Wednesday, September 26, 2007

VB2007 a success and an overview ...

This year the VB conference in Vienna was a really good one with a lot of interesting talks. I was only chairing some sessions this year so I got a lot of time to listen to a lot of interesting papers and to meet a lot of new faces in the industry. Presentations about 'Second Life malware' via the 'Stom worm' to an interesting 'malware resistent virtual keyboard' and also 'The strange case of Julie Amero' are to be remembered. VB you did a good job this year. Between a dozen of meetings I tried to make over 200 pictures this year which you can find on my wavci picture site at .
And oh yes, I even used geotagging on the pictures so you can look them up via Google Maps with an exception for the 'inside' pictures.
The picture over here gives you an overview of the Wildlist reporters during the Wildlist meeting. You can find more of the Wildlist at . You can find me in the middle of it.
And that's not everything ...
I even created a small movie which I converted in a new Vodcast.
You can find this at the link .
It will give you a different look at the VB2007
conference and some way to see how anti-malware experts
work together during such a conference ...
You can subscribe and view the complete channel at .
If you want to download this Vodcast in mp4 format(iPod)
you can do this via the link .
If you have iTunes installed you can watch
via the WAVCi iTunes channel .

Many thanks goes to the members of our round table (Companies: Microsoft, Norman, Messagelabs, Florida Institute of Technology, Lockheed, Grisoft and NOXS) and of course to the VB crew...

Sunday, September 16, 2007

Preparing for Virus Bulletin Conference in Vienna.

I'm preparing to go to my eleventh Virus Bulletin conference, this year in Vienna. Just at that moment I saw a new tactic from the Storm worm team: emails with links to a fake gaming site. All the links from these pages point to ArcadeWorld.exe . So it's again updating time ... and oh yes, I even saw it on my Belgian 'honey-email' account...
See you later .. maybe I'll post something from Vienna.

Wednesday, September 12, 2007

A Skype Worm: W32/Ramex.A or W32/Pykse.worm.b .

What did I predict about a year ago: A Skype worm that could connect by his own to your other contacts and spread by the use of the Skype VOIP network?
Well we've got it ... in some way.
Skype users are under attack from a new worm that spreads through the peer-to-peer Internet phone application's chat feature. The attack begins when a user receives an instant message containing a link from someone in their contact list or an unknown Skype user. There are several versions of the chat messages, which are cleverly written to fool users. The link appears to contain a JPEG photo file, but if clicked causes the Windows run/save dialog box to appear, which asks whether the user wants to save or run a ".scr" file. The file is malicious software that can then access a user's PC via Skype's API (application programming interface). The malicious file has been named W32/Ramex.A or W32/Pykse.worm.b . Users whose computers are infected with this virus will send a chat message to other Skype users asking them to click on a web link that can infect their computers.
Of course it's not exactly what I was thinking of a year ago but it came very close this time. Most AV vendors got an update now however cleaning seems not always be so straightforward as the worm has some clever blocking features to stop the cleaning.
I must say that we don't see a lot of infections over here.

Sunday, September 09, 2007

New WAVCi Lab Broadcast: An overview of malware problems for the first 9 months of 2007.

I just launched my fourth WAVCi lab broadcast.
You can find this posting at .
Alternatively you can also watch it over here:

The item this time:
An overview of malware and virus problems for
the first 9 months of 2007 including some predictions.
You can subscribe and view the complete channel at .
If you want to download this Vodcast in mp4 format(iPod)
you can do this via the link .
If you have iTunes installed you can watch
via the WAVCi iTunes channel .

Thursday, September 06, 2007

VRT 'Koppen' reportage postponed.

I just got a message from the journalist that due to some very important actual news the interview and broadcast I was blogging about yesterday (Identity Theft) will be postponed to next (Tuesday 11 September again postponed) Thursday 13 September.

Wednesday, September 05, 2007

Phishing, Trend Micro and a VRT 'Koppen' interview!

Beware of spammed email messages claiming to be from Trend Micro. I even got one in one of my honeypots. It redirects you to a fake Trend Micro website and tries to entice users to download a supposedly free trial version of Trend Micro AntiSpyware software by clicking on a link. Clicking on the links found on these pages eventually leads to the downloading of possibly malicious files. The phishing site seems to be down at this moment. This is a perfect example that really no one is safe for such cases. Users must try to be aware enough to find out that such a site can be a fake one. In this case a fake website address at was used. This was easily viewable in the browser bar. Of course the original site can be found at . It can happen as well to other vendors (and it has been) so please be careful as always.

Seems to me that phishing and identity theft are very hot issues these days. I was interviewed a few days ago about these issues by the Belgium National Broadcast(TV) VRT for the magazine 'Koppen'. If everything goes on like it should be, it will be scheduled Thursday evening 6 September in prime time.