Sunday, September 12, 2010

Eddy Willems' Blog is moving to www.anti-malware.info

Hi followers and readers,

Please note that this blog is moving from today 12 September 2010 to another part of my website which you can find at http://www.anti-malware.info .

You can subscribe to the feed at http://www.anti-malware.info/feed/ .

Please update your feeds and links please.
I will use the new blog space from now on.

Kind Regards,
Eddy Willems

Thursday, August 26, 2010

Could the DLL-hijacking problem be underestimated?

This is a small copy of the official G Data Blog
Find the full and official version at www.gdatasoftware.com

Last week, HD Moore released details about a serious DLL problem under Windows. HD Moore is known as developer of the Metasploit application.

After a week, Microsoft released more information, discussing bad practices in DLL loading that could lead to remote exploitation, which is the main source of this problem. They have recently released tools which can help mitigating the risk. But the real and possibly best solution is for developers to patch their applications to follow best practices.

There is little that can be done by those of us in the security community, or Microsoft for that matter, as many applications are designed to take advantage of this flaw and it could take many weeks or months for application developers to release better designed programs and encourage users to update to these new versions. Some of the programs will be updated automatically, some of them won't. The patches Microsoft is offering do work, but it could make several programs unusable and prevent them from backward compatibility.

As the DLL-hijacking incident has continued to evolve, the scope of the problem has expanded rapidly. Microsoft acknowledged the DLL-hijacking problem on Monday, saying that the problem is a serious one and that the company is still investigating which applications are vulnerable. During the last days, various applications were identified to be susceptible to the problem, with PowerPoint 2010 and Chrome being among the more popular ones so far. The list of exploits of over 33 applications can be found on the Internet and is still growing.

We recommend you to follow Microsoft's guidance and to use a security or anti-virus solution. However, the problem itself may not be underestimated, as it could be heavily misused by cybercriminals in the future. There are already unconfirmed reports about targeted attacks using this technique in several places.

In addition to Microsoft’s published mitigating factors, G Data advises all users to enable the display of file name extensions in your Windows OS to make .dll files identifiable immediately. Microsoft provides manuals for Windows Vista and Windows 7 for this.

Monday, July 19, 2010

The Microsoft LNK / USB worm / rootkit 'issue' will kill WIN XP SP2 and WIN2000 earlier...

Just recently, reports were released about a new kind of malware propagating through removable drives. The said malware exploits a newly-discovered vulnerability in shortcut files, which allows random code to be executed on the user’s system. Microsoft has officially acknowledged the vulnerability and released a security advisory.

The malware some of the AV industry detects as Win32/Stuxnet, unfortunately, is a worm (and rootkit) of a slightly different colour. It can propagate making use of a 0-day vulnerability described here and also listed by CVE as CVE-2010-2568.
The biggest problem is that Windows (specifically, the Windows Shell) can be tricked into executing malicious code presented in a specially-crafted shortcut (.LNK) file linking, in turn, to a malicious DLL (Dynamic Link Library).

The problem is in the way that Windows Shell fails to parse the shortcut correctly when it loads the icon, it isn’t necessary to click the icon for the malicious code to be executed! The code will be executed without any action on the part of the user once that folder is opened to access whatever legitimate files are on the device.

Note also that USB devices are not the only potential vector: network shares and webDAV shares can also be used to distribute malicious .LNKs. Affected platforms (essentially all current Windows versions) are listed in the advisory: it’s likely that there won’t be a patch for XP SP2 or Windows 2000, which have reached the end of their support life.

Microsoft suggest three temporary solutions at this moment:

* disabling Autorun (always a good idea, but not much help in this instance)

* restricting user rights (adherence to the principle of least privilege, i.e. not giving users more privileges than they need)

* blocking SMB connections on the perimeter firewall to reduce the risk from file shares

Microsoft also suggests two workarounds, and describes how to effect them:

* disable the display of shortcuts

* disable the WebClient service

The real problem:

Take it from me: In the long end this lnk problem will kill MS Win2000 and MS Windows XP SP2 earlier as expected as this OS'ses will have no support or critical update anymore except if MS decides to make an exception, however I doubt it!
Also the number of Windows XP SP2 users is still very high... and do you really think that they care or are aware of their 'not' supported OS. Most of them don't even know that they are using Windows XP, 'they use Windows'.

