30. January 2009 by Myke.

Sexual performance enhancers and pharmaceuticals were the most common subjects used by spam in 2008

GLENDALE, Calif., Jan. 28, 2009 ” PandaLabs, Panda Security’s malware analysis and detection today revealed the results from its analysis on 430 million email messages from 2008 and discovered that only 8.4 percent of messages that reached companies were legitimate. Some 89.88 percent of messages were spam, while 1.11 percent were infected with some type of malware. This data has been compiled after the analysis by TrustLayer Mail, the clean mail managed service from Panda Security.

Only January 2008 witnessed levels of spam below 80 percent. The amount of spam fluctuated throughout the year, peaking in the second quarter at 94.27 percent of all mail reaching companies.

With respect to infected messages in 2008, the Netsky.P worm was the most frequently detected malicious code. This type of malware activates automatically when users view the infected message through the Microsoft Office Outlook preview pane. It does this by exploiting a vulnerability in Internet Explorer that allows automatic execution of email attachments. The exploit of this vulnerability was detected by PandaLabs as Exploit/iFrame and was the third most frequently detected type of malware in emails by TrustLayer Mail.

“The fact that these two malicious codes often act in unison explains the high number of detections of both,” said Luis Corrons, Technical Director of PandaLabs. “Cyber crooks often launch several strains of malware with each exploit to increase the chances of infection, so even if users whose systems are up-to-date are immune to the exploit, they could still fall victim to infection by the worm if they run the attachment.”

The Rukap.G backdoor Trojan, designed to allow attackers to take control of a computer, and the Dadobra.Bl Trojan were also among the most prevalent malicious code.

Top Malware in email Netsky.P.worm Bck/Rukap.G Exploit/iFrame Trj/Dadobra.BL Generic Malware Trj/Downloader.PSJ Trj/SpamtaLoad.DO Trj/Downloader.PWR Bck/Haxdoor.PL Trj/Spamtaload.DZ

“For companies, spam is more than just a nuisance. It consumes bandwidth, wastes employees’ time and can even cause system malfunctions. In the end, it all results in a loss of productivity,” adds Luis Corrons.

Much of this spam was circulated by the extensive network of zombie computers controlled by cyber-crooks. A zombie is a computer infected by a bot, a type of malware allowing cyber criminals to control infected systems. Frequently, these computers are used as a network to drive malicious actions such as the sending of spam. Just in the last three months of the year, 301,000 zombie computers were being put into action every day.

Spam subjects in 2008

With respect to the different types of spam in circulation, 32.25 percent of spam in 2008 was related to pharmaceutical products with sexual performance enhancers accounting for 20.5 percent.

Spam relating to the economic situation also grew significantly throughout 2008. False job offers and fraudulent diplomas accounted for 2.75 percent of all junk mail in the year, while messages promoting mortgages and fake loans were responsible for 4.75 percent.

Spam promoting fake brand products, such a swatches, was responsible for 16.75 percent of the total. This last category nevertheless, dropped from 21 percent in the first half of the year to 12.5 percent in the last six months. To view an entire breakdown of the variety of spam subjects that PandaLabs discovered, please access the data here: http://www.flickr.com/photos/panda_security/3234535186/

About PandaLabs Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security’s new security model which can even detect malware that has evaded other security solutions. Currently, 94 percent of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), working 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients. More information is available in the PandaLabs blog: http://www.pandalabs.com and the Panda Security website: www.pandasecurity.com/usa.

Posted in Spam, Internet, Security, Exchange | No Comments »

30. January 2009 by Myke.

Black Hat researcher will show how the bad guys can use a database’s own features against it

A database security researcher will demonstrate at next month’s Black Hat DC how an attacker who breaks into a SQL Server database can cover his tracks using antiforensics techniques.

Cesar Cerrudo, lead researcher for Application Security’s Team SHATTER, and founder and CEO of Argeniss, says he will show a proof-of-concept that circumvents forensics investigations by abusing some inherent features in the database. “If the attacker has done a good job of removing his tracks, then it becomes pretty difficult to determine what was done, how it was done, why, and by whom,” Cerrudo says.

So far, Cerrudo says he hasn’t seen any database attacks that have gone to the next level like this yet. “But as criminal hacking is rapidly growing, and databases are where the juicy stuff is saved, in the future we will start to see more and more sophisticated attacks,” he says, especially since many big breaches are the result of database hacks.

