Tom Liston at SANS has more on the WMF vulnerability and thinks it could be very very bad indeed and suggests that everyone take an unprecedented step in unregistering this DLL and applying an unofficial patch in lieu of action from Microsoft: To the best of my knowledge, over the past 5 years, this rag-tag…
F-secure has some interesting commentary on the latest Windows WMF vulnerability: The feature now in the limelight is known as the Escape() function and especially the SetAbortProc subfunction. This function was designed to be called by Windows if a print job needed to be canceled during spooling. This really means two things: 1) There are…
Kaspersky Labs takes a look at the state of viruses targeting GNU/Linux.
So, Microsoft last week announced they were buying spyware-giant Claria. I had hoped maybe this was some bizarre move by Microsoft to buy them and shut them down — you know, a gesture to the community or something. Sadly, no, they appear to be doing something much stupider, as Microsoft’s anti-spyware application now detects but…
F-Secure has a story about a new virus: Fantibag.B is a trojan that installs a packet filter for preventing of downloading AV companies database updates and security patches. It is related to recent Bagle/Mitglieder trojans. Pretty evil.
Kaspersky labs reports on an increase in sightings of the GpCode virus, which is the virus that encrypts files and demands a ransom to decrypt.
A few weeks ago, as I downloaded the enormity of XP SP2 to burn to CD, it occurred to me that it seems silly that Microsoft didn’t leverage the power of bittorrent to distribute this update, and their patches in general. Imagine my dismay to discover that someone tried, and was promptly shut down using…
An interesting article on eweek discusses a new strategy in fighting botnets: hunting for their ‘Command and Control’ servers — that is, the networks and computers that are sending them instructions. A wise target, to be sure. Botnets are becoming a huge problem. More and more viruses are being designed not to run rampant on…
Mytob is fast becoming a much-reviled wonderboy of the virus world, increasingly used in many variants: The Mytob worm, which first appeared in late February, is a mass-mailed worm that hijacks addresses from compromised PCs to spread using its own SMTP engine, drops a backdoor Trojan so more malicious code can be added to the…
Some interesting commentary over at Kaspersky about the effectiveness of IM worms: This effectiveness worked in several ways. By uploading to several sites the attackers still had one or more places left to turn to when measures were taken to take a site down. Additionally, different messages were used to convince the recipient to click…
