Tuesday, May 31, 2005

A Terrorist Trojan called PGPcoder?

It looks like not only terrorists and kidnappers can take hostages, but trojans too. A trojan called Gpcode (also known as PGPCoder) encrypts user's files with certain extensions and then asks for a ransom to "fee" (decrypt) them. This trojan got some media attention during past 2 weeks. According to media reports the authorities are investigating the case.
Luckily the trojan had a very simple encryption algorithm, so some AV companies were able to create a decryptor for the encrypted files (see www.f-secure.com) . You can find more info also at http://vil.nai.com/vil/content/v_133901.htm
Please note that this is NOT the first time we see some trojan like this. I hope everybody remembers the Aids Info Disk/PC Cyborg Trojan in 1989 where the writer also asked a ransom to decrypt ... seems that everybody especially the media has forgotten this one .. I haven't, as this was my first real Trojan I got in my hands. I started to work with viruses after this incident. Have a look at my press page ... http://www.anti-malware.info/press.htm and go to 'Eddy on television' to view my first interview concerning this.

Monday, May 23, 2005

Paris by night

... With Francois Paget (AVERT McAfee) ...The Eiffel Tower

View the file information

Visiting McAfee France

Restaurant Au Vieux Paris d' Arcole with my friend Francois Paget (AVERT McAfee)

View the file information

Visiting McAfee France

Visiting McAfee France Paris La Defense...

View the file information

Monday, May 16, 2005

Sober.q active now ...

In the meantime Sober.q or whatever you name it ... has become active, instead of sending copies it's sending spam messages now. This is quite the opposite from the message the Sober author included in his latest creation. These spam messages link to right winged articles. So in a way we're seeing the same story as with Sober.g again. Sober.g downloaded Sober.h, Sober.h in turn also sent out spam.

Saturday, May 14, 2005

Microsoft nearly ready to offer Anti-Virus for home users.

Microsoft is readying a new consumer security product that offers virus and spyware protection, a new firewall and several tune-up tools for Windows PCs, a move that pits the software giant squarely against traditional security software vendors. The product, dubbed Windows OneCare, will be tested internally at Microsoft starting this week. A public test, or beta, version is scheduled to be available by year's end, Microsoft said in a statement this week. The final product will be offered as a subscription service, the Redmond, Washington, software maker says. OneCare marks Microsoft's long-anticipated entry into the antivirus space, until now the domain of specialized vendors such as Symantec, McAfee, and Trend Micro. Microsoft announced its intent to offer antivirus products two years ago when it bought Romanian antivirus software developer GeCAD Software SRL. But OneCare will do more than guard against viruses and worms. The product also will include spyware protection and a new firewall that scans incoming and outgoing traffic. The firewall already included in Windows scans only incoming traffic. Microsoft acquired anti-spyware technology late last year from Giant Company Software. A beta of a stand-alone anti-spyware product has been available since January. That technology will be part of OneCare, company representatives say. Additionally, OneCare will offer improved backup and restore capabilities and easy access to PC maintenance tools already in Windows for file repair, hard drive clean up, and hard drive defragmentation, Microsoft says.
OneCare is targeted at consumers, not businesses. Microsoft is especially looking to target the 70 percent of consumer PC users who don't have protection because current offerings are too complex or take too much time to manage. OneCare includes a PC "health meter" similar to the Windows Security Center in Windows XP Service Pack 2. The health meter will display green, yellow, or red to indicate the state of the PC and OneCare will help users take action, if needed.

Sunday, May 08, 2005

Back home ...

The EICAR conference was a success. Over 100 participants, good papers and a wonderful venue. The only strange thing was the outbreak of Sober.P during the conference, the third in one row.. coincidence ? .. If we know more I'll let you know... let's see next year or let's have a look to the other upcoming conferences this year. We got some press coverage of the complete conference at our press page http://www.anti-malware.info/press.htm . If you understand Maltese you can even follow the piece we've got in the News of Malta PBS TV. Next year the conference venue will be possibly Germany.

Wednesday, May 04, 2005

After the conference

After the conference The Temple of Hagar Qim(3500 BC) and I...

View the file information

Eicar 2005

Eicar 2005 The closing panel session (stageview)

View the file information

Monday, May 02, 2005

Outbreak during Eicar conference

Outbreak during Eicar conference For the third time during the conference we got an outbreak, this time a small one called Sober.P ... I predicted this ... Read my Blog

Eicar 2005 picture...

Eicar 2005 picture... Lunchtime

View the file information

Eicar 2005 in the press

Eicar 2005 in the press Speech by Hon. Austin Gatt, Min. for IT...Afterwards I was interviewed by a local TV station PBS ... more later!

View the file information

Eicar 2005

Eicar 2005 Meet the expert reception with David Perry from Trendmicro

View the file information

Sunday, May 01, 2005

Eicar 2005 exploded

Eicar 2005 exploded Just before the real start...

View the file information

Eicar 2005 in the picture.

Eicar 2005 in the picture. The food...

View the file information