And in the current economic climate, the risk of an insider attack is even higher. The financial pressures of a possible layoff or otherwise could entice a database operator to go rogue. “The main point of this research is that if you don’t properly protect database servers, soon or later you will get hacked and probably lose millions of dollars,” he says.

Although Cerrudo’s research focuses on SQL Server, any database could be hacked and manipulated with antiforensics, he says. Among the database features that the bad guys can use for nefarious purposes are the ability to load external libraries or binary code, which can manipulate the server itself. Buffer overflow attacks are another way to do so as well, according to Cerrudo.

All it takes is for an attacker to gain database administrative privileges — which is not difficult if the database isn’t locked down properly — by exploiting a vulnerability in the database or stealing the credentials via a Trojan or brute-force hacking, for instance.

“Once you have enough privileges, you can do anything on any database server. This includes loading code to database server memory, [and] then this code can manipulate all functionality and let the attacker perform any actions” on the database he wants, Cerrudo says.

If the database hack using antiforensics is detected, some of the damage can be discovered by forensics, such as stolen data or changes made to the data stored in the database, for instance. But how it was hacked or who did it would remain a mystery, he says.

An attacker who infiltrates a database can even frame another person for the attack using antiforensics techniques. “One of the scary things about these antiforensics techniques is that the attacker can point investigators in the wrong way by making it look like another person performed the attack,” Cerrudo says.

The attacker could leave behind phony tracks that incriminate the victim organization’s database administrator so that when the forensics investigators do their work, all evidence leads to the database admin rather than the real culprit. “Without logs or [with] confusing logs, investigation becomes harder, the evidence is not enough, and in order to find the real culprit you must find real evidence that points to him,” Cerrudo days.

How can an organization protect itself from such an attack? “Nowadays, using a third-party monitoring mechanism should be a must since built-in security mechanisms can’t protect [the database] once the attacker has enough permissions,” he says.

Cerrudo also recommends regular database patching, strong passwords, and periodic database vulnerability scans.

Posted in SQL, Security, Servers | No Comments »

30. January 2009 by Myke.

IT Worker Indicted For Setting Malware Bomb At Fannie Mae

IT contractor deployed highly malicious script before his administrative rights were terminated

A former IT contractor at Fannie Mae, angry at being terminated in October, has been thwarted in his attempt to crash all 4,000 servers at the mortgage services institution and wipe out all of their data.

According to a report from the U.S. Department of Justice, a federal grand jury in Maryland has indicted Rajendrasinh Babubhai Makwana, a contractor working at Fannie Mae’s Urbana, Md., facility, for transmitting a malicious script to the company’s servers.

The malicious code, which was set to execute on Jan. 31, was designed to propagate throughout the Fannie Mae network and destroy all of the company’s data, the DoJ says.

According to court documents, Makwana — who was employed by OmniTech, a third-party contractor that handles server administration for Fannie Mae — was censured by management on Oct. 10 after unintentionally distributing a server script without authorization. The documents suggest the mistake was so egregious that Makwana probably knew he would be fired, although his administrative rights were not revoked until hours after his official termination on Oct. 24.

Apparently, Makwana had been busy before he was kicked off the system. On Oct. 29, five days after Makwana had left the company, a senior Unix engineer found a malicious script buried in a legitimate script that validates the storage area network connections among the company’s 4,000 servers every morning at 9 a.m. A page break had been inserted between the malicious script and the legitimate script, making it less obvious.

The malicious script was set to execute multiple tasks, all of them bad. First, it would wipe out all of the passwords on the servers, effectively locking administrators out. Then it would build a list of all servers that contained Fannie Mae data and wipe out all of the data, replacing it with zeros. This would also destroy the backup software on the servers, making the restoration of data more difficult because new operating systems would have to be installed on all servers before any restoration could begin, the court documents say.

The script would also remove all “High Availability” software from any critical server, the complaint continues. Then it would power off all servers, disabling the ability to remotely turn on a server. After the second run-through, the script would remove all of the files on the current host and try to zero out the root file system.

