Thursday, September 30, 2004

Vb 2004 conference officially started

Vb 2004 conference officially started Opening address

View full size image
Powered by Picostation
Moblog with PicoBlogger.

Saturday, September 25, 2004

Anti-Virus Conferences and Viruses (VB conference 2004)

I hope we don't get an outbreak next week as I will be travelling to the Virus Bulletin Conference in Chicago. You'll never know what is going to happen with the new JPG exploit and if a worm or virus (using this exploit) will spread ... it could be a big one this time!
We did see some outbreaks in the past during several anti-virus conferences as VB, EICAR and AVAR. Maybe virus writers think that all AV researchers don't have enough resources at conferences to prevent such outbreaks but that's definitely not the case!
BTW I'll try to keep you updated during the conference with some conference pictures.

JPeG Vulnerability Exploit

As I reported earlier, a vulnerability, which allows code execution, has been found in Microsoft's GDI+ JPEG decoder. Microsoft has posted detailed information on the vulnerability and affected systems in MS04-028.
A proof-of-concept exploit which executes code on the victim's computer when opening a JPG file has been posted to a public website.

Sunday, September 19, 2004

Sasser author hired by a German Security Company ...

Sven Jaschan, author of the Sasser and Netsky series of worms has a job at a SECURITY company now! He is working for SecurePoint which is developing security appliances (with AV protection filters from Trend Micro, AntiVir & Sophos). I'm sure most people have serious doubts about a security company hiring a virus writer - and for a reason. No doubt Securepoint will have to explain their decision over and over again. In my opinion I strongly suspect he will either stop working for that company or at least one of those AV developers will pull their support from the company's product development very shortly...
All ethical rules forbids AV companies to hire such people. This is 'THE' reason why I always explained to everyone in the past that there is a LARGE difference between a real 'Security' company and a real 'AV' company...

Thursday, September 16, 2004

Problems with JPG images

Microsoft has released its monthly batch of security updates and there's some that affect Office as well as Windows generally.
It is yet another buffer overrun problem where, in this case, a JPG image could be rigged to run malicious code on your computer. All you'd have to do is display such a JPG image on a vulnerable computer and the code would run - ouch.
To protect against this problem you have to make sure that Windows itself is updated AND Microsoft Office AND any other program that can display JPG images.
Microsoft's full bulletin is at
BTW some anti-virus products like McAfee and TrendMicro will detect this exploit.

Sunday, September 12, 2004

WavciLab inside

WavciLab inside One of the corners...

View full size image
Powered by Picostation
Moblog with PicoBlogger.

WavciLab outside

WavciLab outside Just a picture of my home...

Powered by Picostation
Powered by Picostation
Moblog with PicoBlogger.

Friday, September 10, 2004

New variants of MyDoom

Yesterday there were found 3 new Mydoom variants: MyDoom.U, V and W. All these variants are very similar to each other. All of them download and activate a backdoor called 'Surila'.
There is also a hidden text inside all these Mydoom variant files: "We searching 4 work in AV industry."
Please note that the antivirus industry does not hire virus writers! Not only is it deeply unethical to write malicious code, but it raises issues as to whether you could ever be trusted to develop the software which protects millions of users around the world from attack every day!

Wednesday, September 08, 2004

Testing the application

I'm just testing the Blog at this moment. :-)
This WeBlog is still in Beta until 17 September ...

Tuesday, September 07, 2004

The Beginning

Interesting ... Just started with this Blog. Let's see what we can do with it ...