In January 2011, General Atlantic bought 20% of Kaspersky, valued at about $200 million, from Eugene Kaspersky and his ex-wife Natalya. GA was brought in at the time to seek acquisition opportunities and set Kaspersky Lab up for an initial public offering.

“It’s quite a big deal, the biggest deal of my life,” Kaspersky said at the Kaspersky Security Analyst Summit 2012. “The company will stay private and stay focused on IT security.”

Kaspersky said the main motivation for the buy-back was the preservation of the company culture.

“IT security has to be flexivble and innovating. My impression is that being private is the right way because you don’t need to report [finances],” Kaspersky said. “I like the way company is going and the spirt of the company. To change their basic design, I’m afraid is dangerous. We are not going to change our ways, spirit, culture, emotion or strategy.”

Kaspersky said he could see the company branch beyond its core consumer and enterprise antimalware expertise. The company has a worldwide stable of security researchers with offices in 29 countries. Kaspersky said the company is profitable (less than 20% year over year growth), and promised to remain as transparent as possible in its financial disclosures.

“[If public], there are much more reports and governance and a longer decision-making process,” Kaspersky said. “I have the same feeling that I read in Richard Branson’s book that when you go public, the company goes slower. I don’t want that.”

Tanase conducted an experiment recently where he emailed the webmasters of 100 websites infected with malware informing them of the problem asking in return only for some data on the infections in the form of log entries. What Tanase got in return was a big fat zero, as in no replies.

Undeterred, Tanase said Wednesday during the Kaspersky Lab Security Analyst Summit 2012, that he emailed another 200 and actually got a 3% reply rate time on his second attempt.

“The assumption I made is that webmasters don’t know their sites are infected,” he said. “The reality is that webmasters don’t care if their sites are infected.”

Tanase said he knows 52% of his emails reached their destination; 48% bounced back to him.

Of the three percent who did reply, one came from a monestary and a priest who asked for help in cleaning up the websites and under what conditions. Another respondent came from an advertising agency that wasn’t interested because the infected site in question was an old site no longer in use. Another, from an industrial equipment supplier, said they didn’t have a dedicated IT person on staff, but offered to send Tanase an administrative username and password and wondered if he could help–a major security fail.

The experiment, however, wasn’t a total bust; 3% may have replied, but upon a second scan, 5% had removed the malware from their sites.

“They may not have replied,” Tanase said, “but they did clean up their site.”

By Hillary O’Rourke, Contributor

With the hassle of finding the best deal and coping with the constant crowds, online shopping has never been more popular for the holiday season. But with that ease comes a warning from Websense: keep an eye out for online scams, particularly typosquatted sites.

Researchers at security research company Websense, Inc. are warning online holiday shoppers of typosquatted online domains, domains that cybercriminals have registered that are virtual but malicious copies of familiar sites in hopes of taking advantage of those who misspell the URL.

Websense researchers have claimed they’ve recently found more than 2,000 typosquatted online domains set up. Websense published a list of domains it found as part of a network of typosquatters, attempting to pose as a legitimate UK brand-name sites.  Websense said it has a “list of hundreds of hosts that are part of a typosquat hive (the hive itself contains thousands of hosts), and all of them are hosted in the US. We call it a hive because all of the listed hosts have a connection, and were most likely set up by the same cybercriminals.”

Researchers are also claiming that although the brand names may be spelled correctly in the domain, cybercriminals have created sites with the “.org” or “.net” domain suffixes as well. They added that they’ve seen a recent influx of these fraudulent domains in preparation for the holiday season.

The attackers often use these websites in fake emails and phishing sites in an attempt to lure consumers to claim online coupons. After a user clicks on the provided link, a pop-up shows up in another window with a different offer.

It’s important to remember that legitimate websites and the companies behind them sometimes employ a strategy of buying typosquat hosts that are similar to their site’s name. This is a good strategy for successful websites, as those companies usually understand the dangers of typosquatting and how their brand name can be affected and abused. Kudos go to Amazon, which registered a good number of potential typosquat hosts, including aqmazon (dot) com, amaxzon (dot) com, amzon (dot) com, and many more. These are all GOOD hosts registered by Amazon itself, leaving no chance for abuse as long as they remain registered to Amazon.

Typosquatting is used to quickly gain advertising revenue from sites receiving a high volume of accidental traffic. More recently, however, it’s often more about collecting as much information as the cybercriminals can get. With the holiday season in full swing, cybercriminals should expect to see success in both of those areas.

As the Websense says, it’s all “to ensnare the unaware.”

The cybercriminals responsible for the Nitro attacks have certainly showed audacity in their latest move: Sending malicious emails claiming to be from security vendor Symantec with the company’s own report on those Nitro attacks.

According to a Symantec blog post, the group, which is currently targeting chemical companies, is using the same social engineering techniques they have used in previous attacks, but lately they have been sending malicious emails that are created to look like they were sent by Symantec’s technical support department.

“They are sending targets a password-protected archive, through email, which contains a malicious executable,” explained Symantec researchers keeping a close watch on the group’s attack techniques. “The executable is a variant of the Poison IVY and the email topic is some form of upgrade to popular software, or a security update.”

