Mal...where?

Fighting the Global War on Malicious Code

Dodging Bullets, Take One

An object lesson in keeping software patched and updated:

I saved that screenshot in a newly-created directory labeled "Oh Crap," and as soon as I saw the message, I knew what was in-progress: this vulnerability, fixed in the 10.1.x versions of Symantec Client Security. Too bad I had been too lazy to update from 10.0.x...

For most people, such a turn of events would've had their computer either attacking others on its own (i.e. the recent Big Yellow worm) or as part of a hacker-controlled botnet. Thankfully, I usually put a lot of time and effort into my security, and the excellent Sunbelt-Kerio Personal Firewall that I have in place of the craptacular Windows Firewall caught the exploit in the act:

...and all I had to show for it was some log entries, a network-wide alert, a crashed Symantec session, and a quick RootkitRevealer scan to ensure nothing had been activated that WinPatrol Plus, Sunbelt-Kerio, and Symantec were unable to see. One bullet dodged, one lesson learned.

~ Nexus7

Labels: , ,

posted by David @ 9:42 PM, ,

Spotlight Series

I'm looking to do an extensive overview of an (in)famous malware vendor each Friday, starting with the one which we all love to hate for its massive amounts of dumped programs on the C:, with such memorable names as defender, keyboard, newname, drsmartload, mendoza, and the like...

The Craptastic DollarRevenue!!!

...in its transition from adware vendor to straight-up trojan creator. Expect horror, dismay, and, if I can manage to piss the right people off enough, maybe even my own DDoS. Perhaps one day...

~ Nexus7

posted by David @ 10:44 PM, ,

Reviews and Predictions Worth Your Time

After looking at McAfee's uninspiring Trends '07 list, it's a bit of fresh air to see the F-Secure 2006 summary and predictions for '07 video here. Well-done, insightful, and, while a bit light on the predictions, you can tell that it wasn't done in ten minutes by an underpaid intern. Hooray for quality corporations!

~ Nexus7

posted by David @ 9:11 AM, ,

McAfee's Predictions...Plus Reality

So security firm McAfee released their predictions of malware trends in 2007 -- all ten can be seen here along with a rather limited description. In my humble opinion, a bit more needs to be said in response to these predictions, with a bit of harsh reality in mind...

1. The number of password-stealing websites will increase using fake sign-in pages for popular online services such as eBay.

Um...duh? Phishing has increased dramatically in the past few years, and it increases every year. 2007 will not be an exception, rather unsurprisingly.

2. The volume of spam, particularly bandwidth-eating image spam, will continue to increase.

Along with "the sun will rise" and "gravity will yet hold the denizens of Earth on its surface," this one's another no-brainer. An increase in spam? As in every year? As in already happening right now? Who would've thunkit?

3. The popularity of video sharing on the web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code.

To be fair, they are some of the first people to come to this conclusion, though the recent spread of a MySpace worm via QuickTime movies might've been something of a tip-off...

4. Mobile phone attacks will become more prevalent as mobile devices become 'smarter' and more connected.

So they say every year, and yet CommWarrior and its ilk still remain some of the only viable mobile malicious threats. Perhaps it's going to take one well-crafted program that wakes-up the blackhat community into seeing the potential there. Or maybe we'll be saying the same thing for '08...

5. Adware will go mainstream following the increase in commercial Potentially Unwanted Programs.

The dumbest one in there. Adware's been "mainstream" for the better part of a decade now, and PUP's are nothing new. Who gets paid to come up with these things, and how do I get in line for the job?

6. Identity theft and data loss will continue to be a public issue – at the root of these crimes is often computer theft, loss of back-ups and compromised information systems.

Can a prediction really just say "things won't change"? Because this one's not much of a look into the future, folks...

7. The use of bots, computer programs that perform automated tasks, will increase as a tool favoured by hackers.

No doubt. The statement's kinda lame, since bots are remote-controlled programs that allow access to a compromised user's machine, and they rely on the botmaster for commands (automation is only a very small aspect of their use), but the thrust of it's still certainly valid.

8. Parasitic malware, or viruses that modify existing files on a disk, will make a comeback.

I'm really interested in this -- it's the only prediction McAfee makes that I don't feel would be on the top-ten list of the most casual security researcher. With the domination of the malware field by Trojan programs (Prediction #3 here), I certainly would like to hear why they believe this, and to see how it might develop.

9. The number of rootkits on 32-bit platforms will increase, but protection and remediation capabilities will increase as well.

Sadly so, though the "protection and remediation" bit is also likely to be true. I sure hope so; having to scan with RootkitRevealer after-the-fact doesn't do much for the guy who's had a hidden keylogger running for any length of time. We'll see if PatchGuard comes back to bite M$ in the butt on this one, too. (I, for one, think they'll probably be safe -- Symantec's Tamper Protection is overrated, anyways).

10. Vulnerabilities will continue to cause concern fuelled by the underground market for vulnerabilities.

The market for Zero-Days will definitely continue to grow, especially when one can combine an unpatched exploit, an established network of zombie machines, and some adware programs or a data stealer to spread. Bad news all-around.

Bottom-line? Expect bad things to continue, and folks like us to continue to fight the good fight trying to keep everyone safe on the 'Net.

~ Nexus7

posted by David @ 7:53 PM, ,


Web This Blog

About me

    I'm David From Atlanta, Georgia, United States -- I'm a Computer Science undergrad at Emory University seeking to go into Network Security after grad school. More than that, I am a follower of Christ and a Christian, living the Journey and learning from others who are doing the same. My family and home rest in Fredericksburg, VA.
    My profile

Archives

Previous Posts

Helpful Sites

Favorite Forums

Favorite Blogs

Powered By

Powered by Blogger>