Tuesday, May 20, 2008

Back from EICAR ...

I'm back from EICAR for a week now and it seems that I'm so terribly busy that I could not do a nice writeup about the EICAR conference ... well be patient and have a look at Virus Bulletin magazine June issue where I will publish a conference report. Just a this moment my Belgian friend blogger Didier Stevens was blogging about our EICAR test file. He really likes to play with it in a lot of ways. Now he seems to be publishing a PDF document with an embedded EICAR test file (eicar.txt). This PDF document has also an annotation with a JavaScript action linked to it. Clicking the annotation will export the embedded eicar.txt file to a temporary folder and launch the default editor for .txt files.
eicar.pdf contains only ASCII characters, so you can use Notepad to see what he did. He asks you also to guess what he did... read more at
http://blog.didierstevens.com/2008/05/20/quickpost-eicarpdf/ .

Monday, May 05, 2008

EICAR 2008, Laval, France: A success!

Our first day of the EICAR conference at Laval is nearly finished, we got a lot of attendees, terrific papers and good food. Well we are in France, isn't it. People who thought that this conference was not going to happen were wrong. If you're not here at this moment, you miss a lot! I will try to do a writeup of this conference very shortly, I hope. I'm now ready to go to our gala dinner at the nice old castle which you can find in the picture.

Friday, May 02, 2008

China attacking Belgium ??

I just was disturbed by a message on the radio this morning, being back in Belgium for just one day to make me ready for our EICAR conference in France. So I heard several newspapers refering to possible cyberattacks coming from China to some Belgium governmental institutions. Hmmmm, is this real? Why just stating this now to the public?
So a lot of rumour on the radio and the newspapers (De Tijd, GVA, but the statements I've heard from our Minister Jo Vandeurzen (Ministry of Justice, CD&V)) are the exact things, even the exact words I've said to some personal friends in the past...
But is it true? Well there is one thing for sure: I'm seeing a lot more malware coming from China compared to one year ago, but explaining that we are under attack is over the top. Of course this an investigation. But is there no continuing investigation going on all the time by the AV industry? What do you think? We just let everything pass without doing anything... of course not: So every AV company has is own research and indeed we see an ongoing growth of this kind of malware. Can we speak about a targetted attack to Belgium or some other countries? I don't think so, well at least not at this moment as I write this blog, and above all it's very difficult to pinpoint and state that this is coming from China as tracking down such kind of malware and attacks are harder than you think.
I'm not saying that we don't have to be careful and that we don't have to do some research about these things, of course not, I'm even helping in such kind of investigations in the AV industry.
I'm still wondering why this came up just at this moment? Could it have something to do with the strange(read bad) situation of our government at this moment? Maybe CD&V wanted to come up with some different subject to conceal the real problems of the Belgian government at this moment?
I don't know, I'm not a politician, I'm an anti-malware expert. At least the real problem, more malware coming from China, is not new to me and is a real threat today!
And also Belgium could be very interesting for some foreign countries as we got a lot of interesting parties having their office in Belgium: European Commission, NATO, etc ... so could that be the real reason of the possible attacks?

During writing of this blog VRT Radio magazine 'Vandaag' called me about this and will do a live interview with me at Radio 1 after 17:00 today.