Wednesday, November 28, 2007

A special day?

Was it a special day today? Maybe yes, maybe no, future will tell ...
Sounds this a little bit strange to you? Well, why not?
Stay tuned and some day I will tell you what I did today and what
it will or could have as consequences ...

Monday, November 19, 2007

Back from Russia, Rostov ...

What a journey, what a land, I think I should write a book about it. Several interesting things happened during my stay in Rostov. I will just show you some pictures ... At the evening reception I was bombed by hundreds of questions from about 50 people in the Russian language. You can find some of them at this picture.
Iriska, a student from a Rostov University, helped me with the translations during the informal happenings and stayed at my side during my adventural Saturday and Sunday. I even wrote a new VB magazine article during my stay. Ssssttt, there are maybe things you are not yet allowed to know ...

Thursday, November 15, 2007

My CIO IT Summit South-Russia in Rostov-on-don.

I'm in Rostov at this moment for a keynote speech about the malware problems. Yesterday, I've met Joanna Rutkowska, founder from the Invisible Things Lab and known for her controversial and theoretical 'undetectable' rootkit named the 'Blue Pill'. She is also speaking at this conference. Together with Vera Semyonova from Fort Russ (the organisers) and some other Russian friends we went out for diner to a typical region 'Cosack' restaurant. If you are in front of the picture you can find from left to right: Joanna, me, Vera and the Russian friends.
At least we agreed on one point: All OS's should be made more securer. ;-)
Tomorrow will be a busy day for me as I will present my speech and will have as well a panel session together with Alexander Kornbrust from Oracle.

Sunday, November 11, 2007

RBN down ... and no e-Jihad, of course!

Oh yes, I did forgot to mention 2 interesting messages in my last post ..

The infamous Russian Business Network (RBN) dropped out of the Internet several days ago. Since then, IP addresses of RBN can no longer be reached because there is no routing for them any longer. It could be that the upstream providers who provided RBN with Internet connectivity may have terminated their services to their problematic customer temporarily or (hopefully) even permanently.
The Russian Business Network is notorious for hosting lots of malware and Web browser exploits. These threats have been injected into thousands of legitimate Web sites. Customers of RBN abuse the latest exploits for their nefarious purposes. The most recent example is a security issue in Adobe’s Acrobat Reader that was fixed only a few weeks ago.
The RBN has been described as "the baddest of the bad". It offers web hosting services and internet access to all kinds of criminal and immoral activities, with individual activies earning up to $150m in one year. Businesses that take active stands against such attacks are sometimes targetted by denial of service attacks originating in the RBN network. RBN sells its services to these operations for $600 per month. The business is difficult to trace. It is not a registered company, and its domains are registered to anonymous addresses. Its owners are known only by nicknames. It does not advertise, and trades only in untraceable electronic transactions.
Maintenance? A switch to Asia? Just wait and watch, the future will tell.

Today is 11th of 11th and there's supposed to be an "electronic jihad attack" today.
Well, so far I haven't seen any activity. Earlier this week you could download a DDoS tool called E-Jihad30.exe from al-jinan.net (down now). Today's attack rumours circle around this tool, of which we have a description and screenshots available over here. This tool creates a botnet using a server at jo-uf.net - a domain registered to Iraq. However, a lot of AV companies has been monitoring this server all day and it's IP address continues to point to 127.0.0.1. So at least regarding this botnet, nothing's gonna happen of course ... The website variables are in English. Extremists/Islamic Jihadists tend not to speak English. These guys have some understanding of English – indicating they might not be the stereotypical terrorist. And also, the webserver had 'frontpage' extentions – this again just seems out of place for cyber war. ;-)

Spam, Mac OS X and getting ready for Russia!

At last P-Magazine published an interview with me, but it was a faulty version. I asked 3 times to change the definition for Spim and Smishing unfortunately without result! So spim is spam for instant messaging ans smishing is phishing via sms.
Nevertheless the rest of the article is quite good! You can have a second read at my press page.

Looks like the Mac Trojan (OSX/DNSChanger) was not an isolated incident. The gang behind it seems serious about targeting Mac users as well as Windows users. And they keep putting out slightly modified versions of the trojan for the Mac too... I'm pretty sure and I predicted this already several years ago and also at the beginning of this year in the Belgian IT magazine DataNews that Mac users would be targeted heavier in the future as a result of the popular OS.

This week will be my Russian week (see my Blog last week) .. at least if everything goes well and if I will get my flight tickets which is not the case yet. Let's hope that I can blog from over there.

Another MySpace hack...

Alicia Keys' myspace page was hacked several times, with a background image linking out to co8vd.cn.
You can find more at http://www.vitalsecurity.org/2007/11/myspace-band-hacks-continue_05.html and also at
http://explabs.blogspot.com/2007/11/ok-now-this-is-pretty-funny.html
The original hack was an href image reference to co8vd.cn/s/ and while that's now out of the html, there's now an href image reference to acilot.cn/s/ ...

Sunday, November 04, 2007

My South Russian CIO Summit keynote speech.

Yes, it's official now, at least.. if I got my VISA in time.
I will give a keynote speech and will be also included in a panel session at the South Russia CIO IT Summit in Rostov-On-Don, 15 and 16 November.
I will be doing this for NOXS (A Westcon Group Company) however I also will represent EICAR there as well.
During the talk I will look into the evolution of malware and will discuss the new threats which are appearing every day. I'm giving also an overview of several general and new independent solutions which could stop all the problematic upcoming threats. A look into the malware and security future will end the speech.

You can find more at
http://www.rostov.cio-summit.ru/?page=program&language=eng

Part of the description is in English and readable... ;-)