Wednesday, December 19, 2007

In the news today... December 19, 2007

Hi folks,

Things have been quiet for a few weeks now, and we've been patiently waiting for the other shoe to drop, especially given that it's the run-up to Christmas, but four fairly notable things have happened today...

First is that the DollarRevenue guys have been fined $1m euros for dodgy practises, with the full story here.

Shout-outs to OPTA, although a bigger fine would have been even better.

(Props: Larry @ Spamhaus)

Second is that the authors of the popular Pinch trojan have been arrested in Russia, full story here.

(Props: Kaspersky Labs and Ferg)

Surely those two events will serve to make perpetrators think twice.

Third is that, seemingly overnight, there was a web worm on Orkut, which seemingly lived, infected 400k computers, and died again overnight due to google being quick to react (shout-outs to google for that). Basic story is that any place where 3rd parties can post to a website, such as scrapbook entries on Orkut, represent an issue. If the 3rd party can post javascript, there's a good chance they can do something malicious, so all such inputs are supposed to be sanitized against that, but in this case the perp found a way to disguise the javascript enough to get past the validation/ sanitization process, and voila .... a webworm. It's a wonder we don't see more of them. Fuller story here.

(Props: Ryan)

The fourth thing is that one of our goat machines we got a virus today from a website. A really, truly virus called Cekar! Cekar is not particularly new, having been around the early part of 2007, and its main function is to steal passwords from a Chinese chat program called QQ (according to McAfee ... http://vil.nai.com/vil/content/v_141463.htm), and this makes sense, because it came in from a Chinese exploit server. The exploit that delivered it was old too... an MDAC (MS06-014), but it was interesting to watch it infect the system. It was a fast infector too... instead of waiting for a program to execute before infecting, it hit the whole disk, and all visible network drives in one pass. Quite took us back to the Old Days of the early 90's when fast infectors were the problem du jour.

This really underscores two points... (1) it's way better to keep these things off your disk in the first place, because a fast infector messes you big time, and (2) we are _always_ going to need good antiviruses, just for the times when they manage to get in.

Cheers

Roger

0 Comments:

Post a Comment

<< Home