I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet. On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was
[Update: I notice that at about the same time that I posted this, Sophos also flagged a blog reporting a somewhat similar fake update for Microsoft Outlook/Outlook Express (KB910721). The message is a lot different and links to a different site pretending to be Microsoft’s update site, but is clearly not to be trusted. So the
ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET’s ThreatSense.Net™ cloud. You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site. While the report identifies a number
Modern cars are designed with crumple zones. These crumple zones help to decrease the risk of death in a severe car accident. Modern cars also have airbags. The airbags reduce your risk of death or injury in the case of an accident. If you don’t use a seatbelt your airbag and crumple zone are unlikely
We’ve just added my paper “The Game of the Name: Malware Naming, Shape Shifters and Sympathetic Magic” to the White Papers page. This paper follows up on “A Dose By Any Other Name“, which Pierre-Marc and I presented at Virus Bulletin last year and goes some way towards explaining (I hope…) why sample glut and proactive
There is an interesting and humorous work of fiction at http://www.appleinsider.com/articles/09/09/07/inside_mac_os_x_snow_leopard_malware_protection.html. Humorous as long as you don’t believe it! The article starts out saying “Safari, like other modern browsers, already flags certain websites that are known to be used to distribute malicious software”. That’s a nice layer of defense, but there are sites many sites
Mac security firm Intego blogged about Apple’s decision to include an antimalware component in Mac OS X 10.6 "Snow Leopard" and we agree that it is a good step, security-wise, to provide some basic protection against malware. Apple has long mocked Microsoft, up to and including this 2006 advertisement which implied there were no viruses
We’ve had reassuring responses from Slideshare about the recent problem with a malicious slide deck and the company’s timely removal of the malicious account. You can find these in the comments to the previous blogs on the subject, but as many people who saw the original blog won’t necessarily go back to check on comments,
You probably aren’t looking for trouble, but there’s a good chance you’ll find it when you search the internet. An article in Information Week http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=218700239&cid=RSSfeed_IWK_All it was reported that the bad guys are trying to make sure their bad web pages come up when you search common terms on the internet. In this case the
We know that spam works: well, it works well enough for spammers to keep devoting time and money into pumping sewage into the arteries of the internet. The interesting question is why does it work? The Messaging Anti-Abuse Working Group (MAAWG), a global coalition of network operators and messaging providers who do some vital work
The news broke a short time ago that pop star Michael Jackson died of a heart attack. It is all too predictable that the bad guys will use this news event to spam out fake videos or links to alleged pictures in order to trick users into installing their malicious software. If you receive an
As Valentine’s Day is approaching the criminals behind Win32/Waledac have increased their activity. The Valentine campaign started some time ago but the interesting part is only starting for us. The Waledac botnet has been using fast flux for some time now. This means that the IP addresses of the websites used to distribute this malware
You may have noticed that I’ve been making a lot of references to this over the past few weeks. You can now download it here. Quite a few people have worked pretty hard to make this project happen, and I’d like to thank them now. I hope some of you will find it interesting and
The top ten (twenty, twenty-five…) season doesn’t seem to have finished yet: the latest to cross my radar was something like seven ways of surviving the recession, which I’m sure is of interest to all of us, but not really in scope for this blog. So here’s a snippet from our 2008 Global Threat Report,
You might have noticed that Conficker (Downadup) is actually standing up rather well to all the attention it’s receiving at the moment. Heise UK reported that 2.5 million PCs are already infected (links removed, as Heise no longer seems to have a UK site and the articles have disappeared). In The Register, Dan Goodin reports that the
CNN reported that there a new sleeper virus out there. http://www.cnn.com/2009/TECH/ptech/01/16/virus.downadup/index.html There is nothing sleepy about the Conficker worm, it is wide awake and looking for people who are asleep at the security wheel. CNN reports that Conficker could allow hackers to steal personal and financial data, and they also report that it “it is
One of the security best practices is to back up your data regularly. This is sound advice as it helps mitigate the damages from many different threats. Lots of people think of data loss when they think of viruses, but very few viruses actually tried to cause data loss. There have been a few that
There are different techniques that can be used by a program to identify in which country it has been installed. It can check for time zone information, public IP addresses or even domain names. Lately, we have seen two different malware families trying to discover their geographic location in an effort to avoid infecting PCs
This is bizarre, if slightly nostalgic. I spent a lot of time in the first half of this decade writing and presenting on problems with email filters that assumed that if the “From” field of an email header says that the sender was me@thenameofmysite.com (apologies to thenameofmysite.com if it actually exists, but I don’t think
And finally… Don’t use cracked/pirated software! These are easy avenues for introducing malware into, or exploiting weaknesses in, a system. This also includes the illegal P2P (peer-to-peer) distribution of copyrighted audio and video files: some of these are counterfeited or modified so that they can be used directly in the malware distribution process. Even if
