Tuesday, November 23, 2004

Spyware and Belgium

I'm just being interviewed by VRT RADIO 1 concerning the status and the problems about Spyware in Belgium. I will put the interview on the press page next week. The situation is that bad that nobody really knows what Spyware is. Everybody seems to continue installing programs with Spyware and don't know that some confidential info could be send out to the Spyware makers. Please read always the disclaimer text which comes with all programs ...
and use of course anti-spyware programs... BTW the interview was in 'De Wandelgangen' at 17:50 pm.

Friday, November 19, 2004

Medium alert: Sober i or j

Again a medium alert for another variant of Sober ... some call them variant i, some j. I got several samples but the spread in Belgium is not so high as aspected.

Tuesday, November 16, 2004

Eddy Willems quoted in Dag Allemaal and DiskIdee

It seems to be that I'm quoted two times today. One article from the Belgian magazine 'Dag Allemaal' is looking into 'CyberFraude' this week. I will publish a copy next week on the press pages. The other article is published on the website from 'DiskIdee' and goes about the not-yet existence of the JPEG-virus. You can read it at this link: http://www.diskidee.be/software/nieuws/?id=5464 .

Friday, November 12, 2004

WAVCi reachable via new domains.

For the people who haven't noticed yet: Our main website www.wavci.com is also reachable via www.anti-virus.be , www.anti-malware.be , www.malware.be and www.anti-malware.info

Thursday, November 11, 2004

Nigerian student wants a job ...

By publishing possible new 'MS exploits' to some researchers ... look to my previous posts about that ... however after analysing we find that this guy has no idea what an exploit is. Basically, what he describes are different methods of using Office (viaActiveX) to search files, modify the registry and execute macros. These are known methods (some taken from existing viruses), and has nothing to do with exploiting Office.
Sorry guy, it seems that you still have a lot of study to do... and please use it in a good way!
The question still remains open: Was this 'scam' ...

Weblog moved to www.anti-malware.info !


And a test with a cartoon from myself ... :-)

Tuesday, November 09, 2004

Another viruswriter gets a job ??!!!

A former virus writer has secured a job developing anti-virus software. Benny, one-time member of the 29A virus writing group, has begun work as the main developer of Zoner Anti-Virus (ZAV), according to an entry on his home page.
Zoner Anti-Virus is developed by Zoner Software, a small company based in Brno in the Czech Republic. All anti-virus firms refuse to employ virus writers because it’s bad for public relations and because it is also completely unethical. In general, the industry wants to distance itself from malware authors and to discourage the idea that writing viruses is a path into a lucrative career in computer security. There's also the concern that potential customers will be put off from buying security software written by someone who once created malicious code. I wanted to put these points to Zoner Software but no-one qualified to comment was available at the time of writing. Zoner Software definitily don't know how important this ethical thing is inside the anti-virus industry. This is again something unbelievable happening. It reminds me on something I've said some years ago: "Some people really don't know anymore what good and bad is when it comes to computer related aspects! We must teach our children at much earlier age proper internet and computer behaviour , otherwhise we will loose the battle." You can find more in my VB article published in august 2004: The end of CyberCrime? I hope you know what I mean.

New Mydoom variants ag and ah spreading...

Only ah seems to be in the wild, ag however is using a zero day exploit...
Like other Mydoom variants, this virus harvests email addresses from the local system, creates addresses by combining common names carried within the virus body with harvested domain names, and spams those addresses with email messages. It also avoids addresses containing specific letters or words. Unlike earlier variants, the infectious messages do not contain an attachment, but rather a hyperlink directing people to an infected machine. Following the hyperlink results in an infection occurring on the target victim's system, if they are running a vulnerable Microsoft Internet Explorer web browser.
Through a buffer overflow, the virus downloads and executes the main virus component. This component injects itself into the EXPLORER.EXE process and creates six threads to carry out various tasks. Even if the main executable file is terminated and deleted, these threads in EXPLORER.EXE must be suspended/terminated in order for propagation to stop.

Sunday, November 07, 2004

Who wrote Sobig ...?

Someone sent me again a very interesting document last week.
It's a study about who wrote the Sobig worm which went around the world last year. The study is done by anonymous authors.
The study concludes that author of this worm is a Russian programmer and goes out all the way to name him. Be careful, It could be also a campaign to make someone look bad!
Anyway, this file has now been posted to everybody here .
I'm definitely not the only one who has received this, also F-secure seems to have received this last week...

Nigerian student found new MS exploits

Last week a Nigerian student sent me details about over 30 new exploits within Ms Windows and Office. Together with some other experts we are looking into his descriptions to found out if they are really new and problematic.