Video Screencast Help
Security Response
Showing posts in English
Patrick Fitzgerald | 20 Oct 2006 07:00:00 GMT | 0 comments

Many of the new threats seen today aren’tadvancements in their own right; rather, they just take advantage ofadvancements in technology. For example, VBScript enables programs tobe written quickly, but also makes writing malware extremely easy.Remember VBS.LoveLetter, also known as the “I-Love-You” worm? This wasa mass-mailing worm that ultimately ended up causing millions ofdollars worth of damage because of crashed servers, not to mention thepunitive damages caused by files being overwritten. While VBScriptsgave administrators the ability to perform more robust tasks viascripting, developers need to be aware of the possible detrimentaleffects of these new technologies. For example, after VBS worms becamewidespread, Microsoft forced user consent before a script could harnessMicrosoft Outlook to send itself, thereby neutering that attack vector.

Another seemingly innocuous feature has been extremely useful tosome malware writers. The advent of NTFS brought with it the...

Sarah Gordon | 20 Oct 2006 07:00:00 GMT | 0 comments


It's been a week since I finished my VB talk (almost on time). WhileI didn't get to the part of the talk exploring computer games and fun videosand their relevance to teaching people about security (and computerskills in general, and life skills, too!), I did get some interestingfeedback from some of the delegates. The one thing I've heard mostconsistently is that the ideas my talk put forth apply to technicalpeople, as well as not-quite-so-technical people. My first reactionwas—“wow”. I was hoping it would eventually get around to this. Onepurpose of the paper was to initiate bridge building between differentmindsets. The fact that I was able to get this across in the firstsegment of this research is just, well, unexpected.

People seemed to really be...

Elia Florio | 19 Oct 2006 07:00:00 GMT | 0 comments

Since we last talked about Trojan.Linkoptimizer (a.k.a. Gromozon) and the Italian Spaghetti saga, there have been some significant developments. What we had originally dubbed "spaghetti threats" now look much more like multi-layered "lasagna threats". Several new features and improvements were integrated into the latest incarnation of this Trojan by the authors, who are probably getting paid well for all of their efforts.

How do users get infected with Linkoptimizer/Gromozon variants? We noticed that the complicated distribution scheme of Trojan.Linkoptimizer (shown in Figure 1) introduced a few significant changes, compared to the original scheme of the previous blog article. Here are the new things that we...

Candid Wueest | 19 Oct 2006 07:00:00 GMT | 0 comments

ost users that have a computer spend a vast amount of time on the Internet, be it for work-related business, or just out of curiosity. Spending so much time browsing the Web should make it obvious that people will try to optimize and improve the user experience of surfing the Web. For instance, the Mozilla Firefox browser allows the user to extend the browser's feature set with extension add-ons. If you want to control script execution on a more granular basis, then the “No Script” extension might be the right thing for you to have a look at. If you get annoyed by ads while surfing, you can give AdBlock a try. These are only two of the many examples out there. There are hundreds of different extensions freely available on the Internet. Even if your idea has not yet been integrated into an extension, then you can simply make one yourself (in a...

Orla Cox | 18 Oct 2006 07:00:00 GMT | 0 comments

Closely following McDonalds' trouble with infected MP3 players, Apple has now confirmed that a small number of Video iPods were shipped with malware onboard. According to an announcement on the Apple support site, Video iPods purchased after September 12th could potentially contain a copy of W32.Rajump. Like W32.Pasobir, the worm found on the McDonalds MP3 players, it too has the ability to copy itself to removable USB drives. Apple is recommending that users run an antivirus scan of their Video iPod before use.

Apple is quick to point...

Orla Cox | 17 Oct 2006 07:00:00 GMT | 0 comments

McDonalds' customers in Japan recently found themselves exposed to a worm infection when MP3 players, offered as a prize in a drink promotion, were found to contain a worm called W32.Pasobir. This isn't the first time we've seen hardware devices and media accidentally shipped with malware. One of the more famous incidents occurred back in 1998, when the W95.Marburg virus was accidentally shipped on some game CDs, including CDs offered free with gaming magazines. More recently (again, in Japan) hard drive manufacturer I-O Data accidentally shipped a number of hard disks containing a back door Trojan horse. In most circumstances the malware itself is old, in which case any up-to-date antivirus program should prevent infection. This...

Marc Fossi | 16 Oct 2006 07:00:00 GMT | 0 comments

As regular readers of this blog site willbe aware, I attended the Virus Bulletin 2006 conference in Montreal,Quebec last week. On my flight home to Calgary (aboard a major Canadiancarrier) they had something new for me. On the back of each seat therewas a touch-screen display for people to watch movies, television, andso on. Ok, so this may not be anything new (I probably just don’t getout enough) or all that interesting at first glance. However, a coupleof things relevant to computer security struck me about these screens.

Almost right after looking at the screen for the first time, my eyeswere drawn to a socket just to the left of it—a USB port. There weren’tany keyboards distributed during the flight, but I suspect the portsare there for a future video game option (when I tried selecting thisoption on the touch screen, I was greeted with a “This feature iscurrently unavailable” message). Now, there’s also a distinctpossibility that the operating system behind these...

Marc Fossi | 13 Oct 2006 07:00:00 GMT | 0 comments


Back in September, I summed up some of the malicious code and phishing trends from the latest edition of the Symantec Internet Security Threat Report. To sum up that summary, I said that we’re seeing a trend toward profit-driven attacks. Malicious code is being created with financial motivation and is used in conjunction with phishing attacks. Well, after two days of presentations at the Virus Bulletin 2006 conference, it seems that others agree with this conclusion.

From the keynote address by Mikko Hypponen of F-Secure, through to the presentation on phishing Trojan creation kits by Dmitri Alperovitch of Secure Computing, there...

Oliver Friedrichs | 12 Oct 2006 07:00:00 GMT | 0 comments

I have to say that it is not surprising to see that Microsoft is countering the claims (that Symantec, McAfee, and others are making) that Windows Vista will hinder innovation, while putting consumers at risk. In fact, I think that it is to be expected. Some of the arguments that are being put forth in their favor are rather uninformed, exceptionally broad, and disingenuous. They have been presented in such a way as to position security vendors as though we have for decades preyed on the weak and stolen from the poor and with the emergence of Windows Vista, freedom from this tyranny is in sight. The reality is, we offer a real service—protection from real threats that will otherwise result in real losses—and this is by no means a protection racket. In any case, it’s not my intent to try and dissuade that part of the population that really thinks this; but, I will try to offer some insight to those who would consider themselves technologists.

It is important to remember that...

Peter Ferrie | 12 Oct 2006 07:00:00 GMT | 0 comments

Some time ago, the author of W32.Gatt had posted a comment on his Web site that said he read my blog entry aboutthis particular virus. From there on in he assumes that we visit hispage often. In fact, we have no need for it—customers are doing thatfor us.

We receive samples almost as soon as they appear on any Web site,anywhere in the world, and we are notified about curious comments likethat one. To quote the virus author's entry: "Interpretation without acontext of information." Well, exactly. Interestingly, while the authorclaims that Symantec was wrong about why the source was not released,he does not tell us why the source wasn’t released. It must be quitesensitive, maybe even better than my reason, but until we know, I'llstick with my reason.