One of my all time favorite quotes is by “"Those who cannot remember the past are condemned to repeat it." George Santayana said this in The Life of Reason or The Phases of Human Progress: Reason in Common Sense 284 (2nd ed., Charles Scribner’s Sons, New York, New York 1924 (originally published 1905 Charles Scribner’s
The swine flu “pandemic” that has been in the news is being exploited by swine… the bad guys. These creeps are after your pearls… your cash, your computer. You name it and every scam attack we have seen so far will pretty much incorporate “Swine Flu”. Legitimate news information does not come from unsolicited emails.
Ever since Adobe’s recent updates to Acrobat and Reader, I’ve been irritated by the fact that every time I open a PDF, I’m prompted to re-enable JavaScript, which I disabled while we were all waiting patiently for those patches to the last round of vulnerabilities. “This document contains JavaScripts. Do you want to enable JavaScripts
In a comment to a previous post, Finjan have confirmed that Win32/Hexzone.AP is just one of the malicious programs downloaded to machines infected by the unnamed bot behind the 1.9 million PC botnet they reported: it isn’t the bot itself. While I think we’d pretty much established that (especially after some very useful input from Atif
Firstly, here’s a little extra information from our lab in Slovakia. They report that the variants they have analyzed use a custom packer that makes multiple calls to the graphical user interface API (Application Programming Interface, presumably in order to fool emulators and analysts into thinking they are dealing with a standard application. The Hexzone family
Some more information on the Hexzone botnet has come my way, mostly from FireEye’s Atif Mushtaq and Paul Ferguson’s hairdresser (don’t ask!). Atif also mentions the association with ransomware: the malware is installed as a Browser Helper Object (BHO) on the victim’s machine, and hijacks browsing sessions, taking the victim to a page hosting pornography.
There is some chatter about a news item that has been released by Finjan in a blog post this morning. The news has been picked up by Computer Weekly and USA Today. The un-named bot involved in this story is detected by ESET as Win32/Hexzone.AP. It is a typical Trojan that reports to a command
I haven’t commented on the recent flurry of interest in the Mac botnet issue, having already mentioned it a few weeks ago here. It’s not as though anyone has shown much interest in the technical aspects, such as the interesting use of the Authorization Services APIs to trick the victim into authorizing installation. Just one of
Some of you may have recently read of researchers discovering a botnet that is using Mac computers. Are you surprised? Well, perhaps if you drink the Apple flavored Kool-Aid you are, but if you understand operating systems at all then this is really not at all surprising. Operating systems are designed to run programs. A
Well, Mikeyy may not be the only security problem Twitter has right now, but the Hoodied Bore does seem to be doing an excellent job of exhausting everyone’s patience, including that of The Register’s John Leyden, who described him as “increasingly annoying”. It appears that Mr. Mooney did take responsibility for at least the first
Some of you may have noticed that I’ve been uncharacteristically quiet the past few days. That’s because I really needed to do catch up with other things. Sad though I am to have missed the opportunity to jeer at Mikeyy the Worm and his new employer (though I may come back to them shortly, just
I’m guessing that you’ve probably heard about the worm attacks on Twitter over the Easter weekend. Even I did, and I was doing my best to take some time out from work, with rather more success than usual. According to one Michael – sorry, Mikeyy – Mooney, a bored 17-year-old, he was responsible for the
Larry Seltzer, one of the better commentators on malware issues, has picked up on the disparity between ESET’s naming of the latest variant and Symantec’s – they call it W32.Downadup.E. Richard Adhikari (who also seems to pretty clueful) also picked up on the naming issue when we exchanged emails a few days ago. This issue
So now for a little more tech detail on Win32/Conficker.AQ (kindly supplied by Juraj Malcho at our labs in Europe – however, if I get anything wrong, that will almost certainly be down to my faulty interpretation!) The new variant has two main components. The server component is an .EXE that infects vulnerable PC’s in
If you just got here looking for my blog on Conficker and “blended hoaxes”, I’m afraid I just pulled it (temporarily at least) in the light of new data that’s come in since last night: I don’t want to mislead anyone, as it seems that the new Conficker stuff is a lot more active and
Well, hopefully my power sockets are not leaking computer viruses and keyloggers, but who knows? Quite a few news outlets have picked up on a story in the Wall Street Journal claiming that spies from China and Russia have “penetrated the U.S. electrical grid”. Scary… A little too scary and not enough detail to convince some
Talking of the C-worm (“Will no-one rid me of this troublesome malware?”) I mentioned in a blog from a couple of days ago that Jose Nazario supplied some useful information on an issue I was checking into. The issue concerned reports from a Russian news site of Distributed Denial of Service attacks on Russian sites:
If it was the intention of the Conficker gang to create a huge splash, they succeeded. (In fact, it’s quite possible that they’ve attracted more attention than they really wanted.) In any case, it seems that lots of people are looking nervously over their shoulders for any indication that something unpleasant and Conficker-related is about
The Register’s John Leyden has harsh words to say today about problems with security software: “Once, running Windows anti-virus was like driving down a dual carriageway. These days, it’s more like an unpaved road.” Well, I can understand his viewpoint, though given the sheer volume of security products these days, I’m not sure a small
I remember the days when the major anti-virus companies (back when they called themselves that) actually included links to the informational sections of competitive web sites (especially the threat encyclopaedias). Sadly, that doesn’t seem to be the world we live in any more. Still, we’re always pleased when someone we know comments here, even competitors, and