“Had this malicious script executed, [Fannie Mae] engineers expect it would have caused millions of dollars of damage and reduced, if not shut down, operations at [Fannie Mae] for at least one week,” the complaint says. “If this script were executed, the total damage would include cleaning out and restoring all 4,000 [Fannie Mae] servers, restoring and securing the automation of mortgages, and restoring all data that was erased.”

Makwana faces a maximum sentence of 10 years in prison. He had his initial appearance in federal district court on Jan. 6, following the filing of the complaint. Arraignment is scheduled for Jan. 30, 2009.

Industry experts warn that such exploits may become more common as the economy forces companies to lay off an increasing number of employees. Enterprises should be careful to terminate all data and administrative access rights for the affected employees before they have the opportunity to act in retribution, the experts warn.

Posted in Security, Servers, Storage | No Comments »

29. January 2009 by Myke.

The “The remote computer requires Network Level Authentication, which your computer does not support.” error is what you get when you try to connect to computer running Server 2008/Windows Vista with using recently updated Remote Desktop Client.

It looks like Windows XP doesn’t support Network Level Authentication even with the new Remote Desktop Client so you will have to turn NLA off in Server 2008/Windows Vista.

Got to System Properties and select “Allow connections from computer running any version of Remote Desktop (less secure). It’s less secure, but it works.

Posted in Networking, Security, Microsoft, Servers | No Comments »

27. January 2009 by Myke.

So you know that your hard drive will die sooner or later, but how do you proactively figure that out?  Magic 8-ball used to be the best method but as of recently we can do a much better job.

The standard IDE/SATA hard drive today is still the most mechanical piece of equipment sitting in your present day PC. And this will continue to be the case until solid state drives become much cheaper and much more compatible for present day hardware. The most unfortunate part of the problems with these drives, is how incredibly critical they are to the state of your computer. A hard drive failure means a dead computer - unless you are lucky enough to be running in some type of RAID environment, which most home users won’t be.

So those of us here at Homerun decided maybe we should put together a list of tools to help everyone else out that would like a better Magic 8-ball.  Below you will see our four choices and a brief description of the tool.  One thing to remember, these are Windows based tools and they are to be used at YOUR own risk, not ours. 
Crystal Disk Info

CrystalDiskInfo is a S.M.A.R.T. based utility that supports not only internal drives, but both USB and IEEE1394’s as well. It displays an incredible amount of simple and advanced disk information, and may always be running in the background. This includes temperature readings, read/write errors and power management tools, running at all times of the day.

General Drive Info

Advanced Diag of your drive

 HD Tune

HD Tune is a much simpler hard drive disk scanning utility that has benchmarking, advanced diagnostics, similar to Crystal and a disk scanning utility, very similar to the Windows version, but can be run in real-time. It also includes real-time temperature monitoring.

Benchmarking

Disk Scanning

HDD Health

HDD Health is another similar product. It includes temperature and real-time monitoring, but includes a health indicator, simply by percentage and nothing more. It does include the same advanced diagnostic tools as the other SMART utilities as well.

General Information

Extended Drive Information

HDD Scan

HDD Scan not only includes many SMART diagnostic utilities, but other disk utilities as well. It includes many advanced testing modes, such as reading, writing and erasing in linear. In comparison to the other products, HDD Scan might get you more bang for the free buck.

Various HDD Scan Tools

Available Surface Tests

Manufacturer Specific Products

Some people might trust products designated for their specific hard drive more then any other. So I’ve provided a list of all the major manufacturers with a link to their diagnostic tools. A few of these may even support different manufacturers.

Fujitsu - Supports all forms of internal connection and is capable of doing in depth surface and diagnostic testing.

Hitachi - Several diagnostic tools for Hitachi drives. Analyze, optimize and protect your drive from failure.

Samsung- The Samsung utility will only work with Samsung drives and is an offline bootable disk that can be run no matter what the state of your drive.

Seagate/Maxtor- The Seagate tools, also known as Seatools, are Windows specific tools that can quickly and comprehensively determine the state of your present Seagate or Maxtor hard drive.

Western Digital - In order to determine your appropriate tools, you’ll first have to select your specific product and browse to a compatible ‘Data Lifeguard Diagnostic Tools’. Thorough test and repair utilities for West Digital drives.

All of the tools above may or may not be able to resolve serious disk errors on your drive. But if you are worrisome about the state of your current HDD and you’d like to confirm it, these tools will help to do so. It will force you to begin transferring data, or backing up your data on a regular basis before the inevitable happens. Play with each of tools, and find the best that suits your situation.

