Saturday, February 26, 2005

UK government launches virus alert site.

The United Kingdom has developed a virus alert service aimed at home and small business computer users. The free service, called ITsafe (IT Security Awareness for Everyone), will be run by the National Infrastructure Security Co-ordination Centre, and will offer alerts as well as advice on protecting personal data. Hmm, unbelievable isn't it.. we got this already in Belgium since May 2000! Look at www.bipt.be . I'm one of their anti-virus advisors.

Monday, February 21, 2005

Paris Hilton email viruses?

The W32/Sober-K worm or I variant (depending on the AV vendor), which is spreading in the wild, bulk mails itself using a variety of different subject lines including "Paris Hilton, pure!" and "Paris Hilton SexVideos". It can send itself in either German or English language, depending on whether it believes the recipient's email address to be owned by a German or English speaker.
The W32/Ahker-C worm sends itself using the subject line "Paris Hilton...download it!" and an attached file called "ParisXXX.zip". The worm attempts to disable anti-virus and firewall software running on the computer, and blocks access to a number of websites, potentially opening up the PC to further attack by hackers and malware. The strange thing is that the worms are discovered on the same day that it was reported that hackers have broken into Miss Hilton's mobile phone address book, and published the private telephone numbers for celebrities such as Anna Kournikova, Lindsay Lohan and Vin Diesel. Coincidence?

Thursday, February 17, 2005

Another Mydoom going Medium!

Another new Mydoom is going around. We haven't received many reports about this yet.
The names for this one are Email-Worm.Win32.Mydoom.m, W32/Mydoom.bb@MM, W32/MyDoom-O, W32.Mydoom.AX@mm, Mydoom.AU, WORM_MYDOOM.BB. Nice isn't it!!!
This variant installs a spammer proxy trojan. It downloads it from www.aoprojecteden.org. This site is being misused by the virus writers without the site owners permission.

Sunday, February 13, 2005

Eddy on VTM and 4FM news.

Yesterday, I was interviewed for VTM news at 13 h (12 Feb 2005) concerning possible rising problems with mobile phone and car computer viruses. I was also on the radio news at 13h (11 feb 2005) on 4fm-belga news concerning this matter. You will find full coverage of these at our 'press' page on our site at http://www.anti-malware.info/press.htm at the end of next week.

MS Anti-Spyware attacked and some exploit ...

From my telex ...
Critical Microsoft PNG security hole exploited by malicious code----Malicious exploit code has been published on the internet, taking advantage of a critical security hole in Microsoft's Windows Media Player and MSN Messenger software. The code, that exploits a security vulnerability associated with PNG image files, was only protected against in a patch issued by Microsoft on 8 February.
First Trojan horse to target Microsoft AntiSpyware discovered----Anti-virus experts have discovered the first piece of malware to attack Microsoft's new anti-spyware product, currently still in beta.

Tuesday, February 08, 2005

Teaching writing Spyware at the Univ. Of Calgary (CA)

Teaching to write spyware? If you want, this could make you ecstatic.
The University of Calgary is about to introduce another controversial computer science course. Students will be taught how write programs that create e-mail spam as well as spy software. It will be similar to an existing course where students learn how to create computer viruses. The aim is to develop new ways to fight these online nuisances."The idea is for the students to learn how these things propagate, how they are created, how they interact with the system and that sort of thing," says John Aycock, who teaches the viruses course."Then we turn around and say, OK, here are these things you've created; now we write the anti-software and figure out how to fight against them."Aycock says he plans to add a similar course on spyware and spam in the fall, even though some in the computer industry don't like his approach. He says some companies have said they're not going to hire his graduates because they don't like the perception of having someone on board who has written viruses. Aycock acknowledges there is a potential for viruses and other malicious software to spread outside the classroom. He says that's why there are precautions, such as security cameras and a ban on all outside electronic equipment in the classroom. Each student signs a legal form that says a breach of the security means an automatic "F" and a potential criminal investigation. So some of his students will actually retain the knowledge they gain in the classroom. How long before some of the more 'ethically challenged' students put their new-found knowledge to use to the detriment of us all?

Microsoft buys Sybari Software ...

Microsoft Corp. today announced that it has signed definitive agreements to acquire Sybari Software Inc., a leading provider of security products. Microsoft will use this acquisition to further provide its enterprise customers with new solutions to help protect them from malicious software. Microsoft, please ... it's not always 'buying' you have to do, please close the gaps and make your software more secure by creating a more secure OS. But indeed ... definitely again another move to watch our for! I'm looking at it as a spectator of a chess game... if you know what I mean. And oh yes ... what happens with traditionally non-MS platforms (AIX, Linux, Sun, Lotus Notes)? Likely to be abandonded?

Friday, February 04, 2005

13 Microsoft Patches!?

Next Tuesday is Microsoft Patch Day, and according to Microsoft's advance warning program, Microsoft will be releasing 13 fixes to plug yet more holes in Microsoft products. These fixes will include three that Microsoft mark as 'Critical' so you know your doomed.
Nine of the fixes will affect the base Windows platform, the remainder will fix bugs in SharePoint Services, Microsoft Office, the .Net Framework, Visual Studio, Windows Media Player, and MSN Messenger. It's getting more and more unbelievable how buggy this OS is... but still ... I love it.

Bropia worm hyped?


The Bropia worm has been making lots of news lately. But I didn't get too many real reports about it. However, it is out there. I just got two samples of it.
Since this worm spreads over MSN Instant Messenger, it can spread fairly fast in an environment where MSN chat is used. Do note this is not an automatic network worm; it still needs the recipients to accept the incoming file and run it.
The worm will display an image of a sexy grilled chicken on infected computers. ;-)