PC World, Malcon, and Our Industry’s Flawed Logic
Malcon: the malware authorship industry conference. You’ve heard about it here, you’ve heard about it on anti-virus rants, and now you’ve heard about it on PC World. As you might be able to tell from the title of their article (“Malware Convention — Not a Good Idea”), that PC World… well, they don’t think it’s a good idea. They quote...
Read MoreMalcon: the devil? or just a more specialized BlackHat?
So, I saw today Kurt Wismer’s post over on AV Rants about Malcon. Truth be told, I hadn’t heard about it, so thanks to Kurt for once again illuminating me. TLDR version for folks not wanting to read his article or the one Kurt quotes: it’s a conference – in Mumbai – targeted to malware authors. Apparently, forwarding the science of how to write...
Read MoreZe plane… ze plane. It’s COTS under the hood
We put this out there the other day, but it’s getting some more traction in the industry press: namely, that malware did in fact contribute to the crash of a Spanair flight two years ago. Now, this fact in and of itself is interesting. But, beyond that, what’s particularly interesting to me about this is how surprised people are by it. A number of folks have asked “how...
Read MoreMalware may have contributed to airline crash
Check this out. Turns out (according to a story in El Pais) that the crash of a Spanish airliner may have been partially caused because of the plane being riddled with trojans and malware. Or the warning system was anyway. Apparently, the mechanics (now up on manslaughter charges) weren’t doing their job either, which doesn’t help contribute to the overall “safety...
Read MoreTurning tide? Malware on the smartyphones
For years, I’ve been saying the same thing about malware for the smartyphones – namely, that it’s dumb. Why is that, you ask? My point has always been that we’re just not seeing phone-based malware in the wild. So why are you going to implement anti-malware for a platform that doesn’t have any in the first place, amirite? But recently, it looks like...
Read MoreAMTSO response roundup
I just wanted to call out the excellent responses and furthering of the recent AMTSO discussion from Kurt Wismer here and Andrew Lee from the Avien blog here. I really don’t have much to add to the discussion other than what I’ve already said about it, but I wanted to call out the well-written responses. One of Kurt’s points was that the context he brought to the AMTSO NSS...
Read MoreAMTSO… Yet again…
I really didn’t want to continue on this topic again, but I find that I am unable to control myself. I was reading through David Harley’s recent comments about the difference between ISO and AMTSO and Kurt Wismer’s well-reasoned post on AMTSO generally and I started musing about the role of AMTSO, my particular beef with it, and why this seems to stick in my craw. So, to briefly...
Read MoreMore about malware ethics and AMTSO
So if you don’t keep up with this stuff, there’s been some interesting discussion going on in the blogosphere having to do with the AMTSO, malware testing, and so forth. The interwebs are all a-twitter with hot debate. As some background and context, I recommend checking out NSS Labs’ excellent post, David Harley’s responses to the crazy ranting of yours truly, Kevin...
Read MoreApple secretly fixes problems they claim not to have
So Apple has apparently secretly patched OS X to address some Trojan-horse malware issues (HellRTS) that they’ve been having since about April or so. Basically, the malware allowed attackers basically full access to OS X machines. Now, some folks have been pretty critical of the fact that they patched this thing in secret. In my opinion, these folks have a point. It is without question...
Read MoreFolks respond to yesterday’s snark (or “Ed makes enemies, part 582″)
OK, so I thought it was worth mentioning that AMTSO blog responded (in part) to my snarky post from yesterday about the new guidelines for anti-malware testing – they talk about other things as well, but to us in part. Anyway, their response was not favorable as you can probably guess. So I thought it would be useful to clarify my position about the issues. #1 – Vendor...
Read MoreMore malware in the source? Could be…
The other day, we discussed a little bit the recent issue discovered in the the UnrealIRCd server where someone had compromised the source distribution to insert a nasty rootkit. It’s an interesting event, and there’s still plenty of shakeup about it. This morning, I came across someone asking the question of how much more of this type of activity might be out there that we just...
Read MoreLinux malware festering since 2009: reviewing the impact
Apparently the folks who maintain the UnrealIRC [it's an IRC server - Internet Relay Chat - for gabbing it up with your friends] just noticed that they’ve had remote control software included in the distribution since 2009 and didn’t notice until just now. Whoops.Apparently the infected software got picked up by at least one major distribution for inclusion in the default package...
Read MoreWhat’s McAfee up to, do you think?
So, today McAfee went on record with a very strange message. Specifically, they tell us that: 1) Malware is increasingly using Facebook as a vehicle for propagation; and 2) Malware is increasingly targeting virtual commnities (e.g., World of Warcraft, SecondLife) for password stealing Interesting, but frankly I’m at a loss. This article interested me enough to actually go to the Avert...
Read MoreMobile Malware Prediction Generator?
So, I read the other day on the Register that those guys are pretty fed up with all the mobile phone malware hype. They’re irked that analysts like Gartner keep predicting it, and it keeps not coming to pass. So, in the spirit of Cyber Security Awareness Month allow me to point out an alternative theory. Which is, that we’re currently under seige – that our phones have already...
