke logger on infected systems and function as a backdoor program to give an attacker access to confidential information. Late Thursday, Symantec upgraded Bugbear-B to a level-four virus threat, with level five being the most serious. Earlier in the week, a variant of the Sobig worm spread across the Internet, sometimes posing as a message from Microsoft Chairman Bill Gates but more often appearing as an e-mail from other falsified addresses. Sobig-C shuts down on June 8.
• More than 5 percent of IT budgets in most industries will be spent on IT security this year, according to Gartner. Security spending has grown at a compound annual growth rate of 28 percent since 2001, the research firm said. Gartner also forecasts that 60 percent of enterprises will outsource monitoring of at least one perimeter security technology by 2005.
• Microsoft issued a cumulative patch for Internet Explorer to fix two new flaws affecting Internet Explorer versions 5.01, 5.5, 6.0 and version 6.0 for the newly released Windows Server 2003. However, Internet Explorer on Windows Server 2003 runs in a default configuration that blocks attacks that exploit the vulnerabilities, the company said.
• At its Tech Ed 2003 conference in Dallas, Microsoft announced two new security certifications and an alliance with VeriSign to offer a new public-key infrastructure (PKI) platform later this year. Microsoft also pledged to make security patches easier to apply (see story).
• Worldwide VPN and firewall software/hardware revenue reached $700 million in the first quarter, down 4 percent from sales in the fourth quarter of last year, according to Infonetics Research. But the research firm predicted that market will grow again in the second quarter and reach $3 billion this year and $4.7 billion in 2006. Worldwide intrusion detection and prevention system revenue totaled $105 million in the first quarter and stands to reach $1.3 billion in 2006, Infonetics said.
• RSA Security announced a partnership with Precise Biometrics. Plans call for RSA to integrate Precise Biometrics' Precise BioMatchT fingerprint authentication technology with RSA SecurID Passage smart card software and the RSA SecurID USB token.
• SonicWall introduced Content Filtering Service (CFS) 2.0, a subscription-based service offered via SonicWall security appliances. CFS 2.0 features a Web-based management interface that provides administrators with more flexibility by allowing them to direct content filtering over a wired or wireless LAN, the company said. The service uses URL rating information by Cerberian and allows administrators to specify a local list of URLs to block. Slated to be available in mid-June, CFS runs on the SOHO TZW and all SonicWall appliances running firmware version 6.5.
• Guardent, a provider of managed security services, launched Managed Vulnerability Protection Service-Wireless (MVPS-Wireless). The service can remotely detect rogue wireless access points on a network, which reduces the need for on-site radio frequency scanning to detect wireless vulnerabilities, the company said.
• PatchLink announced the availability of Update 5.0, which features compatibility with Windows Server 2003; role-based administration; the ability to customize graphical reporting; and the ability to assess patch compliancy by groups of computers, application or severity. The product is scheduled to be available June 30. The addition of role-based administration will allow Patchlink solution providers to sell patch management services to their clients, the vendor said.
• Citadel Security Software said it is partnering with Foundstone to provide interoperability between Foundstone's security software, designed to identify vulnerabilities and correlate threats, and Citadel's Hercules software, which provides automated vulnerability remediation.