Monday, December 18, 2006

Skype worm?

Hi folks,

Stories are circulating today about a possible Skype worm. There is clearly some sort of malicious code associated with Skype today, but it is by no means clear that it's a worm, and is not even clear that it works at this point.

From what we've seen so far, it seems more likely to be some sort of social engineering to trick a victim into installing something ... a sort of "OMG.... look at this!!!!" sort of thing. These tricks have been used with AIM and MSN for ages to install backdoor bots.

Again, there is no evidence to suggest that this is wormy or self propagating in any way, and may even turn out to be a directed attack, targeting a single victim. If you use Skype, relax and keep using it... just raise your caution level a smidgeon.

Cheers

Roger

Wednesday, December 06, 2006

Lulls and storms?

Hi folks,

I can't believe it's been nearly a month since my last blog entry, but it has. Time sure flies when you're having fun.

Part of the reason I've not posted is that we are in a lull. There seems to be a pattern emerging of lulls, followed by burst of frenetic activity.
It's not that the Bad Guys aren't doing anything... they're carefully re-organizing their attack scripts to use SetSlice, and XML, and discarding old un-productive exploits like WMF. We've also found some of the exploit hubs trying to reorganize the DirectAnimation exploit from September... the one that never quite worked right. Maybe they'll get it right soon, but it still doesn't work.

However, as I said, we're in a lull, and after a lull comes a .... storm!

We, at Explabs, have no doubt that the smartest of the Bad Guys are carefully preparing their next exploit. There is little doubt that once they have it, they'll sell it to as many online gangs as they can, with the condition that no one can release it until an agreed date, when all will release their versions simultaneously.

When will that be? Only the Shadow knows, but one of these Exploit Wednesdays, we'll wake up and find that we're in the midst and fury of a new storm of exploits and malicious websites.

Cheers

Roger