Read MoreTeacher Convicted for Getting Spyware
I found this to be particularly interesting when I read it this morning. In case you didn’t see the story, the rundown is the following: Her story: - A school has content filtering software installed, but they don’t maintain the license, so it stops working - A schoolmarm visits a hair-styling website which has advertising content - Schoolmarm’s machine receives a piece of...
Read MoreAycock Malware Round-Up
I came across a great post by Kurt Wismer this morning over at his Anti-Virus Rants blog: it’s a timely and interesting response to all the brouhaha surrounding academic malware. Now, he and I don’t entirely agree on this topic (I won’t go through it all again since we did over a thousand words on it last week), but Kurt argues the other side of this issue extremely well; I...
Read MoreWhy’s Everybody Pissed at Consumer Reports?
Consumer Reports has apparently decided to test the capability of antivirus software to detect and respond to new and arising threats. In order to do this, they have contracted with an outside firm to create new malware which will then be scanned by the AV software. This sounded like a good idea to me, but then I read the reaction from the AV community: [Sophos:] When I read about what...
Read MoreYankee’s right… but do they know why?
Today, HackInTheBox published a Yankee Group webcast How to Detect and Remove Malicious Software Without Signatures or Scanning”. Anyway, it happened to catch my eye, so I (despite my better judgement) registered with the webcast sponsor (Sana) and watched the broadcast in its entirety. And it turns out that Yankee was right on target about the future of malware scanning – although...
Read MoreMore McAfee Benchmarks
I’ve been reading this book, recommended by a colleague, called Crimes Against Logic – it’s a very readable catalog of logical flaws and nonsenical conclusions; I highly recommend the book, by the way. Anyway, I was reminded of this when I came across the recent malware numbers published by McAfee after seeing it in the press. Now, as many of you know, I am de facto critical...
Read MoreMcAfee Warning about Mac Malware
Interestingly, McAfee has decided to warn us all about the probability of malware appearing for OS X in the near future. McAfee has apparently put out a whitepaper called “The New Apple of Malware’s Eye.” The Register implies that the McAfee’s whitepaper is pretty much a hollow justification for their new VirusScan product for Mac on Intel, but there’s actually...
Read MoreMalware Statistics Apparently Malleable
Remember when we went through the McAfee “Rootkit Report” and pointed out that their “statistics” were merely reflective of their product rather than actually reflective of what’s going on in the real world? Well, today I stumbled across the headline Virus emails drop to record low informing us that virus-laden emails are at the “record low” figure of...
Read MoreMobile Malware vs. the Goat Sucker
Have you ever heard of “El Chupacabra?” Well, just in case you haven’t, El Chupacabra (in English, the “goat sucker”) is a South American spiked, fanged, goat-eating beast that strikes terror in residents of Puerto Rico and (more recently) South and North America. There’ve been hundreds of Chupacabra sightings in the past decade, and there are thousands of...
Read MoreHow likely is this really?
A recently discovered piece of malware that infects both Windows and Linux systems has been analyzed by Kaspersky. The media is all fired up about this, giving it international coverage and even inspiring commentary from SANS. Given the attention, it begs the question, “how likely is it that a cross-platform worm or virus will actually survive and prosper?” Despite what some other...
Read MoreMy laptop is not a Rhesus Monkey
The Register had an article today, “As Emperor of Security, I hereby decree…” It caught my attention since it was so atypical in style. The author spends some time discussing the things that he would decree if made emperor of security. Neat concept, right? I thought so too. The mandates were totalitarian and restrictive; purposefully so (that’s sort of the point,...
Read MoreApple Malware Galore
There is a new piece of malware for OS X circulating this week – this time, it’s called OSX.Inqtana.A (actually that’s the SYMC designatation). The malware itself isn’t that original, isn’t that complicated, and probably won’t spread very quickly. However, according to one of the Sophos engineers the article cites: Apple Mac users need to be just as careful...
Read MoreI told you so. :^P
About the only think Kama-Sutra left us with was inuendo in the press. According to News.com, Kama-Sutra “went soft” and is now “shriveled.” Anyway, the Register tells us that we’ve “survived the apocalypse” in typical sarcastic...
Read MoreLovin’ from the Kama-Sutra
Blackmal, Kama-Sutra, MyWife… call it what you want. My mailbox has been on fire with email coming in about this worm for the past two days. Colleagues, friends, and relatives are all sending me information on the worm, every AV vendor I’ve ever requested information from is “dropping me a line” to tell me about it, HIPS vendors are sending me information about how their...
Read MoreNew Whitepaper about Malware Evolution
Dancho Danchev (you may or may not know him from his blog) has put together a new whitepaper about the evolution of malware. There is, by no means, a shortage of opinion on how malware will evolve – it is a topic of considerable interest in the security community and there are tons of predictions about how malware authors will (or will not) continue to incorporate new distribution vectors...
Read MorePhone Malware (again)
I’m getting sick of the whole “malware on the phone” propaganda; I’ve been saying that phone-borne malware is not “brewing like bird flu” for years now. However, every few weeks, the press picks up and runs with some story about how huge a problem it is. The stories typically have quotes from certain AV vendors spinning a tale of woe about how phones are a...
Read MoreTuesday September 7, 2010
Diana Kelley's profile