PS: This was my first post after a long time. The reason is that I'm moving my sites and started to refurbish my website. So please, stay tuned ...

Saturday, April 24, 2010

This blog has moved


This blog is now located at http://eddywillems.blogspot.com/.
You will be automatically redirected in 30 seconds or you may click here.

For feed subscribers, please update your feed subscriptions to
http://eddywillems.blogspot.com/feeds/posts/default.

Tuesday, February 23, 2010

G Data SecurityLabs expands team with Security Evangelist Eddy Willems

The English and French version of the press release ...

G Data SecurityLabs expands team with Security Evangelist Eddy Willems
Bochum, 19. February 2010

G Data today announces they have a new team member: Security Evangelist Eddy Willems. He will divide his time between the G Data SecurityLabs in Bochum (Germany) and the Benelux team.
The Belgian Willems has been active in the field of IT security for over two decades. In that period, he has worked for influential institutes, such as EICAR, of which he is a co-founder and the director of press and information, several CERT associations, and the organization behind the Wildlist as well as for commercial companies, such as NOXS and Kaspersky Labs Benelux.

In his position of Security Evangelist at G Data, Eddy Willems will form the link between technical complexity and the user. He is responsible for a clear communication of G Data’s SecurityLabs towards the security community, press, distributors, resellers and end users. This means, amongst other things, organizing trainings about products, malware and security, speaking at conferences and consulting associations and companies about security.

Eddy Willems says: “G Data is a professional and dynamic company with high standards. The focus is on a range of top products in which a perfect result and simplicity go hand in hand. This, in my opinion is an exception in the security world, but it is –especially considering the recent explosion of threats- a necessity, now more than ever before. My goal is to, in collaboration with my colleagues, put G Data on the map internationally by representing G Data in numerous national and international security organizations, events and conferences.”

Dirk Hochstrate, Director of G Data: “Eddy Willems is the best expansion of our team we could ever hope for. He has an immense experience in IT security and is a well known persona in the industry. He excels at translating complicated technical terminology into everyday language. We look forward to working with him.”


French version ...

Eddy Willems, Security Evangelist, rejoint G Data Software

Paris, le 22 février 2010 - Eddy Willems, Security Evangelist sera en charge de la communication technique du G Data SecurityLabs et assurera la représentation de l’éditeur de sécurité dans les évènements internationaux.

Eddy Willems, de nationalité belge travaille dans le domaine de la sécurité depuis plus de 20 ans. Durant cette période, il a collaboré avec des instituts influents, tels que l'EICAR, dont il est le cofondateur et le directeur de l'information et de la communication, ou différentes associations CERT. Il a aussi travaillé dans des entités commerciales, telles que NOXS ou Kaspersky Labs Benelux.

En tant que Security Evangelist, Eddy Willems sait mettre à la portée de tous les utilisateurs des technologies de sécurité complexes. Il sera l’interprète des informations du G Data SecurityLabs pour la communauté, la presse, les distributeurs, les revendeurs et les utilisateurs
finaux. Cela se réalisera notamment par l’organisation de formations (produits, problématique de sécurité, etc.) mais aussi par sa participation à des conférences. Il pourra aussi agir en qualité de consultant pour des associations ou des sociétés
privées sur des sujets relatifs à la sécurité.