Posted in Microsoft, General Hardware, Desktops, Laptops, Backups, Servers, Storage | No Comments »

27. January 2009 by Myke.

IPv4 is the fourth revision in the long development of IP and it is actually the first to be widely deployed.  Combined with IPv6, it is the core of inter-networking methods of the Internet.  IPv4 is to this day the most widely deployed Internet Layer protocol.

IPv4 uses 32-bit (four-byte) addresses, which limits the address space to 4,294,967,296 (2³²) possible unique addresses. However, some are reserved for special purposes such as private networks (~18 million addresses) or multi-cast addresses (~16 million addresses). This reduces the number of addresses that can be allocated as public Internet addresses. As the number of addresses available are consumed, an IPv4 address shortage appears to be inevitable, however network address translation (NAT) has significantly delayed this inevitability.

This limitation has helped stimulate the push towards IPv6, which is currently in the early stages of deployment and is currently the only contender to replace IPv4.

IPv6 is the next generation Internet Layer protocol for inter-networks and the Internet.  In December 2008, despite celebrating its 10-year anniversary as a Standards Track protocol, IPv6 was only in its infancy in terms of general world-wide deployment. A recent study by Google indicates that penetration is still less than one percent of Internet traffic in any country. The leaders are Russia (0.76%), France (0.65%), Ukraine (0.64%), Norway (0.49%), and the United States (0.45%). Although Asia leads in terms of absolute deployment numbers, the relative penetration is smaller (e.g., China: 0.24%). IPv6 is implemented on all major operating systems in use in commercial, business, and home consumer environments. According to the study, Mac OS leads in IPv6 penetration of 2.44%, followed by Linux (0.93%) and Windows Vista (0.32%).

The length of network addresses emphasize a most important change when moving from IPv4 to IPv6. IPv6 addresses are 128 bits long (as defined by RFC 4291), whereas IPv4 addresses are 32 bits; where the IPv4 address space contains roughly 4 billion addresses, IPv6 has enough room for 3.4×10³⁸ unique addresses.

IPv6 addresses are typically composed of two logical parts: a 64-bit (sub-)network prefix, and a 64-bit host part, which is either automatically generated from the interface’s MAC address or assigned sequentially. Because the globally unique MAC addresses offer an opportunity to track user equipment, and so users, across time and IPv6 address changes, RFC 3041 was developed to reduce the prospect of user identity being permanently tied to an IPv6 address, thus restoring some of the possibilities of anonymity existing at IPv4. RFC 3041 specifies a mechanism by which time-varying random bit strings can be used as interface circuit identifiers, replacing unchanging and traceable MAC addresses.

So this brings us to the differences between IPv4 and IPv6:

1. Simplified header format. IPv6 has a fixed length header, which does not include most of the options an IPv4 header can include. Even though the IPv6 header contains two 128 bit addresses (source and destination IP address) the whole header has a fixed length of 40 bytes only. This allows for faster processing.
   Options are dealt with in extension headers, which are only inserted after the IPv6 header if needed. So for instance if a packet needs to be fragmented, the fragmentation header is inserted after the IPv6 header. The basic set of extension headers is defined in RFC 2460.
2. Address extended to 128 bits. This allows for hierarchical structure of the address space and provides enough addresses for almost every ‘grain of sand’ on the earth. Important for security and new services/devices that will need multiple IP addresses and/or permanent connectivity.
3. A lot of the new IPv6 functionality is built into ICMPv6 such as Neighbor Discovery, Autoconfiguration, Multi-cast Listener Discovery, Path MTU Discovery.
4. Enhanced Security and QoS Features.

posted by: Myke Reinhold
credit: Homerun-Networks, Google, Wikipedia

Posted in Internet, Networking, Security | No Comments »

24. January 2009 by admin.

Now, when I say “pesky annoyance” I mean down right frustrating. Say your thumbnails won’t work on your xbox 360 when viewing items thrown out over media sharing and you’ve got this wonderful errors blasting around your event log:

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Event ID:      10016
Description:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Now, just think about how tech-savvy you really are. You know what’s up. You’re going to go find out what application this is by finding the AppID in the registry then head over to Component Services and go fix this up, right? You start “dcomcnfg” and you browse over to “Thumbnail Cache Out of Proc Server” and try to modify it… no love. Greyed out options and all you’ve just been denied by your trusty operating system. You know you’re and administrator but behold, you’ve been given the finger by Windows.

