Another Reason to Avoid Piracy

Earlier this month, our colleagues at the Online Services Security & Compliance Incident Management team were alerted to content on a Spaces page that was allegedly violating copyrights. The reporting party (a well-known band) was particularly concerned as this content was turning up on numerous web portals, having been leaked in Europe only 24 hours…

0

Win32/Slenfbot – Just Another IRC bot?

This month we added a new family of malicious IRC bots to MSRT – Win32/Slenfbot. IRC bots were all the rage a couple of years ago but have dropped off a little in recent times. In general, malware has both diversified and become more specialised, with many bad guys using custom communications protocols for backdoor…

0

Cleaning Over 10 Million IRC Bots

No one could have anticipated all the ways that Internet Relay Chat (IRC) would eventually be used when it was ‘created’ in Finland during the late 1980s. People really started picking up on IRC in the early 1990s, and as with virtually all popular technologies, it started to get abused. IRC enables a single user…

0

Life, the Universe, and Everything

In July, I wrote about two of the amazing new instructions in the SSE 4.2 set: CRC32 and PCMPxSTRx.  CRC32 is special because of its immediate application to obfuscated import resolution, a common technique among viruses and packers.  I said “the VX guys will probably be able to take advantage of it before AV guys…

0

Infected Hardware Myth or Reality?

Recently I stumbled across an interesting firmware – hardware contest hosted by the Polytechnic Institute of NYU. I’ve seen similar competitions run before – some promoting team work, some perhaps generating new ideas for hardware or firmware designs, some just wasting the participant’s efforts altogether. But not this time, this time it’s different. I’ll come…

0

Year Old Worm Weasels its Way Aboard I.S.S.

According to several reports across the ‘net, NASA revealed in a log report that a worm was discovered on some laptops aboard the International Space Station. The worm, known by some as Gammima which we call Worm:Win32/Taterf.gen!C, is at least a year old. NASA is known to perform experiments involving the order “Oligochaeta” whereas the…

1

A Normal Day at the Office

(Never ending story…) We arrived a bit early at the office the other day. It was a beautiful sunny day, you know, typical weather when you have to work 😀 Soon after arriving, we stumbled upon what became an interesting case. It was an executable file that apparently was related to the DNS cache poisoning attack…

2

Current Events Spark Round of Malware

Attackers are busy monitoring current events so they can distribute malware that appears relevant, such as sending spam message containing links to malware with contextual references to the 2008 Olympics in Beijing, or other current events. We recently began receiving reports of a new spam run with an attached malicious password-protected .ZIP file. The message…

0

Manufacturing Fear

We’ve seen some particularly nasty malware recently that has prompted me to think about how people react to scare tactics and fear appeals. The kind of malicious software I’m thinking of in particular here is generally referred to as ‘rogue security software’, and it displays false and misleading messages regarding malware infections in order to…

1

Helpful Suggestions to Protect You From Game Password Stealers

Greetings, As you probably figured out from Matt McCormack’s post, and Jeff Williams’ post; there are a lot of Game PWS (password stealers) out there. I decided to do a post on how you might prevent these PWS from infecting your computer. 1. Run up-to-date antivirus software. I know us gamers hate the performance penalty…

2