Wednesday, July 22, 2009

Some advice about Twitter before my vacation ...

If you use Twitter for this or other purposes, you’re probably aware that the site compresses URLs posted in tweets, usually with, as far as I can see. You’re probably well aware that compressed URLs are frequently used by malware authors et al to conceal the true URL. addresses this problem by filtering links through Google Safe Browsing, SURBL and SpamCop, which is reassuring, but is unlikely to catch every malicious site. also makes available a Preview Plugin for Firefox that allows users to see more information about a site before they click on it. Personally, I prefer the approach, which is browser-independent. If you go to, you can enable a setting that will allow you to preview the real link whenever you click on a tinyURL on that particular machine. Alternatively, the person creating a tinyURL can send a version that begins…
I started using these a while ago, but got a couple of comments from people who didn’t want to see the redirect. However, thinking about it and given the increase in malicious compressed URLs I’ve decided to start doing it again. Not because it will eliminate the problem altogether but because it might at least make people aware that there’s a slightly safer way of doing it without telling them which browser they should be using. If you don’t like the redirect, all you have to do is paste the URL into your browser and delete the "preview." substring that comes after the "http://".

And that's not the only problem about Twitter these days:
There've been quite a few reports over the last few days about how Erin Andrew's 'naked' video is being used to spread malware, with links to infected sites being sent in spam. Now there's a new fake video codec being spread on Twitter, with lots of different hash tags being used to push the link. And one of the most popular topics is 'Erin Andrews'. Kaspersky Lab is detecting the malware as Trojan-Downloader.Win32.CodecPack.iow. Very good as well is that also Twitter itself is doing something about it by informing infected Twitter-accounts and even temporarily disabling them however this only works if they know about it and this can take some time.

I'm ready to start with my vacation now for the next 3 weeks where I will use my Twitter account to give some updates what I'm really doing however be careful and try to be safe on the social internet... it seems to me that the internet is not that socical anymore, isn't it?

Find me at!
See you all within a couple of weeks or in case of an emergency maybe earlier, you'll never know.

Sunday, July 12, 2009

Malware experts are strange people ...

This is what I hear sometimes. I must admit that we all sometimes have some strange habits but isn't that normal as a human. I have showed to the public this year a lot of times what a real analyst or expert is doing. In my presentation 'A Virusanalyst in 15 Minutes' I'm showing the real life of an expert which is not always that amazing... shortly you will find on my press page also the original article I wrote about this presentation. It's more or less some kind of whitepaper and a guide how you can do some pre-analysing stuff.
I'm now 2 weeks back from our analyst meeting trip in Dubrovnik and you can find pictures of it at this link of my website. Most of it are some touristic pictures, some pictures are showing some experts in some strange situations. And definitely our 10the Kaspersky Virus Analyst Meeting combined with the press tour was very nice this year!
At least the price for the most strange-humorous picture goes to Michael Molsner(my German-Japanese colleague): a perfect example how practical a malware expert can be!
Michael I own you a pint ...