No worries.

Someone, somewhere decided that they would make a security consideration here and grant only “Trustedinstaller” full control permission instead of Administrators. How dare they huh? To fix this up, do the following:

    1. Open Registry Editor and browse over to ‘HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AppID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}’
    2. Right click on the {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} key and choose “Permissions…”
    3. Just as you would a file, take ownership and assign it to ‘Administrators’ then go back and grant ‘Administrators’ the ‘full control’ permission.
    4. Restart dcomcnfg and modify away.

Once you’ve made your modifications and granted Local Activation permissions to NETWORK SERVICE, you should eliminate those errors.

This trick can be applied to ANY CLISD you can’t modify in Component Services DCOM Configuration.

Posted in Registry | No Comments »

24. January 2009 by Myke.

This laptop came and went in the Homerun-networks lab.  We played and played and were amazed at the speed and the “geek” factor.  With 2GB of DDR3 memory, NVIDIA Quadro FX 2700M 48-core CUDA parallel computing processor 512MB, Ultranav + Fingerprint Reader, Non-RAID HDD, 160 GB Hard Disk Drive, 7200rpm, DVD Recordable 8x Max Ultrabay Enhanced (Serial ATA), ThinkPad 11b/g Wireless LAN Mini PCI Express Adapter III and the coolest feature of all…17″ WUXGA 400NIT TFT+10.6″WXGA+ TFT.  The slide out 10.6″WXGA+ TFT screen is so cool that I almost decided to buy it.  The only downfall I have on this laptop is the cost (which I understand but is out of my reach) and the ad I recently saw in which a “Geek” is more interested in the laptop than the lady disrobing in front of him.  I am a geek and love my geek toys and tools but to be quite honest, flesh baring and beautiful women are far more interesting to me.  I tell you what, how about you be the judge of the ad.

Posted in Laptops | No Comments »

22. January 2009 by Myke.

If that does not get your attention then maybe knowing that if you ate at a restaurant over the last few months of 2008 this could include you.  Maybe you used a credit/debit card at places like pay-at-the-pump gas stations, parking lots, retail stores, school campuses or hospitality/community banks…you data may have been stolen.  This story was first reported 2 days ago by Brian Krebs of the Washington Post.

Payment Processor Breach May Be Largest Ever

A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have compromised tens of millions of credit and debit card transactions, the company said today.

If accurate, such figures may make the Heartland incident one of the largest data breaches ever reported.

Robert Baldwin, Heartland’s president and chief financial officer, said the company, which processes payments for more than 250,000 businesses, began receiving fraudulent activity reports late last year from MasterCard and Visa on cards that had all been used at merchants which rely on Heartland to process payments.

Baldwin said 40 percent of transactions the company processes are from small to mid-sized restaurants across the country. He declined to name any well-known establishments or retail clients that may have been affected by the breach.

Baldwin said it would be unfair to mention any one of his company’s customers.

“No merchant of ours represents even [one-tenth of one percent] of our volume, and to put out any name associated with what is obviously an unfortunate incident is not fair,” he said. “Their customers might end up having their cards used fraudulently, but that fraud might turn out to have come from their store, or it might be from another Heartland store and no one will ever really know.”

Heartland called U.S. Secret Service and hired two breach forensics teams to investigate. But Baldwin said it wasn’t until last week that investigators uncovered the source of the breach: A piece of malicious software planted on the company’s payment processing network that recorded payment card data as it was being sent for processing to Heartland by thousands of the company’s retail clients.

Baldwin said Heartland does not know how long the malicious software was in place, how it got there or how many accounts may have been compromised. The stolen data includes names, credit and debit card numbers and expiration dates.

“The transactional data crossing our platform, in terms of magnitude… is about 100 million transactions a month,” Baldwin said. “At this point, though, we don’t know the magnitude of what was grabbed.”

The company stressed that no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were jeopardized as a result of the breach.

