archives
February 2009

Phish Phlags

Here’s a phish one of ESET’s partners drew our attention to: it’s aimed at users of Maybank (http://www.maybank2u.com), the largest financial services group in Malaysia. The scam is somewhat more elaborate than many we see, and it’s worth a little analysis to see what flags we can extract from it for spotting a phisher at work From: Maybank

EXcel EXploits

Our guys in Bratislava have issued a press release about one of the latest examples of the current wave of Excel exploits, which we detect as X97M/TrojanDropper.Agent.NAI. When the malicious Excel document is opened, it drops the backdoor Trojan we call Win32/Agent.NVV, which allows a remote attacker to get access to and some control over the

TomTom to Get Bit by Microsoft Again

I read this morning that Microsoft is going to sue the GPS maker TomTom for patent infringement. You might recall that TomTom sold a GPS with malware already installed on it. It wouldn’t have been much of a problem if it wasn’t for Microsoft technology. It is Microsoft’s security nightmare called “autorun” that made having

Phishing the Web

A new advisory from the Anti-Phishing Working Group (APWG) offers advice to website owners on what actions to take when notified that their site or server has been compromised for use by phishers. At 18 pages, it’s a substantial high-level document, including: Some web site phishing attack and response scenarios Identifying an attack Reporting a

TinyURL: the Tiny Terror

The Register today ran a story about the phishing attack spread by the Google Talk instant messaging system, which uses TinyURL to conceal the real name of the link. John Leyden’s story (quoting Graham Cluley at some length) makes several good points about reducing your exposure to the threat, and Graham’s blog makes some more.

419 Frauds: They Just Keep Coming…

A memo to Middle- East Asia Promotion. Thank you for letting me know that I’ve won $720,000.00 in a promotion sponsored by Dell and the Emirates Foundation. Four days running: nothing suspicious about that, nor the fact that my wife has apparently won the same amount in the same promotion every day for the past

False Positive Fracas

False positives. Every anti-malware vendor’s worst nightmare. The European publisher Heise, apparently recently reinvented as The H, has pointed out that both GData and Bitdefender were inaccurately flagging winlogon.exe as Trojan.Generic.1423603. In case you were wondering, this doesn’t mean the whole anti-malware industry has gone mad: GData’s product uses two engines, one of which is 

More Acrobatics

For the geekier among us wanting or needing to know more about the Adobe vulnerability that Randy and I both blogged on yesterday, here are a few resources: More from Shadowserver at http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090221 As we’ve said previously, disabling JavaScript, while it doesn’t address the underlying vulnerability, stops known exploits from working properly. There are rules

Facing Down Facebook

An IT/business magazine called Information Age, apparently aimed at executives with interest and responsibilities in IT, hit my letterbox this morning. That’s an actual magazine with real paper pages: remember those? Seeing as it’s Saturday, I took it back to bed with me to look through while I had the first coffee of the day, and

Securing the Perimeter

I recently had the fantastic opportunity to participate on a panel discussion concerning cyber security. The event was hosted by the Bellevue Chamber of Commerce and coordinated by the US Chamber of Commerce and the Department of Homeland Security. Last year the Bush administration launched the Comprehensive National Cyber security Initiative or CNCI. Although focused

The Least Agile Acrobat

Adobe Acrobat has a history of tripping over security and they do so, in part, because Adobe seems to be determined to prove that they cannot be forced to learn from history, Adobe has spent years trying to repeat the mistakes of Microsoft Office’s early macro fiasco by including JavaScript in Adobe Reader and then

Anti-Antimalware: Faking It, Not Really Making It

Update: a quick tip of the hat to Steven, who sent us a URL for a somewhat related blog about problematic premium text services. Speaking of the 2008 report, here’s another extract, this time about fake antimalware. "We expect to see increasing volume and sophistication in criminal attempts to extort money from end users in

The Perils of PDF

Security issues with PDFs are nothing new, as a skim through past Adobe security bulletins and advisories indicates. (This isn’t a criticisim of Adobe: it’s inevitable that security issues will surface from time to time in sophisticated, function-rich software, and Adobe are clearly aware of the need to address the problems as they arise.) In

A Little Extra Information

I recently started writing weekly tech tips for the San Diego Chamber of Commerce. If you are interested in these tips you can find them at http://www.sdchamber-members.org/TechTip.htm. Past tips are archived there as well. Randy Abrams Director of Technical Education

Fast Flux Report: Situation Normal, All Fluxed Up

ICANN’s Fast Flux Working Group recently announced an Initial Report. In fact, it also offered a 20 day window for submitting comments on the report, but I missed that, as I was travelling and didn’t read that particular email. Perhaps you did better, in which case you probably won’t be much interested in this blog.

MS09-002 Exploits: Old Dogs, New Tricks?

A few days ago, I promised (threatened) to make some general points about biasing test results, but travel and other obligations have been getting in the way. I’ll get back to that very shortly, but in the meantime, I want to look at an issue with the latest round of Microsoft patches that I was

All’s Fair in Love and Marketing?

I don’t regard myself as being particularly naive: I know as well as you do that having an excellent product is not enough on its own. You usually have to market it properly as well: otherwise, it sinks because no-one is buying it, so no-one is making a living. I know, too, that this industry is not

The Oldest Un-Patched Microsoft Vulnerability

It is the longest standing un-patched Microsoft vulnerability I know of, and Microsoft calls it a “feature”. Microsoft calls it “autorun”, I call it “auto-infect”.  The idea of autorun is to attempt to make it so that a person can use a computer with a minimum amount of knowledge. This emphasis away from education is

Bill Gates shares his fortune – not

As the Win32/Waledac nuisance continues to escalate, it’s good to know that there are some certainties in a changing world. One, unfortunately, is that people will continue to fall for hoaxes and chain letters. Much to my surprise, one of my mailboxes has just been visited by an old friend, a hoax that has been

That Wasn’t Your Sweetheart

Pierre Marc just posted about “Win32/Waledac for Valentine’s Day”. The fake greeting cards are an ongoing scam. As Pierre Marc indicated, this one is using polymorphism, which is a fancy way to say the malicious software disguises itself to look different each time someone encounters it. This is done to break signature based detection, which

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
27 Feb 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.