Wednesday, June 29, 2005

Sasser author trial ready to start ...

The alleged author of the Sasser worm Sven Jaschan will have his day in court starting on the 5th July. The 19 year old student will have his first day in court in the city of Verden, Germany where he will face charges of computer sabotage, data manipulation and disruption of public systems. Jaschan was indicted last September for allegedly creating the Sasser worm that was released in April 2004. Sasser exploited a vulnerability within the Windows Local Security Authority Subsystem Service, or LSASS to compromise vulnerable Windows systems on the Internet. As the worm did not require interaction with users to spread, it spread quickly to hundreds of thousands of Windows systems across the Internet. The vulnerability Sasser exploited was detailed in the Microsoft advisory MS04–011 which had been released earlier in April 2004. Jaschan is from Waffensen in Germany and was arrested in May 2004 after Microsoft received a tip from someone seeking a reward offered by Microsoft. German authorities said that Jaschan had confessed to creating and releasing Sasser and also a number of variants of the Netsky virus. If convicted of the charges Jaschan could face up to five years in prison.

Thursday, June 16, 2005

UK Critical Infrastructure and Business Trojan Attacks

Britains NISCC has issued "Breaking News" and is "warning that vital computer networks are at risk of attack." "The attackers’ aim appears to be covert gathering and transmitting of commercially or economically valuable information." "To learn more see the NISCC briefing Targeted Trojan Email Attacks"

Interesting but in my opinion not 'breaking news' ...

Wednesday, June 15, 2005

Cabir's first birthday!

Today, Cabir celebrates its first birthday. One year ago, 29a sent a sample of their latest creation to AV vendors worldwide via Virusbuster, a Spanish virus collector. It turned out to be a worm that targeted mobile phones running under the Symbian 60 OS with Bluetooth capabilities. The source code for the original Cabir appeared on the Net in late December 2004, which led to a number of copycat variants appearing in the wild. Cabir infections have been registered in over 30 countries to date. In addition, there are now close to 100 malicious programs targeting mobile phones, most of which are Trojans. This highlights two important aspects: operating systems for mobile devices are very insecure thus far, and users need to realize that mobile devices are vulnerable to the same type of attacks as regular PCs.
Just today NOKIA downplayed the danger from mobile viruses, maintaining that it does not consider them a major threat. The denial comes in the wake of a report published last week by analyst firm Gartner identifying the threat from mobile viruses as one of the greatest security myths, and claiming that mobile antivirus software would be ineffective.
Experience has shown that malware authors target systems that are commonly used. Ownership of mobile devices hasn't yet reached critical mass; but when it does, they will prove an irresistible target! That's my opinion about it!

Monday, June 13, 2005

A Michael Jackson Trojan? So What?

Oh, I really hate this. Everybody talking about a spam campaign that claims that Michael Jackson has attempted suicide in an attempt to lure innocent computer users into being infected by a Trojan horse. Experts have analysed the code downloaded by clicking on the link, and determined that it itself attempts to download another Trojan horse which is detected as Troj/Borobt-Gen. People this is really NOTHING to worry about! Just one AV company warned for this and nearly everybody started talking about it! Even one of our largest Belgium ISP's got it on their internet portal and it was even on some US TV broadcasting stations. Well I can assure you, I have only talked to ONE customer who has seen it. So please, forget it as this is no real threat, it's one of the hundreds we receive every week, but this was about Michael. So what? This is what I call 'rubbish news' if you know what I mean... Guess what? One day after this Blog was published the 'news' disappeared from the webpages.

Thursday, June 09, 2005

Counting Mytobs...

It's unbelievable how many variants of Mytob we saw the past 3 weeks. It's like a cascade. This is THE reasson why everybody should update at least every day his anti-virus product. Unfortunately this is not the case everywhere. People and definitely the SMB market seems not to care about it. A lot of companies still haven't running anti-virus on all of their machines. Do we really need to have another large outbreak to convince them?

British hacker out on bail.

Gary McKinnon, the man accused by US authorities of perpetrating the "biggest military computer hack of all time", was released on bail of £5,000 by Bow Street magistrates yesterday evening.The British programmer is accused of causing $700,000 worth of damage by illegally accessing 58 computers at Nasa, the US army, US navy, Department of Defense and the US Air Force. If convicted he faces 70 years in jail and a fine of up to $250,000. McKinnon, who operated under the pseudonym 'Solo', claims that he accessed the systems to search for evidence that the US government had information on UFOs that was being covered up.He was captured after Nasa sent a request for help to the UK's National High Tech Crime Unit. McKinnon has vowed to fight attempts to make him the first hacker to be extradited to the US. It is not clear exactly why the US authorities waited two and a half years to request the extradition. The case will resume on 27 July. I've been interviewed today by one of our Belgian newspapers 'Gazet van Antwerpen' concerning his release. You can read it in the newspaper of 10 July 2005.

Wednesday, June 01, 2005

Belgium Medium Virus Alert

We got a lot of Mytob's lately. Some of the samples seems to originate from Belgium. Unfortunately some local independent organisations over here in Belgium didn't find it necessary to alert people for this ... unbelievable as this caused more problems compared to some bigger estimated viruses. Well at least .. I got a good short interview with Luc Van Aelst from the newspaper 'De Tijd' yesterday which was published today. You can find it also on my 'press page' at .