What *else* could (should?) antivirus software do?

Uncategorized
I saw this article today and it hit me that, dang, that would be an awesome tool to have from the antivirus, rather than having to try to go all CSI (from the article) to see what had been changed and, perhaps more importantly, how long ago it had been changed (2 seconds prior to the pop-up or 2 months ago, and it's been piping data to the attacker ever since).  There are server-side tools that can be installed to do this kind of thing (think tripwire and the like) but, for a simple workstation, I'm not aware of anything that will actually alert you when something was changed, only when it (the anti-virus tool) notices it.
Read More

How do people make money off of viruses? Read on…

Uncategorized
A question that we get asked regularly is "How do people make money from viruses?".  This is a topic that, for many, is hard to get their brain around.  I've covered several ways to 'monetize' malware in the past but saw this article this morning and wanted to share it with a quick op-ed. The article basically takes a look at malware designed to 'steal' money from advertisers by faking clicks (e.g., an advertiser pays to advertise on a page and is billed based on the number of people that 'click' on the advertising link).  This is only one way that criminals have found to monetize malware but the article does an excellent job of demonstrating how it works.   The article also gives a good cross section of the…
Read More

Temporary issue with outbound email from Cyber Tech Cafe

Uncategorized
We have just noted an issue with some of our outbound emails being queued, resulting in some non-delivery reports.  We have confirmed that none of our servers are blacklisted and all appear to be functioning properly.  Troubleshooting to this point indicates that there is a problem on the ISP side and we are working to get the problem resolved ASAP.  I will post a response here as soon as a resolution has been reached.
Read More

Followup and analysis on the Skype Work reported on 9 October

Uncategorized
Back on 9 October, I reported on a worm that was spreading (primarily) via Skype.  Today, I found a good write-up on the worm, how it spread and a very important component to it's success (user action required).  The story is available here and was carried by Packet Storm Security (lends a lot of credibility).  I'll spare you all of the details (available in the article) but some important things to take from it are: It was spreading via Skype initially but later was found to also be using the Instant Messenger networks.  Skype quickly acknowledged the problem and released a statement on their website. It was spreading via a link, requiring that users click on the link.  Even though the link a) was to a valid URL shortening service (Google) and was…
Read More

New virus targeting Skype users

Uncategorized
There is a new worm making the rounds that is specifically targeting Skype users.  There are details in the linked article but the short story is that Skype users are receiving phishing emails asking  "is this your new profile pic?".  If you click on the link, the virus code is launched.  Skype has advised that they are looking into ways to mitigate the problem and have advised all users to upgrade to the latest version and make certain that their computers are up to date.  If you are a Skype user, beware.   Article
Read More

Update to Adobe Flash Player patches vulnerability that can cause a system crash and / or allow an attacker access to a vulnerable system

Uncategorized
On 8 October, Adobe released an update to address a vulnerability in it's Adobe Flash Player that can enable an attacker to crash or compromise vulnerable systems.  The vulnerability affects Flash Player on Windows, Mac, Linux and Android.  All users are encouraged to update.  From the Adobe article: Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system http://www.adobe.com/support/security/bulletins/apsb12-22.html
Read More

Why you shouldn’t use the ‘firewall’ that your ISP gives you? More than 4.5 million DSL modems attacked and breached, resulting in viruses and stolen information.

Uncategorized
Just this week (or was it last week?) I was asked again by a client why he needed to purchase a firewall when his ISP was going to give him one for free.  This can sometimes be a difficult thing to explain to someone trying to get the most bang for their IT buck and their ISP is telling them that they're getting a 'firewall' for free (while their IT guy is trying to sell them one) but the fact is, you need one.  There are several reasons (most are noted on the US CERT website) but the one that we're going to focus on here is the easy one, they aren't secure.  The device that you get from your ISP is a device that they can / will 'manage' for you.  They…
Read More

October 2012 Patch Tuesday

Uncategorized
October will see seven bulletins from Microsoft, one addressing a vulnerability listed as critical in Microsoft Office and Windows Server, nothing (yet) from Adobe since APSA12-01 and Java will have it's 'regular' update, currently scheduled for 16 October (it's been eerily quiet from the Oracle camp lately).  There are a few other noteworthy items this month that I will covering in additional articles.   Microsoft Microsoft released 7 bulletins this moth including 1 critical and 7 listed as important.  The critical bulletin addresses a vulnerability in Microsoft Office and Windows Server.  The vulnerability in Office seems to be being downplayed a bit, noting that it 'only really affects Word 2003, Word 2007 and Word 2010'.  The downside though is that it can allow remote code execution and I really don't know that many folks…
Read More

New virus, undetected by many antivirus products

Uncategorized
In the past 2 days, we have noted a number of 'questionable' files that weren't flagged as being a virus or malware but exhibited behavior that led us to believe that they were.  We submitted samples to ESET and received the response below this morning.  I suspect that the signatures will make it's way into most major antivirus products by days end but, until that time, you may be left unprotected.  We have been able to get these files through gateway security devices, email malware scanners and local antivirus scanners, even running explicit scans on the files.  They files have been delivered via email as Airline tickets (claiming that we purchased them) and UPS and USPS tracking information.  If you receive any such notifications, please confirm that the reported sender…
Read More