The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

“The nature of the [breach] is such that card-not-present transactions are actually quite difficult for the bad guys to do because one piece of information we know they did not get was an address,” Baldwin said. As a result, he said, the prospect of thieves using the stolen data to rack up massive amounts of fraud at online merchants “is not impossible, but much less likely.”

In many cases where a processor experiences a breach, the affected banks may simply re-issue new cards to some customers. In other cases, consumers may spot the first signs of fraudulent activity by reviewing their bank statements. It is unclear whether consumers who receive new account numbers from their bank will ever be able to definitively tie the re-issuance to the Heartland breach.

Baldwin said it was not appropriate for Heartland to offer affected consumers credit protection or other identity theft protection services.

“Identity theft protection is appropriate when there is enough personal information lost that identity theft is possible,” he said. “In this case, the amount of information we know they did not get is long enough that except in very circumscribed cases identity theft is just not possible. At the same time, we recognize and feel badly about the inconvenience this is going to cause consumers.”

Avivah Litan, a fraud analyst with Gartner Inc., questioned the timing of Heartland’s disclosure — a day in which many Americans and news outlets are glued to coverage of Barack Obama’s inauguration as the nation’s 44th president.

“This looks like the biggest breach ever disclosed, and they’re doing it on inauguration day?” Litan said. “I can’t believe they waited until today to disclose. That seems very deceptive.”

Officials from the U.S. Secret Service could not be immediately reached for comment.

Baldwin said Heartland worked to disclose the breach last week.

“Due to legal reviews, discussions with some of the players involved, we couldn’t get it together and signed off on until today,” Baldwin said. “We considered holding back another day, but felt in the interests of transparency we wanted to get this information out to cardholders as soon as possible, recognizing of course that this is not an ideal day from the perspective of visibility.”

The Heartland disclosure follows a year of similar breach disclosures at several major U.S. cards processors. On December 23, RBS Worldpay, a subsidiary of Citizens Financial Group Inc., said a breach of its payment systems may have affected more than 1.5 million people.

In March 2008, Hannaford Brothers Co. disclosed that a breach of its payment systems — also aided by malicious software — compromised at least 4.2 million credit and debit card accounts.

In early 2007, TJX Companies Inc., the parent of retailers Marshalls and TJ Maxxsaid a number of breaches over a three-year period exposed more than 45 million credit and debit card numbers.

In 2005, a breach at payment card processor CardSystems Solutions jeopardized roughly 40 million credit and debit card accounts.

Update, 5:07 p.m. ET:Changed “accounts” in first paragraph to “transactions.” Also added information from Heartland chief executive about the timing of the breach and the hiring of outside consultants.

If you are like me, I use LifeLock, where you can guarantee your good name today.

Posted in Internet, Security | No Comments »

20. January 2009 by Myke.

Within the next few months, Cisco Systems, the largest maker of networking equipment, plans to release a product that threatens to shake up the technology industry and put the company on a collision course with traditional partners like Hewlett-Packard and I.B.M.

The product — a server computer equipped with sophisticated virtualization software — is a bold but risky move by Cisco into an unfamiliar, intensely competitive market that typically produces far lower profits than Cisco makes from network gear. But it reflects the company’s ambition to grow beyond its roots as the so-called plumber of the Internet to offer everything from instant messaging software to digital stereos.

For years, Cisco remained content to sell the switches and routers that direct the rivers of data flowing between computing systems. It dominates that market, making most of its $40 billion a year in revenue, and 65 percent gross profit margins, from such products.

The other major makers of computer hardware, including H.P., I.B.M. and Dell, have enjoyed a mutually beneficial relationship with the company, which is based in San Jose, Calif.: Cisco sells networking gear, while they sell personal computers, servers, storage systems and software.

Industry experts say that Cisco’s push into the server market will disrupt that comfortable symbiosis and could cause an all-out war among the tech titans for one another’s customers.

“This will be the most important and most talked-about product of the year,” said Brent Bracelin, a hardware analyst for Pacific Crest Securities. “There will be massive competitive reactions from both I.B.M. and H.P., and we expect this will lead to a new wave of industry consolidation.”

Cisco executives played down the potential for serious conflict. “We see this not as a new market, but a market transition,” said Padmasree Warrior, the company’s chief technology officer. “Any time there is a major transition occurring, there will be large companies that have to compete in some areas.”

The technology driver behind this transition, according to Cisco, is virtualization software.

