Stelar Global Inc, formerly Ecom Infotech (I) Ltd. sent spam out in a Word document. This spam submitted by Les Bell via the FunSec mail list.
From: "Ecom Infotech (I) Ltd." (email@example.com) To: "Info" (info[at]lesbell.com.au) Subject: Enterprise Security Management Date: 24/04/2009 10:09 PM Dear IT Head, What do you do when the logging is turned off ? How soon you will know? Does that create a blind spot? Let's see a typical low and slow attack: Attack step: Attacker action: Action revealed in: 1. Probe Runs port scans seeking targets with Log data known vulnerabilities. 2. ID entry point Identifies a target system with a known Log data vulnerability. 3. Access Brute-forces access to the system with Log data multiple failed logins preceding the successful login. 4. Admin privilege Escalates to Admin/Root or created a new Asset data account with Admin privilege. 5. Config change Disables logging. Configuration data 6. Exploit vulnerability Creates a buffer overflow that spikes Vulnerability & Performance data performance by exploiting vulnerability. 7. Rogue app Installs a back door to the system. Asset data 8. Data theft Steals confidential data. Flow data Traditional SIM Co-relate Log, Asset , Configuration, Vulnerability, Performance and Network flow data in a single integrated Platform brining actionable intelligence. Attackers employ "low and slow" attacks designed to evade detection from existing defenses like IPS and device security. Timely detection of these "low and slow" attacks is elusive for log management systems because it requires the real-time collection and correlation of multiple sources of data. Specifically, log, asset, configuration, vulnerability, performance and network flow data each contribute to identifying different aspects of an attack. Can we help you ? We offer one of the most cost effective solutions (Embedded image moved to file: pic08431.gif) We also offer the foll services/ end to end solutions: 1. COBIT, ISO 27001/ 20000, BS25999 Framework Implementation: Compliance with COBIT, ITIL or ISMS best practices implementation. 2. IT Audit and other related Assurance services. We are certified IT Auditors. 3. Enterprise Identity Management: Complete security based solutions for Identity and Access Management, Single Sign On solutions and Federated Identity Management in a SOA or Distributed Environment. 4. Privileged Users' Monitoring Solutions. ?Reports suggest that 70% Frauds were caused by Insiders. 5. Business Continuity Management and Resilience Services- Are you proactively prepared for unplanned outages? Should you be interested in our services, please drop an email to firstname.lastname@example.org. For more details visit www.sgius.com Best Regards Ashwin K Chaudary MBA (IT), CISSP, CISA, CGEIT, ISO 27001LA, ITIL, PMP