archives
March 2009

Conficker: the rest is probably not silence

So, nothing happened? Well, yes. Our labs, who’ve been monitoring carefully, note that Conficker changed communication protocols, just as the code said it would. No doubt in the fullness of time, the botnet will start doing what botnets do: it would be bizarre to put this much effort into a project and then not try

April (1st) in Paris (London, Tokyo…)

…as I write, it’s past midnight here in the UK. In some parts of the world it’s already been April 1st for nearly 14 hours. I have yet to hear any reports of melted PCs, disappearing internets, or institutions DDoS-ed into insolvency by Conficker. I’ve just received email from a colleague in Sydney, where it’s business as

Conficker Launches Cyber Attack Against Big Ben

In an apparent effort to cause British commuters to miss their trains, Chinese hackers have ordered the Conficker.C botnet to randomly change the time on the venerable and vulnerable Big Ben. This has caused millions of Londoners to be late for work this morning. Hey, this is no more ridiculous than trying to protect against

Watch out for the Honda Accords

Why watch out for the Honda Accords?  Well, automobile accidents are one of the leading causes of injury and death and Accords are very common cars. This sounds pretty silly, doesn’t it? I mean, wouldn’t it make sense to drive like any car is a potential threat and drive as best as you can to

Catching Conficker – a New Development

I can already hear a chorus of "Not ANOTHER Conficker blog?", but some of you will want to know about this development. The Honeynet Project has announced a new scanning tool for detecting Conficker, which gives network and system administrators a very handy extra tool for detecting Conficker activity on their networks. Furthermore, the tool

More Bull in a China Shop?

I thought I’d blogged myself to a standstill over the weekend, but it seems there’s plenty of life left in the Tibet/China story, even if it’s only the East and the West exchanging accusations. A China Daily headline claims that "Analysts dismiss ‘cyber spy’ claims", though in fact the quotes in the article talk about exaggeration

Ask ESET

I have an email address, askeset@eset.com that I use to field general security questions. I can’t use this for support questions, or licensing questions though. We have trained support people who do product support full time and these people have the most up to the minute information required to support our products. For general security

Conficker, Y2K, and Apocalypse Now

Around the end of the last decade, when I was working for a research organization in the UK, I used to write a monthly column on security for an in-house newspaper, and was rapped over the knuckles for telling this little story. I’ve probably changed the detail since then: I don’t keep everything I’ve written

Chinese Whispers: Targeted Malware and E-Espionage

I’ve mentioned here before that targeted malware, often delivered by "spear phishing" carried by apparently "harmless" documents such as PDFs, .DOCs and spreadsheets rather than overt programs, can have much more impact than the raw numbers of such attacks suggest. In fact, some sources now use the term "whaling" rather than "spear phishing" to reflect the

Conficker Removal (Update)

[Update: it seems that people who missed the whole MS-DOS/having fun with the C> prompt and batchfiles thing are still struggling with the fact that vendors are releasing cleaning tools that are really command-line tools, so some step-by-step notes are added below.] I’m sure you’re almost as bored with this issue as I am with the

Parliament of Foul Play

This wouldn’t normally be the place to discuss the ongoing decline of the fortunes of the British Government, but there have been several IT-security-related stories coming out of the Mother of Parliaments worth a closer look. Back on March 10th, The Register reported that MP (Member of Parliament) Alun Michael had reported to the police that he

Phishing Victims

Responding to a request for information about phishing and malware distribution mechanisms this morning, I happened upon a link on the Anti-Phishing Working Group site to the Silver Tail blog  The site has been running a series of blogs on "Online Fraud from the Victim’s Perspective". Author Laura Mather tells the story of two victims,

Conficker: Before the Flood (April Showers)

I don’t, of course, know for sure what’s going to happen on April 1st, when Conficker is timed, potentially, to go to its next stage of evolution. We do know, from inspecting code in the variants and subvariants that have come our way, that infected machines will be looking for instructions and updates on that date. At the very least,

Xrupter – Scareware meets Ransomware

There are quite a few reports currently about particularly ugly development son the fake AV front. The Register’s John Leyden has referred to a "double dipping" attack, in which the notorious Antivirus 2009 is implicated in an attack that goes beyond offering useless rogue anti-malware to inflicting actual damage on user data files, in order to force the victim

Foil Conficker Get Rid of AutoRun

OK, this doesn’t actually foil Conficker, but it does block one of the attack vectors and prevents many other threats from automatically infecting your computer too, It is the longest standing un-patched Microsoft vulnerability and Microsoft calls it a “feature”. The idea of autorun is to attempt to make it so that a person can

Adobe Reader & Acrobat: Updates on Updates

Well, I’ve still had no information about updates to address the recent Acrobat vulnerability/exploits to either of the addresses I subscribed to Adobe’s Security Notification Service. However, the RSS feed here does work. Which is how I know that Acrobat Reader 9.1 and 8.1.4 for Unix were released yesterday, right on time. As expected, these address the

Don’t Be An April Fool!

The highly publicized Conficker worm has a new version that is assumed to trigger on April 1st. There are a few steps you should take right now. First, back up any important data. This is just plain sound advice, regardless of viruses, worms, etc. A hard drive crash can destroy data. Make sure that the

Mac Hack Easy PC

I just picked up a comment made today on a post Randy made about the comparative security of Macs and PCs. Since the original post goes back to 2006, it seems a pity to bury the comment on a page most people won’t get to. In fact, since the comment reproduces an article in PC

BBC television – have they got the picture yet?

The BBC published a self-justification of sorts over the Click fiasco on Friday 13th March: when I came upon it the following morning, I posted a comment there, pointing out Mark Perrow had addressed the issues this industry hadn’t complained about, and ignored the issues that we were concerned about. My comment is number 14,

Rogue Security Software: Traffic Converter taken down

As we’ve mentioned here before, fake antimalware problems are a serious problem, both to the real security industry and to our customers. So it’s good to hear of action being taken against some of miscreants involved: more specifically, the takedown of the resurrected Traffic Converter site, a major player in the distribution of this particular form

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic
31 Mar 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.