Tuesday, February 28, 2006

Two new mobile POC viruses?

1: J2ME/RedBrowser.a: Seems to the first J2ME mobile phone trojan. It apparently works on most phones with J2ME support (ie. hundreds of different phones). It sends SMS messages to Russian premium rate numbers to steal money from the user. It was first reported by Kaspersky Lab.

2: www.mobileav.org is reporting a new C# virus, which would be succesful in spreading from the PocketPC mobile platform to a normal Win32 desktop computer. Nobody else has seen a sample of this one yet... strange.

Monday, February 27, 2006

Preparing for BlackHat Amsterdam

It's very quiet these days ... possible too quiet in my opinion. If it's too quiet we mostly can expect something hard hitting our pc's and networks within the next months... Nevertheless I'm ready to go to the BlackHat conference this year. There is a mutual sponsorship with EICAR. So you will possibly see some posting from me in Amsterdam(Netherlands) shortly. You can find more at www.blackhat.com .

Thursday, February 16, 2006

First virus for Apple Mac OS X found: OSX/Leap.A

The virus, named OSX/Leap.A (also known as OSX/Oompa-A) spreads via instant messaging systems. The OSX/Leap.A worm spreads via the iChat instant messaging system, forwarding itself as a file called latestpics.tgz to contacts on the infected users' buddy list. When the latestpics.tgz archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to fool people into thinking it is harmless. And oh yes, I can confirm that this virus is not heavily in-the-wild yet as Apple Mac OS X is not commonly used in Europe and some other parts of the world.

Sunday, February 12, 2006

Don't turn on every Google Desktop Search option!

Google have announced a new version of their Desktop Search program. One of the new features is called "Search Across Computers". You can read about it on the Google site.
"Search Across Computers enables you to search your documents and viewed web pages across all your computers. " To make this function work the searchable files get uploaded to Google's servers. For this feature to operate you need to use your Google account, the same one that you use for Gmail and the other Google services. This means that if an attacker can obtain your Google login details, he will be able to access your confidential files. The good side is that this feature is an option and is not turned on by default. I advise you to keep it that way. And I'm even not speaking about the privacy issue... as everything will be stored on Google servers ... if you enable this.

Thursday, February 09, 2006

Microsoft's OneCare Service is not a new concept!

Despite a lot of press attention Microsoft's OneCare Service is not a new concept in my opinion. It is correct however that the price which has been set today at 50$ is quite low if you see what you get for it. However the concept is not new as for instance McAfee has such kind of product for years! They call it Managed VirusScan and Firewall also known before as McAfee ASAP. However, charging for a service that allows paying consumers to be secured against Internet threats that exploit flaws in Windows will also likely raise sticky issues for Microsoft. Several critics have already questioned whether an operating system vendor should get paid to protect users against defects in its software. Of course it's impossible to give it for free as this could bring a complete business sector down. Was it really necessary that MS stepped into that specific part of the market? I doubt it, and I'm not the only one who has some strange feelings about this... Is this ethically correct?

Friday, February 03, 2006

The CME-24 hype? (Blackmal, Nyxem.e, Wife.d or Kama Sutra)

Like I told you before Belgium was not heavily infected with this virus ... some other parts of the world however could have got some serious problems with it but this seems not to be the case by looking at all the reports which came in so far. I personally thought that the attention about this virus was exagerated and by looking at the reports this has been the case ... and this was not the first time in the computervirus history... OK, they were some problems but the impact was and is very low until now. This is a normal - except of the payload - in-the-wild virus.
However a vast majority of the machines infected by Nyxem are home computers. Nothing will happen on them until people get home from work and boot up their machines. Half an hour later the damage starts. The user won't realise what's going on until an hour or two later, when it's already late Friday night. The full scope of the problem won't come to light until during the weekend or early next week. Otherwhise I would like to classify this maybe as hype ... let's see.

Thursday, February 02, 2006

Only 900 CME-24 (Nyxem.e, Blackworm or Wife.d) infections in Belgium...

Somewhere, deep inside Nyxem.e's body, there is a 'bad' block of 32 bytes. On the 3rd of every month, exactly 30 minutes after the infected system is started, Nyxem.e will use this block to overwrite all *.doc, *.xls, *.mdb, *.mde, *.ppt, *.pps, *.zip, *.rar, *.pdf, *.psd and *.dmp files on your disks. With the activation date drawing near, just make sure your system is not infected. In my opinion the media is too heavy busy with this virus ... people, we have seen this before and far more destructive! This is not the first time however it definitely could be bad for India, Peru and the US where we have really problematic situations. In Belgium we will have around 900 infections ... let's see if it really will break some important systems.