Wednesday, April 26, 2006

Preparing for the EICAR conference 2006 in Hamburg.

Good news and bad news.

First the good news: I'm ready to go to 'our' always interesting conference of the year: The EICAR conference. This year we got loads of brilliant papers. You can have a look at the programme on the EICAR website You still have some time left to decide to join us over there. In my opinion it's a must this year. As always I hope we will not have an outbreak this year during the happening but we can't predict this. We got the past three years each year an outbreak during the conference. As the landscape of viruswriting is changing I'll think we possibly don't see anything this year. I will also post some pictures from over there to the log.

The bad news: My wife got a spectacular accident with her car yesterday. On one of the most busy traffic points in Belgium she spinned and crashed her car completely. Thanks God that she came out of it quite good with only some small injuries (at first sight). Be aware that it can always happen to you even if you drive safely ...

Sunday, April 23, 2006

Linus Torvalds is not clever!

Patching an OS isn't new, but patching an OS to enable a virus? Unbelievable and for me unforgivable. Linus Torvalds has recently patched the Linux kernel to fix a small bug that was revealed during the testing of a Windows-Linux cross platform virus. Fixing the bug enables the virus to work as it should. So Linus Torvalds doesn't seem to think that BiWiLi is much of a virus, just a program that has an interesting way of writing to files for which it has permissions. For more details, the stories can be found here and here. It confirms me that a lot of people, even so called brilliant ones, don't have any notice about real security.

Friday, April 14, 2006

POC MS Publisher virus found called Avarta.

The first virus which infects Microsoft Publisher (*.pub) documents has been found. It's called Avarta. Due to its crude replication method and obvious payload, Avarta has zero chances of getting in the wild. Some years ago, this might have been an interesting piece of malware. But now macroviruses are virtually extinct, making Avarta proof of concept for something that will never become a threat. A lot of POC's these days but without real danger. Viruswriters are getting behind maybe...

Saturday, April 08, 2006

POC cross platform Linux and Windows virus found.

A cross platform virus that works on both Linux and Windows machines. It is claimed to be capable of infecting both the linux ELF binaries and .exe's from windows. The impact of the virus at this point is very low in itself, but it is a sign the cross platform aspects are becoming important. As the developers of viruses continue to research this, we will see (more) cross platform malware come about in the future. Even today websites sending exploits to their visitors tend to detect what browser/platform the visitor is using and send a matching exploit to install some malware and earn their quarter for each confirmed installation.Planning ahead and also protecting the Linux, UNIX and Mac OS X, machines with anti-virus measures is a good thing to start on now if you haven't done so already. The virus is called BiWiLi. Please note also that we have seen some other cross platform viruses infecting Linux and Windows in the past as well.

SpyFlex Mobile Spyware Trojan is 'more' than we think.

It's already several weeks now that the AV industry found this trojan. This application installs itself without any kind of indication as to what it is. And when it is installed on the phone it completely hides itself from the user. So the application could easily be used by malware installing it as part of its payload, or a hacker could simply send it to a victim over Bluetooth and trust that there are enough curious people to install it. Not to mention the fact that spying on people's private communication is illegal in most countries around the world. And the fact that all of the information is stored on the FlexiSpy servers, puts the company in a rather interesting light... this company is watching everything. I've given an interview for 'Het Nieuwsblad' a Belgian newspaper to clarify the situation. You can find this at our press page. Honestly, this program is definitely a 'trap' in any way! Lucky that at least all mobile AV programs do find this Trojan Spyware.