The most risk significant development this week was Microsoft’s Advance Notification for release of six security bulletins on 2009-11-10. Sun released an update to Java addressing seventeen vulnerabilities, but none are presently the target of attack. Historically, Java vulnerabilities are ignored by criminals or attacked months after patching. Social networks continue to be a primary target of criminal activity. Gumblar, the FTP-stealing trojan is now targeting Wordpress blogs. Bredolab, Virut and Zeus activity continues with malicious code disguised as shipping confirmations and money transfers. However, sending pharmaceutical spam has been occupying most criminal cycles.

Most of the threat activity for this week was directed towards Facebook and Twitter users. Large e-mail campaigns for password reset confirmations led to compromised Facebook accounts and Trojan installations, with the primary goal of stealing bank account information. Sun issued advance notification to patch at least six vulnerabilities in Java on Tuesday, 2009-11-03. There is also an unspecified buffer overflow vulnerability in the current version of Java System Web Server. The Guardian Newspaper reported a “sophisticated” intrusion on their jobs site, and Gawker Media became the victim of a malvertisement similar to September’s attack on the New York Times.

The following is the executive summary paragraph to the weekly Intelligence Summary report Verizon Business Cybertrust Security’s Risk Team provides. The purpose is to capture in one paragraph the most risk-significant events, over the past week, from an enterprise perspective.

Risk relevant events this week were dominated by security bulletins from Microsoft and Adobe. Infrastructure component vulnerabilities have also been announced, but without widespread reporting and discussion among security professionals. Availability failures disrupted service for T-Mobile Sidekick users, all of Sweden, OS X Snow Leopard users and customers of Google’s Postini mail service. While there was a surge in reports of several different Trojan horses, the malicious code risk environment has become more risky at roughly the same pace we’ve been experiencing over the last several months.

The following is the executive summary paragraph to the weekly Intelligence Summary report Verizon Business Cybertrust Security’s Risk Team provides. The purpose is to capture in one paragraph the most risk-significant events, over the past week, from an enterprise perspective.

Microsoft made their pre-release announcement for October Black Tuesday and 13 bulletins, eight “critical” using their criteria. Patches for the SMB2 and IIS/FTP vulnerabilities are among those expected. Adobe’s advance notice for their quarterly security update to Adobe Acrobat and Reader includes a vulnerability they know is being used in limited, targeted attacks, other vulnerabilities will be patched too. The mass compromise of web mail passwords dominated this week’s news; we agree with ScanSafe’s assessment they were probably the result of malcode infections and not phishing. The scale of this infection/breach is more significant to enterprise security than the web e-mail accounts that were compromised. Reports the FBI director’s spouse refuses to allow on-line banking is a serious indictment of on-line trust and we will be tracking related reports of trust erosion, especially by high-profile individuals, groups and companies.