The security vendor originally exposed the gang in a report released on Nov. 1 on the Nitro attacks that began in July and lasted until September. Those attacks also involved emails carrying a variant of the Poison Ivy backdoor and were specially crafted for each targeted company. According to the blog post, they are still using the same hosting provider for their command and control (C&C) servers.

The Symantec blog post explains one of the emails ‘offers protection from “poison Ivy Trojan’!”

The fraudulent emails come with an attachment called “the_nitro_attackspdf.7z” with an archive containing a file called “the_nitro_attackspdf.exe.” According to the blog post, the large space between “pdf” and “.exe.” is to trick a user into thinking the attachment is a PDF.
When the attachment is opened, the executable creates a file called Isass.exe, more commonly known as Poison IVY, and then creates a PDF file that is none other than Symantec’s Nitro Attacks whitepaper (PDF).

“The attackers, in an attempt to lend some validity to their email, are sending a document to targets that describes their very own activity,” Symantec said.

Symantec’s consulting team is launching a mobile security assessment service, designed to assess a business’ mobile security policies and defensive technologies.

The new service is an extension of the Symantec Security Program Assessment. Symantec created a Mobile Security Framework that is designed to evaluate how a business addresses mobile device security from a governance, intelligence and infrastructure perspective. Among the 15 core elements that make up the framework are policies, standards and awareness, asset inventory and ownership, application security and monitoring and reporting metrics.

Symantec’s mobile assessment service is one of many available to enterprises. Security vendors have been quick to offer a variety of mobile services and products because businesses have been inundated with employees bringing in personal devices that they expect to connect to the corporate network. For example, McAfee, Verizon Business, IBM and other firms provide a variety of consulting services that can evaluate security programs and more specifically, an organization’s mobile security posture. Experts have been touting ways to write effective mobile security policies to address the influx. Technologies are available to address policy enforcement across platforms and control access to sensitive data.

In an interview with SearchSecurity.com, Franklin Witter, manager of security business practices at Symantec, said his consulting team will use a series of surveys, workshops and interviews to understand the organization’s risk tolerance and practices and technologies already in place. “We want to understand the business use case for mobile technology in the enterprise,” Witter said.

The goal is to lay out a security plan that addresses the strengths and weaknesses inherent in each mobile platform, Witter said. Organizations will get a better understanding of the gaps in their current state of maturity.

Witter said Symantec clients that have undergone a full security program assessment have been asking for a more focused mobile evaluation. “Our advisory team takes a product agnostic approach,” Witter said. “We’re not solely focused on Symantec products.”

The Symantec Mobile Security Assessment Suite costs about $40,000. Organizations that undergo the review are given a final written report and scorecard illustrating the organization’s mobile security readiness. The report also provides recommendations and an action plan to address existing gaps.
Mobile Application Assessment Service

Symantec also rolled out an application assessment service designed to test mobile apps for a variety of coding errors that could lead to data leakage or a costly data breach. Witter said the testing will be offered in either a white-box or black-box testing. The cost of the evaluation will depend on the scope of the project, he said.

The application assessment service has been operating for about a year. Symantec is seeing an increase in businesses designing custom applications for either employee use or for their customers.

The assessment can identify issues with authentication and authorization, data validation, session management, encryption, auditing and logging and the business logic of a mobile application. It can be performed in conjunction with a penetration assessment to provide a more deeper view of vulnerabilities.

“This will help us accelerate our ability to drive product innovation, expand our operations internationally and also go shopping,” Tuchen said. “We plan to pursue strategic acquisitions that would line up with our business. We think we have a unique portfolio in the assessment business, which is a strategically important area for us as a vendor and an important problem for companies to solve.”

Rapid7’s flagship product is its Nexpose vulnerability management platform, which scans networks, applications and databases for vulnerabilities. Rapid7 also houses the Metasploit Project and the Metasploit Framework, a platform used by penetration testers and vulnerability assessment products to execute exploits against targets. Tuchen said Metasploit, backed by its large, active open source community, was an important piece of the puzzle for investors.

“$50 million validates what we’re doing as a company and the interest in security as a sector and Rapid 7 as a company,” Tuchen said, adding that up to a half-dozen VC firms were interested in investing in Rapid7, which help push the number to $50 million.

Tuchen said his top priority for the immediate future is hiring talent to stock a new innovation center at its Boston headquarters, grow engineering teams in California and Texas and staff new international offices in London and Hong Kong.

“It’s all about hiring, and getting the right team and leadership in place and building and scaling out our engineering teams and finding the right leader in EMEA,” Tuchen said. “I’ll be busy hiring, and in my spare time, doing a little shopping.”

Rapid7 said it has grown revenue more than 900 percent over the past four years, boasting 10 quarters of record revenue through Q3 of this year. The company said it has more than 1,700 customers worldwide and is a growing company in a market whose predicted revenue, according to IDC, is expected to top $5.2 billion by 2015.

Technology Crossover Ventures general partner Tim McAdam will become the newest member of Rapid7’s board of directors. TCV is a new investor in Rapid7; Bain Capital Ventures is Rapid7’s other VC investor.

