Video Screencast Help
Security Response
Showing posts in English
Josh Harriman | 23 Oct 2006 07:00:00 GMT | 0 comments

Privacy is a big concern when surfing the Internet. One major application has attempted to make Internet activities somewhat anonymous. “Tor” is an anonymous Internet communication system that allows users to surf the Web, send email, and use IM; all the while attempting to avoid network surveillance, traffic analysis, and state security. Tor users’ IP addresses (a computer’s basic identity) and exact locations are kept secret as the users read important stories on the Web, send their grandmother an email, or chat with their new best friend.

Unfortunately, Tor also opens up other avenues of attack and one must be aware of the risk, in return for the benefit of being partly anonymous. The way Tor works is that packets sent from your computer actually go to someone else’s computer, then to someone else’s computer, and so on. Eventually, your data reaches what is known as an...

Patrick Fitzgerald | 20 Oct 2006 07:00:00 GMT | 0 comments

Many of the new threats seen today aren’t advancements in their own right; rather, they just take advantage of advancements in technology. For example, VBScript enables programs to be written quickly, but also makes writing malware extremely easy. Remember VBS.LoveLetter, also known as the “I-Love-You” worm? This was a mass-mailing worm that ultimately ended up causing millions of dollars worth of damage because of crashed servers, not to mention the punitive damages caused by files being overwritten. While VBScripts gave administrators the ability to perform more robust tasks via scripting, developers need to be aware of the possible detrimental effects of these new technologies. For example, after VBS worms became widespread, Microsoft forced user consent before a script could harness Microsoft Outlook to send itself, thereby neutering that attack vector.

Another seemingly innocuous feature has been extremely useful to some malware writers. The advent of NTFS brought...

Patrick Fitzgerald | 20 Oct 2006 07:00:00 GMT | 0 comments

Many of the new threats seen today aren’tadvancements in their own right; rather, they just take advantage ofadvancements in technology. For example, VBScript enables programs tobe written quickly, but also makes writing malware extremely easy.Remember VBS.LoveLetter, also known as the “I-Love-You” worm? This wasa mass-mailing worm that ultimately ended up causing millions ofdollars worth of damage because of crashed servers, not to mention thepunitive damages caused by files being overwritten. While VBScriptsgave administrators the ability to perform more robust tasks viascripting, developers need to be aware of the possible detrimentaleffects of these new technologies. For example, after VBS worms becamewidespread, Microsoft forced user consent before a script could harnessMicrosoft Outlook to send itself, thereby neutering that attack vector.

Another seemingly innocuous feature has been extremely useful tosome malware writers. The advent of NTFS brought with it the...

Sarah Gordon | 20 Oct 2006 07:00:00 GMT | 0 comments

VB-Oct06_small.jpg

It's been a week since I finished my VB talk (almost on time). WhileI didn't get to the part of the talk exploring computer games and fun videosand their relevance to teaching people about security (and computerskills in general, and life skills, too!), I did get some interestingfeedback from some of the delegates. The one thing I've heard mostconsistently is that the ideas my talk put forth apply to technicalpeople, as well as not-quite-so-technical people. My first reactionwas—“wow”. I was hoping it would eventually get around to this. Onepurpose of the paper was to initiate bridge building between differentmindsets. The fact that I was able to get this across in the firstsegment of this research is just, well, unexpected.

People seemed to really be...

Elia Florio | 19 Oct 2006 07:00:00 GMT | 0 comments

Since we last talked about Trojan.Linkoptimizer (a.k.a. Gromozon) and the Italian Spaghetti saga, there have been some significant developments. What we had originally dubbed "spaghetti threats" now look much more like multi-layered "lasagna threats". Several new features and improvements were integrated into the latest incarnation of this Trojan by the authors, who are probably getting paid well for all of their efforts.

How do users get infected with Linkoptimizer/Gromozon variants? We noticed that the complicated distribution scheme of Trojan.Linkoptimizer (shown in Figure 1) introduced a few significant changes, compared to the original scheme of the previous blog article. Here are the new things that we...

Candid Wueest | 19 Oct 2006 07:00:00 GMT | 0 comments

ost users that have a computer spend a vast amount of time on the Internet, be it for work-related business, or just out of curiosity. Spending so much time browsing the Web should make it obvious that people will try to optimize and improve the user experience of surfing the Web. For instance, the Mozilla Firefox browser allows the user to extend the browser's feature set with extension add-ons. If you want to control script execution on a more granular basis, then the “No Script” extension might be the right thing for you to have a look at. If you get annoyed by ads while surfing, you can give AdBlock a try. These are only two of the many examples out there. There are hundreds of different extensions freely available on the Internet. Even if your idea has not yet been integrated into an extension, then you can simply make one yourself (in a...

Orla Cox | 18 Oct 2006 07:00:00 GMT | 0 comments

Closely following McDonalds' trouble with infected MP3 players, Apple has now confirmed that a small number of Video iPods were shipped with malware onboard. According to an announcement on the Apple support site, Video iPods purchased after September 12th could potentially contain a copy of W32.Rajump. Like W32.Pasobir, the worm found on the McDonalds MP3 players, it too has the ability to copy itself to removable USB drives. Apple is recommending that users run an antivirus scan of their Video iPod before use.

Apple is quick to point...

Orla Cox | 17 Oct 2006 07:00:00 GMT | 0 comments

McDonalds' customers in Japan recently found themselves exposed to a worm infection when MP3 players, offered as a prize in a drink promotion, were found to contain a worm called W32.Pasobir. This isn't the first time we've seen hardware devices and media accidentally shipped with malware. One of the more famous incidents occurred back in 1998, when the W95.Marburg virus was accidentally shipped on some game CDs, including CDs offered free with gaming magazines. More recently (again, in Japan) hard drive manufacturer I-O Data accidentally shipped a number of hard disks containing a back door Trojan horse. In most circumstances the malware itself is old, in which case any up-to-date antivirus program should prevent infection. This...

Marc Fossi | 16 Oct 2006 07:00:00 GMT | 0 comments

As regular readers of this blog site willbe aware, I attended the Virus Bulletin 2006 conference in Montreal,Quebec last week. On my flight home to Calgary (aboard a major Canadiancarrier) they had something new for me. On the back of each seat therewas a touch-screen display for people to watch movies, television, andso on. Ok, so this may not be anything new (I probably just don’t getout enough) or all that interesting at first glance. However, a coupleof things relevant to computer security struck me about these screens.

Almost right after looking at the screen for the first time, my eyeswere drawn to a socket just to the left of it—a USB port. There weren’tany keyboards distributed during the flight, but I suspect the portsare there for a future video game option (when I tried selecting thisoption on the touch screen, I was greeted with a “This feature iscurrently unavailable” message). Now, there’s also a distinctpossibility that the operating system behind these...

Marc Fossi | 13 Oct 2006 07:00:00 GMT | 0 comments

VB-Oct06_small.jpg

Back in September, I summed up some of the malicious code and phishing trends from the latest edition of the Symantec Internet Security Threat Report. To sum up that summary, I said that we’re seeing a trend toward profit-driven attacks. Malicious code is being created with financial motivation and is used in conjunction with phishing attacks. Well, after two days of presentations at the Virus Bulletin 2006 conference, it seems that others agree with this conclusion.

From the keynote address by Mikko Hypponen of F-Secure, through to the presentation on phishing Trojan creation kits by Dmitri Alperovitch of Secure Computing, there...