Over the last decade, virtualization software has experienced a meteoric rise. Virtualization products let companies run numerous business applications, rather than just one, on each physical server, allowing them to save electricity and get more out of their hardware purchases.

Recently, however, virtualization technology has started to have a more significant impact on business computing systems as a whole. New tools developed by VMware, the market leader, make it possible to shuffle business applications around a data center just by pointing a computer mouse at an icon on the screen. The mobility of the software has broken some of the traditional, linear connections among computers, storage systems and networking hardware.

As a result, companies like Cisco see an opportunity to produce a new, potentially disruptive class of hardware and software management systems that span an entire data center. With customers looking to manage their data centers as a single entity rather than separate units, the world’s largest technology companies must now fight to secure the most prominent, central position possible.

Cisco’s newfound aspirations stretch well beyond the $50 billion server market to include management software and possibly even storage.

“Our vision is, how do we virtualize the entire data center?” Ms. Warrior said. “It is not about a single product. We will have a series of products that enable us to make that transition.”

Cisco could show off the first of its new systems as early as March. The company would not disclose the exact nature of the product, although people with knowledge of Cisco’s plans said it would sell a server bundled with networking hardware and virtualization software from both Cisco and VMware.

Rather than working as a general purpose system, the Cisco product will cater just to virtual applications. (Cisco owns close to 2 percent of VMware, a public company that is majority-owned by EMC, a maker of computer storage systems.)

Cisco’s diversification into the server market is fraught with risk. Cisco boasts gross profit margins of close to 65 percent, while companies selling basic servers tend toward gross margins closer to 25 percent on those products.

Ms. Warrior maintained that by bundling various hardware components with software, Cisco would earn higher profits than are typical for servers. But Wall Street remains skeptical.

“It will certainly be a challenge for Cisco to get the new products to the same margin levels as its current products,” an analyst with Signal Hill, Erik Suppiger, said.

At best, analysts estimate, Cisco could obtain 50 percent gross margins with the server product. Such a figure, combined with Cisco’s probable modest start in this new business, would not affect its bottom line in the near term. Eventually, however, Mr. Suppiger and others say the move could lower Cisco’s overall profitability and change how investors view the company.

Perhaps more significant over the long term is the alteration of Cisco’s relationship with its longtime allies.

Mr. Bracelin expects I.B.M. and H.P. to consider acquiring networking start-ups and begin developing products similar to Cisco’s forthcoming system. They are also likely to direct business to other networking companies, like Juniper Networks and Brocade.

However, Cisco may have little choice other than to invade its rivals’ turf. Its core business is slowing, and for the company to meet Wall Street’s demands for growth, it must look to new lines of business.

Besides, its competitors are eyeing Cisco’s lucrative networking business for themselves. When Carleton S. Fiorina was chief executive of H.P., she sat on Cisco’s board, and her executive team encouraged H.P.’s sales force to promote Cisco products ahead of H.P.’s own ProCurve networking gear.

Under H.P.’s chief executive, Mark Hurd, that strategy ended. H.P. has made ProCurve a crucial piece of its growth strategy, priding itself on undercutting Cisco’s prices. With gross margins of close to 50 percent, ProCurve stands as one of H.P.’s most profitable businesses, second only to printer ink.

I.B.M., meanwhile, has long had a strong relationship with Brocade around storage networking products, and I.B.M.’s labs are working on their own networking hardware projects.

H.P. and I.B.M. declined to comment for this article.

Cisco dismisses the suggestion that it is fomenting war with longtime partners. The company is merely adjusting to a change in technology, and the other companies will do so as well, according to Ms. Warrior.

Cisco already battles Microsoft, another longtime partner, in the market for collaboration software that helps workers communicate on projects. In addition, Cisco sees opportunities in the consumer realm, playing off the home networking products it acquired through the purchases of Linksys and the set-top box maker Scientific Atlanta.

With close to $27 billion in cash on hand, Cisco could buy its way deeper into the data center as well, perhaps through an acquisition of VMware or even all of EMC, analysts say.

“Everybody is trying to get to the same point in the future,” said James Staten, an analyst at the research firm Forrester. “It’s inevitable that as they all get larger, they start crossing over into each others’ territory more and more.”

Posted in General Hardware, Servers | No Comments »