Sunday, March 30, 2008

Pictures ... Infosecurity BE and CSO Summit Moscow 2008

Some people asked me to show the pictures from the past
Infosecurity fair in Belgium which was a success BTW...

Jean-Marie Pfaff and Eddy Willems (me)

My ex-NOXS-Westcon Security colleagues ...

And like I told you in one of my former blogs I just returned now from a trip to Moscow and Munich where I gave a lecture ( see )about the new trends in Security. RBK-TV Russian Business TV made an item from my lecture for the Cnews magazine.

Monday, March 24, 2008

Targeted attacks against Pro-Tibet groups.

"Somebody is trying to use pro-Tibet themed e-mails to infect computers of the members of pro-Tibet groups to spy on their actions. This cyberattack involves sending e-mail messages to mailing lists, online forums, and people known to be affiliated with pro-Tibet groups. To enhance their legitimacy, the messages contain information related to recent events in Tibet and may appear to come from a trusted person or organization. But the content is simply bait, a social engineering con, to get recipients to open the documents and trigger an exploit. The exploit silently runs a keylogger that collects and sends everything typed on the affected machine to a server running at And is a Chinese DNS-bouncer system that, while not rogue by itself, has been used in various targeted attacks. The vast majority of control servers were identified on Chinese netblocks. However, servers have been identified in the USA, South Korea and Taiwan. The host names pointing to these servers are often configured on dynamic DNS services such as While these services in themselves are not malicious, they are heavily used in these specific attacks.

Efforts by Chinese authorities to contain protests in Tibet and limit media access to the country have been widely reported. Reporters Without Borders on Thursday said it had identified more than 40 serious violations of the rights of foreign journalists in Tibet and China since March. And access to YouTube and mainstream media sites like the BBC, CNN, and Yahoo has also been restricted.

But there's no direct proof that anti-Tibetan cyberattacks are being directed by Chinese authorities. The cyberattacks directed at Tibetan organizations are similarly the actions of Chinese hackers motivated by nationalism, without national direction.

The massive cyberattack on Estonia last year, in response to Estonia's decision to move a Russian war memorial, presents an analogous situation.

It seems that situations like this are becoming a trend ... another example of a targeted malware attack."

Eddy at the CSO Summit in Moscow

Sunday, March 23, 2008

Happy Easter .. from Moscow.

I'm ready to go to Moscow as I'm speaking at the Russian Moscow CSO Summit. Afterwards I'm again on the road to my Kaspersky colleagues in Germany ... a busy week you see and definitely different compared to the holiday period for a lot of other people. I'm still waiting to see my picture with Jean-Marie Pfaff at our Kaspersky site. Stay tuned!

Sunday, March 16, 2008

Security vendor websites under attack!

Earlier this week, part of the Trend Micro's public online Virus Encyclopedia (VE) was altered via external hacking. The redirect placed on the site didn’t work properly so nobody visiting the hacked pages was at risk of infection. In response to this incident, they shut down the VE for several hours, patched the systems, removed the inserted code, and brought it back to life again. This incident was part of a wider attack on security web sites around the world. In my opinion this is a bad sign as it demonstrates that a lot of hacking is being tried to deface or at least to alter the websites of the 'good' guys. I can assure you that I saw last month several hack-attacks on other very well known security sites. I will not go into detail which other sites have been attacked. I've seen this happening in the past but never on such a scale as this time. Do you have any idea why this is happening now? Does it have anything to do with CEBIT or the upcoming 'InfoSecurity' fairs?

Sunday, March 09, 2008

Back from CeBIT 2008.

CeBIT 2008 was a nice success for Kaspersky Lab, with a lot of people rushing to our booth to get a copy of Eugene’s latest book called ‘Malware’. The picture gives you also an idea about the amount of people we got at our traditional Russian disco evening. I think that mostly every visitor from CeBIT walked by our booth that night. You can find more at the official Kaspersky Blog at at this link and also at several other newslinks on the internet.

Sunday, March 02, 2008

A busy month coming up!

Indeed, I'm just preparing to go to the CEBIT 2008 where I wil have several interviews together with my colleagues, and that's just the beginning as we have Infosecurity 2008 Belgium (19-20 March) as well coming up very shortly. At the end of March(24-25) I will be speaking at a Russian event called the CSO Summit in Moscow. You can find more at the CSO Summit 2008 website.

CAPTCHA's are not 100% safe anymore...

Spammers have started circumventing the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) system used by Google’s email service, Gmail. The Gmail-CAPTCHA attack is quite complicated since it uses two compromised hosts in its attempts to break into the Google CAPTCHA system. The first host attempts to extract a copy of the CAPTCHA image in bitmap format then attempts to break the code. In case it fails, a second host uses the same image, but breaks it down into segments then sends it as a portable image or graphic file. Segmentation is the only task where humans still outperform bots, but it is steadily gaining attention and focus among spammers and bot herders. The popularity of Google makes it difficult to track spammers among the millions of users across the globe. This further makes Google’s domains highly unlikely to get blacklisted. Although breaking the Google CAPTCHA is of a very low percentage as of yet, I cannot deny that it works. We can expect more innovations in the future, and far more effective and creative ways of dealing with bots should definitely be in the to-do lists of email service providers as well.