Sunday, November 30, 2008

Spam down, spam up, spam down ... time for a trip to Moscow.

In the world of spam, what goes down must come up. Two weeks after the shutdown of web hosting firm McColo, which saw a two-thirds drop in spam worldwide, spam numbers are creeping up again. Some 450,000 infected computers have been spotted trying to connect to the largest of the networks McColo hosted. McColo served as host to a number of "command and control" centres for botnets, networks of infected computers called bots that send spam and engage in other malicious activities. With the shutdown of McColo, these botnets have been left without a centralised command, and the botnets' owners will be on the hunt for new hosts and bandwidth. The bots will remain infected with the malware that recruited them, and may soon be recruited anew. In combination with the typical spam cycle that sees rises around the Christmas season, it would seem that the scourge of spam will return to its former strengths soon.
It's really like a cat and mouse game, isn't it?

BTW I'm on my way to Moscow for some interesting Kaspersky Lab meetings. This time possibly I'll have one day extra to see at least something more from Moscow compared to my last visits. Time flies, it's nearly about one year ago I joined the Kaspersky team. And I really enjoyed it so far! ;-)

Sunday, November 23, 2008

Cyber-bullying advice on CityTalk FM (Liverpool Radio): an interview with Eddy Willems.

It was bullying-week in the UK and our UK press office asked me to talk about it with CityTalk FM (Liverpool Radio) during their breakfast show.

But do you really know what cyber-bullying is?
Well cyber-bullying (predominantly spelled cyberbullying by many researchers) is when someone repeatedly makes fun of another person online or repeatedly picks on another person through emails or text messages, or uses online forums and postings online intended to harm, damage, humiliate or isolate another person that they don’t like.

We cannot claim to be able to stop cyber-bullying, but we can and should educate those who may be concerned about it (parents, teachers, school children and off course those in the workplace) and offer advice regarding how to stay safe online in order to enjoy the many benefits of Internet usage without the potential dangers. Of course, using Kaspersky Lab Internet security is valuable for anyone that goes online as it helps to prevent ID theft, fraud, online predators as well as programs that may harm the computer. It (well ours certainly) does have some valuable functions that can help parents, teachers and indeed employers to put safeguards in place, however we can also offer some other valuable advise such as:
• Talk to someone you trust about it, like a friend, a teacher or an older relative
• Keep and save any bullying emails, text messages or images you receive
• Make a note of the time and date that messages or images were sent, along with any details you have about the sender
• Try changing your online user ID or nickname
• Change your mobile phone number and only give it out to close friends
• Mobile phone companies and internet service providers can trace bullies, so don’t be afraid of reporting it to them
• Block instant messages from certain people or use mail filters to block emails from specific email addresses
• Don't reply to bullying or threatening text messages or emails – this could make matters worse and lets those carrying out the bullying know that they've found a 'live' phone number or email address
• Report serious bullying, like threats of a physical or sexual nature, to the police

You can find the interview on my WAVCi press page or at CityTalk.FM (breakfast radio with Phil and Kim) or here.

Tuesday, November 11, 2008

Looking what's happening within malicous PDF's...

During as blogged before(my former posting) I will talk about the virus analyst's daily work. One nice tool which could fit in is one of the tools created by Didier Stevens, a friend blogger.
On his blog he describes how he can reconstruct by use of this tool the trial-and-error process of the malware writer by looking at the incremental updates and metadata within the malicous pdf.
Nice reading at this link:

Thursday, November 06, 2008

A virusanalyst in 15 minutes? (at 2008)

Is it possible to become a virusanalyst in 15 minutes? That's the question which will be answered during my presentation at . If you want to have a look at the daily work of an analyst or want to become one, this is a must!
You can find more info at the website
I will be also available at the venue in Utrecht
during the 2 days at our booth 08D060.
The case study and presentation will be given in room 9. (14:45-15:15 daily)
A lot of people already registered to attend this presentation, so hurry up if you want to be there!

Wednesday, November 05, 2008

MS08-067 problems continued ...

The first reports of a worm capable of exploiting the MS08-067 vulnerability are showing up. The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration. The worm component is detected as Exploit.Win32.MS08-067.g by Kapsersky Lab. Other names can be used by other AV vendors. (Exploit:Win32/MS08067.gen!A = Microsoft's name)