General | WeLiveSecurity


Look Mom, I am on TV

Last Friday, a television report was aired on Canadian television, produced in collaboration with ESET.  The topic of the report was, of course, computer security and, specifically, zombie networks (botnets).  To show the viewers the dangers of poor security practice, we plugged a computer without security patches on the Internet and waited to see how

Snopes hoax

I don’t, in general, have much time for virus writers: not, at any rate, the guys who can’t keep their creations to themselves, and don’t care if they cause damage. They’re not all like that, of course: I’ve talked to virus writers who seem nice enough guys, and even to some who are almost as

The More Things Change…

…the more they remain the same. It’s sometimes too easy to forget that it’s not all about the technical analysis of malware. Often, it doesn’t matter how startlingly sophisticated or innovative malware is: if the social engineering hits the spot, and technical defences fail, as all too often they do, that’s enough. Depressingly, the engineering doesn’t have

To block or not to block

A government committee in the United Kingdom have  been debating whether to force providers (such as Microsoft) to include content filters in their software (that they already do to some degree is not something you’d expect a government body to understand). It seems that Microsoft have made the argument that adding filters would ‘send

A Little Light Reading

I’ve just found out that I have another book out. Well, a single chapter in a three volume set called The Handbook of Computer Networks. (The chapter is on E-Mail Threats and Vulnerabilities: thank you for asking.) “I’ve just found out…” probably sounds quite disingenuous. How could anyone not know they had a book published?

Happy Birthday CastleCops!

Sometimes it seems that we are fighting a battle that we are destined to lose. To some extent, win or lose depends upon your definition of the terms. We have never completely beat crime, but we still have victories against criminals… sometimes. Today it is a very great pleasure to wish a happy 6th anniversary

Storm in a D‑Cup

Bot-hunters were somewhat puzzled recently when a botnet called Mega-D suddenly started grabbing headlines as the successor to the Storm (or Nuwar) botnet. Though the Storm network does seem to have declined in overall numbers over recent months, reports of its demise still seem exaggerated, and no-one seemed quite sure what Mega-D was and where it

NDSS 2008

Last week our home town of San Diego was host to the Network and Distributed System Security Symposium held by the Internet Society. This conference represented a good opportunity for us to learn the latest research topics under investigation by the academic community. David Dagon and his team from GA Tech presented an interesting paper

Less Worms than Leeches

As you might guess, the New Scientist article on the Microsoft research “friendly worms” paper excited more annoyance than admiration, not only here but elsewhere in the research community. However, when a link to the actual paper turned up (thanks to Jimmy Kuo for pointing it out), it turned out be rather less dramatic. While it does refer to

Worms and Leeches

Every so often, an old wheel is reinvented. In the anti-malware game, an old favourite is what Dr. Fred Cohen used to call the “benevolent virus” or “maintenance” virus. Dr. Cohen’s early research and commentary remains the formal basis for much of the way we think about malware and anti-malware today. Several pages in “A Short

I AMTSO Happy to be here!

Well, I am happy to be here, but AMTSO stands for The Anti-Malware Testing Standards Organization. This is an initiative between Anti-Virus companies and anti-virus testers to improve the quality of testing performed on anti-virus products so as to provide consumers with meaningful tests. There have been so many bad tests performed, but “it’s on

The Anti‑Spyware Coalition Public Workshop

Back in December of 2006 I posted an entry titled “The Spirit of Cooperation” . Today I am attending the Anti-Spyware Coalition Public Workshop in Washington DC. It is a very satisfying feeling sitting with staunch allies in the fight against spyware, adware, and other threats. Who are these allies? You would probably call them

Ongoing Web Infection

Last week, we had reports of a number of web sites being hacked and used to distribute malicious software.  The web sites are spread through various countries including Brazil, Pakistan, the United Kingdom, France, and of course the United States.  At the moment, it is hard to tell how the servers were compromised.  All of

Are You Ready for Valentine’s Day?

Got the flowers ordered? Dinner plans? eCard? Wait, eCard? I didn’t send her an eCard. The bad guys are ready for Valentine ’s Day. Actually they are not waiting. The jerks that brought you the storm worm are back at the eCard scam with amorous incantations about an  eCard for you. As a rule of thumb,

Nuwar for Valentine’s Day

It shouldn’t be a surprise to anyone that the Nuwar gang has released a new version of their social engineering scam for Valentine’s Day; they are just a bit early. The gang has started again sending spam messages with subjects related to love.  The body of the e-mails contains a short message and a link

Nuwar Phishing

There was another twist today in the Nuwar story:  it is now being used to host phishing sites.  The gang behind this prolific malware has registered several  domain names similar those used by well-known banks such as Barclays and Halifax and is directing web requests for these misspelled domain names to computers infected with Nuwar. 

More Nuwar for the New Year

The gang behind the Nuwar threat (also called Storm Worm or Zhelatin) has been very active during the holidays.  They have been sending numerous waves of spam in an attempt to infect as many users as possible. The gang is taking advantage of the fact that a lot of researchers are taking some time off

Beware of Imposters

There seems to be a common belief that malware only lands on a computer through e-mails. This is far from being the case. Our ThreatSense statistics shows that a lot of Internet users fall for social engineering on web pages and are tricked into installing fake programs. As David Harley pointed out on his blog

New Nuwar for Christmas

At midnight GMT time, we started receiving reports of a new wave of Nuwar e-mails.  The e-mails contain the following text trying to convince a user into visiting a malicious website: This Christmas, we want to show you something you will really enjoy. This might not be fun for the whole family, but I bet


PLEEEEASE Infect me This is what Windows says when you install it. You see, there is a default setting called “autorun” that will automatically run a program when you insert a CD or DVD or thumb drive into your computer. The idea is that you put the media in there to run a program, so