Since the discovery of Stuxnet several years ago, there has been a parade of targeted malware that may have been created or sponsored by nation states. Does an average person or business really need to worry about these things?
…and nor are we responsible for fake AV/scareware and (more recently) ransomware, though I did suggest in a paper I presented at EICAR a couple of years ago that the bad guys who do peddle that stuff are all too proficient at stealing our clothes, and that maybe some security companies were making it easier
I've stopped maintaining Stuxnet resource pages recently, but occasionally I come across an article that adds something useful to the mix, or simply summarizes aspects of the Stuxnet story neatly and accurately. Besides, its authors must be feeling a little left out with all that fuss about TDL4. ;-) A recent report in Wired gives
After quite a few months of trying to raise public awareness of the problem of fake support cold-calling both here [and elsewhere, it's good to see other vendors also starting to publicize the issue. I've previously cited an article by Symantec's Orla Cox that describes one exchange of civilities with one of the scammers, and
All this is potentially frightening and inconvenient (or worse) for a home user. And if it happens in a corporate environment, it can be very, very expensive to remedy. So while some of the public comments we see in the wake of such incidents may seem over the top, “FP rage” is certainly understandable.
I originally posted this on the AVIEN blog site at http://avien.net/blog/?p=286, but in view of the increasing volume of "Y2.10k" date-related bug reports, I'll re-post it here with an updated list. (Thanks to Mikko Hypponen for posting a couple of links I hadn't seen.) Windows Mobile/SMS bug (Welcome to 2016!) http://www.theregister.co.uk/2010/01/05/windows_mobe_bug/ http://www.wmexperts.com/y2016-sms-bug Bank Bugs: http://www.theregister.co.uk/2010/01/04/bank_queensland/ http://www.msnbc.msn.com/id/34706092/ns/technology_and_science-security/?ocid=twitter]
We came across an interesting test report at http://www.passmark.com/ftp/antivirus_10-performance-testing-ed2.pdf. Symantec commissioned a comparative performance test from Passmark. That is, a test measuring performance in terms of speed and resource usage rather than looking at detection rates. Not surprisingly, Symantec came out very well overall, and deserves congratulations for demonstrating how far it's gone in addressing
It won’t come as a surprise to regular readers of this blog that there’s a lot of fake/rogue anti-malware about. (see http://www.eset.com/threat-center/blog/category/fake-anti-malware-fake-software). However, a report released at RSA Europe goes some way towards quantifying that threat, and has created something of a stir in the media. That’s to be expected: journalists tend to love facts and figures. Anti-malware
Someone raised an interesting point in a comment to yesterday’s blog about Symantec’s own PIFTS.EXE being flagged by their own firewall as a possible problem. Let me quote the comment in full. I by no means buy into the super root-kit routine, I do however think that there will be copy cats (if not already)
PSST! Anyone remember the Telephone party game, also known by various politically incorrect names like Chinese Whispers and Russian Scandal? A series of reports like this and this illustrate a textbook example of how rumour and misunderstanding (some of it probably wilful) can transform a story into something very different to its original form. According
It appears there are interesting developments in the Conficker/Downadup development front. Peter Coogan of Symantec describes here a variant that doesn’t appear to be interested in infecting new machines, rather more so in updating and protecting itself on systems already infected with previous variants. (And, yes, ESET’s ThreatSense technology does already detect it heuristically!) It seems to have