Tuesday, December 23, 2008

Dangerous eCards in the Wild ... A Merry Christmas to you all!

Are you really surprised? A couple of days ago I started to receive reports of emails pretending to carry links to holiday cards. These emails contain a link that points to a file named ecard.exe. Of course, this executable is not a seasonal holiday card but malware. The reason this wave of malware has attracted my attention is that it is very similar to the Storm Worm attacks we were seeing last year. Although this attack uses fast-flux to make it harder to trace its web servers and a redirection page very similar to those used by Storm last year, this is not the resurrection of the Storm botnet. What we are observing today is proof that malware authors are learning from each other’s errors and successes. After seeing that Storm was able to infect thousands of systems last year with Christmas-related social engineering, the criminals behind other malware families are now trying to emulate that success. Most AV vendors are detecting this by now but you'll know that this is definitely not the last malicious eCard we or you will see.
Please just use ordinary plain text mails, it's so much nicer (read 'more intelligent') and it's more effective to my opinion. But am I not saying this every year?

Well at least what I really want to say from my own safe spot in Belgium:
A Merry Christmas to you all!
And that's more or less in plain HTML. ;-)

Wednesday, December 17, 2008

MS IE patch ready for Security Advisory 961051 (Zero-day exploit) !

Microsoft Corp. have announced that they are to release an emergency patch for Internet Explorer, in the hope of fixing the security bug that allowed attackers to exploit the IE browser. The critical patch could not come any sooner for the millions of IE users who have been too scared to use the browser. The warning about the bug came last week after Microsoft had no choice but to go public about the exploit code. Hackers are able to hack in to your Windows computer and then hijack Internet Explorer. Microsoft announced that an out-of-cycle patch will be ready at 1 p.m. Eastern time on Wednesday, via Windows Update, Windows Server Update Services and Microsoft Update. The IE update will be labeled “critical,” which is the highest ranking update from Microsoft. So what do you think? Is one week enough these days to patch a 'critical' problem?

Tuesday, December 16, 2008

Zero-day exploits targeting Internet Explorer vulnerability.

Microsoft recently expanded their Security Advisory 961051 to include all versions of Internet Explorer. The vulnerability was originally thought to only affect IE7. But is now problematic as well for a whole range of related software ... like IE 5,6,7 and 8... And some other bad news, SQL Injection attacks are being used to hack legitimate websites in order to host these exploits, turning trusted sites into malicious exploit hosts.
There are a number of workarounds that may provide some mitigation if you look at the MS Security Advisory. Other solutions are using other browsers like Firefox or Google Chrome.
And trust me ... this problem is underestimated at this moment.

Thursday, December 11, 2008

Back from Moscow with Eugene Kaspersky...

I'm just back from my trip to Moscow from a marvelous organized Kaspersky Lab related press event and where I also got some other interesting meetings. We got loads of press coverage. Some of them where covered by ZDNet in Belgium and the Netherlands with interviews from me, Eugene Kaspersky and David Emm. If you can read Dutch (or Flemish) please have a look at this page, this one or this one.
Oh yes, BTW on the picture you can see me and Eugene Kaspersky during one of the evening events.