Sunday, September 28, 2008

On my way to the VB conference ...

Indeed I'm on my way to the the VB conference in Ottawa, Canada. WOW ... This is my number 13 of all the Virus Bulletin conferences. I've been attending since 1996 (Brighton, UK) and I can assure you that this is the best conference if you are in the anti-malware industry. You can find more from the conference itself at the VB website. As always I will post some pictures over here afterwards or during the conference. And BTW if you're not there, you're either sick or dead or you just don't belong to that part of the industry. It's simple as that! ;-)

Tuesday, September 23, 2008

GeenStijl and GeenCommentaar: 0/10 ..Unethical in every aspect!

It's been a bit of a bumpy ride on the Dutch part of the internet over the last couple of days. One blog - - decided to set up something I like to call a 'web 2.0 honeypot' in the form of a petition. The idea behind this was to attract the attention of the biggest blog in the Netherlands - - and get GeenStijl readers to comment. GeenCommentaar logged the IP addresses of users who made offensive comments on the blog and created a database. (A lot of the offensive comments came from GeenStijl users). Other bloggers could then check the database to see if a particular IP address had been tagged as offensive. Supposedly the idea behind this was to make life easy for other site/ blog owners, by offering an automatic way to filter out (probably) unwanted comments/ content. When GeenStijl realized what was happening, they responded with a vengeance by adding a piece of Javascript to their page. This meant when anyone visited the GeenStijl site, a random IP address was generated, and the GeenCommentaar database would be queried to see if the IP address had been tagged as offensive. All of this was done automatically and without visitors to the site knowing anything about it.
The result? GeenCommentaar's server couldn't handle the load; as well as GeenCommentaar getting hit, some other sites running on the same server were overloaded. In addition to the obvious ethical objections, both the parties involved are breaking the law.
BTW Kaspersky Lab added detection for this DDoS script as Trojan-Clicker.JS.Small.p .

If you want to read more about it
please look at my colleague Roel's comment at
Kaspersky Virus Analyst's Diary
or read my own comments in Dutch at
A lot of people seems not to think anymore about what seems to be good or bad on the internet. They just act and play like 'criminal' children without notice! Unbelievable!
Well ... at least their names are well chosen: no comment with no style.

Sunday, September 21, 2008

Back from 2008

I'm just back from the Symposium 2008 in Rotterdam. It's very interesting to watch how much money the Government of the Netherlands can invest in such kind of events. Most other events are heavily sponsored to make such events possible ... Congrats to and very well done however if you are a real pro or an anti-virus/malware insider it was not that inspiring. I loved however the key note speeches and especially the 'no press allowed' presentation of the arrests made by the joint efforts of the NHCU and FBI. The case which you can find more background of in my former postings (see August) and which I was also involved in. You still can find the full programme details at .

Sunday, September 07, 2008

Goodie Security Picture of the Month

Busy weeks for me ... yes a lot of business and a lot of events to attend to that's what was happening the past weeks. From now I will post a picture from all these events on my blog. Last week we got two nice launching events for our Kaspersky Hosted Security Solution in the Netherlands and Belgium organised by 2 of our distributors. The week before I attended a BBQ event at Copaco Belgium. This week I will attend and speak at the L-Sec Security Conference on Friday. You can have a look at the other speakers on their website at . I will present: 'A Virus Analyst in 15 Minutes?' .

Further on I was cleaning up a little bit my attic where I found a lot of old and newer security goodies (the free give-aways at conferences). So from now on I am going to use the good ones after I throwed away some other rubbish. For this job I got the wonderful help from a Symantec display box. On the picture you can see how you could use it in a creative way. ;-)
BTW It's just coincidence that I used a Symantec 'box' for it.
Other display boxes are also quite good.
This time this picture becomes the Security Goodie of the month!