Eddy Willems : « G Data est une compagnie professionnelle et dynamique avec un niveau d’exigence technique élevé. Sa force repose sur une gamme de produits performants dans lesquels l’efficacité et la simplicité d’utilisation vont de pair. Pour cela, G Data est une exception dans le monde de sécurité, mais c’est aujourd’hui une nécessité, surtout si l’on considère l'explosion des menaces depuis ces dernières années. Mon but est de pousser G Data sur la scène internationale en représentant la société dans de nombreux organismes de sécurité nationaux et internationaux, d’événements et de conférences. »

Dirk Hochstrate, membre du directoire de G Data Software AG : « Eddy Willems est la meilleure recrue que nous puissions espérer pour notre équipe. Il a une immense expérience dans la sécurité et est très connu dans l'industrie. Il excelle dans la traduction de terminologie technique compliquée en langage simple. C’est avec un grand plaisir que nous allons
travailler ensemble. »

Tuesday, February 16, 2010

A new job, a new episode in my life and my new employer G Data Software.

This is the official 'Dutch' press release ... The English International version will follow shortly.

G Data Benelux breidt team uit met Security Evangelist Eddy Willems

Amsterdam, 16 februari 2010 – Vanaf vandaag heeft G Data er een nieuw teamlid bij: de Security Evangelist Eddy Willems. Hij zal zijn tijd verdelen over het Benelux-team en het G Data SecurityLab in Bochum, Duitsland.

Willems is al twee decennia actief op het gebied van IT security. In die tijd heeft hij gewerkt voor invloedrijke instituten, zoals EICAR, waarvan hij mede-oprichter en directeur pers en informatie is, verschillende CERT-instellingen en de organisatie achter de Wildlist, als ook bij commerciële ondernemingen, zoals NOXS en Kaspersky Labs Benelux.

Bij G Data zal Eddy Willems als Security Evangelist de link vormen tussen de technische complexiteit van IT security en de gebruiker. Hij is verantwoordelijk voor een heldere communicatie van het G Data SecurityLab naar de security community, pers, distributeurs, resellers en eindgebruikers. In de praktijk komt dit onder andere neer op het organiseren van trainingen over de producten, malware en veiligheid, het spreken op conferenties en het adviseren van instellingen en bedrijven over IT security.

Eddy Willems zegt: “G Data is een professioneel en dynamisch bedrijf met hoge standaarden waar men zich focust op een range van topproducten waarbij perfect resultaat en eenvoudigheid hand in hand gaan. Dat is wat mij betreft een uitzondering in de security-wereld en dit is iets wat we -gezien de recente explosie van bedreigingen- meer dan ooit nodig zullen hebben. Mijn doel is om, samen met mijn collega's, te bouwen aan de zichtbaarheid van het bedrijf in de Benelux en in de hele wereld door G Data te vertegenwoordigen in allerlei nationale en internationale security-organisaties, bij events en op conferenties.”

Jan Van Haver, Country Manager Benelux van G Data: “Eddy Willems is een goede aanwinst voor G Data. Hij heeft een indrukwekkende staat van dienst en weet als geen ander ingewikkelde technische materie te vertalen naar gewone mensentaal. Bovendien heeft hij een goed gevoel voor humor. Ik kijk dus erg uit naar onze samenwerking”.


Over G Data
G Data Software AG is een security-specialist van Duitse origine. G Data ontwikkelde haar eerste antivirus-programma al in 1987 en was daarmee een pionier in Europa. Kwaliteit is een prioriteit voor de onderneming. Als resultaat hiervan heeft G Data in de afgelopen vijf jaar meer testoverwinningen in Europa behaald dan welke andere aanbieder ook. Tot de overwinningen behoort de titel ‘Beste Pakket’, die zowel de Nederlandse Consumentenbond als het Belgische Test Aankoop al drie jaar op rij aan G Data InternetSecurity hebben toegekend.

G Data biedt oplossingen voor consumenten en voor kleine, middelgrote en grote ondernemingen. Het bedrijf is opgericht in 1985 en heeft wereldwijd ongeveer 250 medewerkers. Het hoofdkantoor is gevestigd in Bochum (Duitsland). Meer informatie is te vinden op www.gdatasoftware.com .

Wednesday, February 10, 2010

Blog Blog Blog ....

It's time to blog again. I will come up with more blogs and events very soon. Sorry readers for the empty weeks in the past. Just keep your eyes on this place.