Archives - February 2008

The More Things Change…

…the more they remain the same. It’s sometimes too easy to forget that it’s not all about the technical analysis of malware. Often, it doesn’t matter how startlingly sophisticated or innovative malware is: if the social engineering hits the spot, and technical defences fail, as all too often they do, that’s enough. Depressingly, the engineering doesn’t have

To block or not to block

A government committee in the United Kingdom have  been debating whether to force providers (such as Microsoft) to include content filters in their software (that they already do to some degree is not something you’d expect a government body to understand). It seems that Microsoft have made the argument that adding filters would ‘send

A Little Light Reading

I’ve just found out that I have another book out. Well, a single chapter in a three volume set called The Handbook of Computer Networks. (The chapter is on E-Mail Threats and Vulnerabilities: thank you for asking.) “I’ve just found out…” probably sounds quite disingenuous. How could anyone not know they had a book published?

Happy Birthday CastleCops!

Sometimes it seems that we are fighting a battle that we are destined to lose. To some extent, win or lose depends upon your definition of the terms. We have never completely beat crime, but we still have victories against criminals… sometimes. Today it is a very great pleasure to wish a happy 6th anniversary

Storm in a D‑Cup

Bot-hunters were somewhat puzzled recently when a botnet called Mega-D suddenly started grabbing headlines as the successor to the Storm (or Nuwar) botnet. Though the Storm network does seem to have declined in overall numbers over recent months, reports of its demise still seem exaggerated, and no-one seemed quite sure what Mega-D was and where it

NDSS 2008

Last week our home town of San Diego was host to the Network and Distributed System Security Symposium held by the Internet Society. This conference represented a good opportunity for us to learn the latest research topics under investigation by the academic community. David Dagon and his team from GA Tech presented an interesting paper

Less Worms than Leeches

As you might guess, the New Scientist article on the Microsoft research “friendly worms” paper excited more annoyance than admiration, not only here but elsewhere in the research community. However, when a link to the actual paper turned up (thanks to Jimmy Kuo for pointing it out), it turned out be rather less dramatic. While it does refer to

Worms and Leeches

Every so often, an old wheel is reinvented. In the anti-malware game, an old favourite is what Dr. Fred Cohen used to call the “benevolent virus” or “maintenance” virus. Dr. Cohen’s early research and commentary remains the formal basis for much of the way we think about malware and anti-malware today. Several pages in “A Short

I AMTSO Happy to be here!

Well, I am happy to be here, but AMTSO stands for The Anti-Malware Testing Standards Organization. This is an initiative between Anti-Virus companies and anti-virus testers to improve the quality of testing performed on anti-virus products so as to provide consumers with meaningful tests. There have been so many bad tests performed, but “it’s on