This is the first time SIG selection was put to a vote, and more than 500 were cast, close to a quarter of the SSC’s participating organizations, said Jeremy King, European director of the PCI SSC, who added that one-third of the votes cast came from outside North America.

PCI SIGs are essentially forums for feedback on topics that ultimately is turned into guidance for interpreting and implementing existing or new mandates to the standard, the SSC said in a release. This year, the SSC released guidance on tokenization, point-to-point encryption and virtualization.

SIGs are made up of merchants, payment processors and qualified security assessors. SIGs must complete their efforts and deliver a guidance document within one year.

This year, voters had seven potential SIGs to choose from, and were asked to select a top three. The seven, according to the Storefront BackTalk blog, were: administrative access to systems and devices; how to write a risk assessment; patch management; ecommerce guidelines; PCI in the cloud; small business and PCI; and managing hosted service providers.

Reuters reported Thursday that in a report titled “Foreign Spies Stealing US Economic Secrets in Cyberspace,” the Office of the National Counterintelligence confirmed that foreign intelligence services, corporations and individuals have increased their efforts to take research and development data relating to U.S. technologies. These efforts include remote data downloads, transferring data to portable devices and via email.

The report, covering 2009-2001, was developed using data from intelligence agencies, think tanks, academia and what it called “private sector” resources. It referred to numerous sources being involved in cyberespionage against U.S. interests, but called out only Russia and China by name.

Though the report failed to link China to specific events, such as the RSA SecurID attack earlier this year, it represents a tacit acknowledgment that China’s involvement in cyberespionage represents a serious ongoing problem for U.S. companies.

“Chinese actors are the world’s most active and persistent perpetrators of economic espionage,” the Office of the National Counterintelligence wrote in the report. “China and Russia view themselves as strategic competitors of the United States and are the most aggressive collectors of U.S. economic information and technology.”

Secunia, a vulnerability management vendor from Denmark, is the latest to join the bounty brigade, but it is bringing its spin to the market. Secunia’s new Secunia Vulnerability Coordination Reward Program is another platform for researchers to report software security flaws, but Secunia goes a step further and offers to handle the reporting process to the affected vendor. Software vendors have varied and sundry reporting processes and Secunia hopes to help researchers skip the hassle, according to Carsten Eiram, chief security specialist at Secunia.

“Most other schemes pay researchers for their discoveries, and, while these offerings are excellent for researchers, the companies are, naturally, very selective in which vulnerabilities they wish to purchase and coordinate,” he wrote in a release from the company. ”This leaves a huge gap for researchers, who either do not want to sell their vulnerabilities or discover vulnerabilities not fulfilling the requirements of the existing initiatives, but who would still like an independent third party to confirm their discoveries and handle coordination.”

TippingPoint’s Zero Day Initiative (ZDI) and VeriSign’s iDefense Labs Vulnerability Contributor Program are probably the most well known bug-bounty programs offered by security companies., Google, Microsoft and Mozilla also have their own twists on bug bounties. ZDI, for example, pays researchers for previously unpatched bugs and then develops signatures for its intrusion prevention products to give its customers first crack at protection. It also works with the affected vendor, and once a patch is ready, a joint advisory on the vulnerability is prepared.

Secunia says it will provide detailed information on vulnerabilities to the affected vendors and will participate in the patch process by providing feedback on fixes and confirming patches resolve the issue in question. Secunia hopes to establish itself as a trusted, independent third party in the vulnerability remediation process. In addition, the company says it will not notify its customers in advance as ZDI would. Instead, a public advisory would be the first notification of a vulnerability.

Secunia has established certain conditions for vulnerabiilties to be considered: the vulnerability must not be already publicly known; it must have been found in a stable product, inthe latest version that is actively supported by the vendor. Secunia’s research team must also be able to confirm the vulnerability.

Secunia said its rewards will include merchandise and accommodations and entry into major security conferences.

Researchers at the Laboratory of Cryptography and System Security (CrySys) in Budapest, Hungary, uncovered the installer file, the Word document, which Symantec researchers said exploits a previously unknown kernel vulnerability. Symantec issued a report last month that detailed the similarities between Duqu and the notorious Stuxnet malware. Designed to steal data, Duqu was discovered on the systems of industrial component manufacturers.

In an email statement, Jerry Bryant, group manager of response communications for Microsoft Trustworthy Computing, said, “Microsoft is collaborating with our partners to provide protections for a vulnerability used in targeted attempts to infect computers with the Duqu malware. We are working diligently to address this issue and will release a security update for customers through our security bulletin process.”

According to Symantec, the Word document was designed to target specific organizations. Symantec researchers noted that this installer is the only one recovered to date; attackers may have used other methods to spread Duqu. There are no robust workarounds but most security vendors already detect and block the main Duqu files, Symantec said in a blog post Tuesday.

The number of confirmed Duqu infections remains limited, but have been confirmed in six possible organizations in eight countries, including France, India, and Iran, according to Symantec.

According to Reuters, computer investigators in India have seized the computer equipment believed to have hosted the command-and-control server connected to Duqu.