September 3, 2010 - You’ve seen them before. The advance fee fraud or the 419 scams. The one where a prince, a distressed widow, or an unscrupulous but half literate bank manager contacts you with a proposal. Invariably, there is a Read more
September 2, 2010 - SophosLabs has discovered a technique in anti-virus marketing, which we detect as Spin/BigNumber-P. Typical behaviour involves phrases such as “Product detects X viruses!”, where X is a large, rather exact-sounding number. Some variants involve high-tech numerical displays updated in real-time Read more
September 1, 2010 - Recently, creators of Fake Anti Virus software have been getting quite creative and somewhat “professional” in designing the look and feel of their fake software. Today I came across one with sounds. Read more
August 31, 2010 - Since my last blog post on the topic of DLL Search Order Hijacking there has been a lot of community activity in this area. The purpose of this article is to differentiate the specific hijack technique I was describing from Read more
August 30, 2010 - Most typical modern malware variants tend to hide critical parts of their functionality (strings, URLs/IPs of its dodgy servers, etc.) using some form of encryption. In most cases only trivial algorithms are used. However, these suffice as the intention is Read more
August 29, 2010 - The following internet advice, which may have a subject title such as above, could just get you killed. Like any other middle aged, balding, over-weight chap my mother still worries about me. Read more
August 26, 2010 - We have been discussing the issue of unsafe DLL loading in the lab since the release of the Microsoft advisory about a potential attack vector that uses the default Windows Read more
August 25, 2010 - Today in Boston is a special day. Yes it’s raining, but today the yellow buses have started their engines. It’s back to school time! I thought I might use this as Read more
August 24, 2010 - This is part one of a series of posts I plan to make on what Mandiant does to “Find Evil and Solve Crime“. These posts should help to make your organization better, faster and stronger at performing effective computer security Read more
August 23, 2010 - Every once in a while, I get the odd spam message that really makes me want to laugh. Take this one for instance. The spam message says that if I ever want to get a home loan, just feel free to Read more
August 19, 2010 - Adobe Systems has sent out a critical Security Advisory for Adobe Reader and Acrobat. This advisory is related to the security vulnerability CVE-2010-2862. For more information, please refer to Read more
August 17, 2010 - Graham blogged about a Facebook clickjacking worm back in May which we dubbed Likejacking — for a number of weeks the threat ran rampant throughout Facebook. Since then, it has calmed down quite a bit and we don’t Read more
August 16, 2010 - On a Windows host there is more than one way for a program to communicate across the internet. When reverse engineering a piece of malware it is of critical importance to understand what API is being used and how it Read more
August 12, 2010 - Hi! I saw your ad on Craigs List I am going make this response short and sweet. If you are interested to make a bit of money on the net, then check-out this web-site called: reseller.info So it is not always the Read more
August 6, 2010 - It seems there’s a new scam flooding our mailboxes today which uses a technique which may get people to panic into doing something they shouldn’t. We’ve seen a number of different messages all using the same technique of thanking the Read more
April 7, 2010 - Wednesday, March 31, 2010Panel Members:David Bell, Retired, Co-author Bell-La Padula Security Model Joe Pekny, Purdue University Kenneth Brancik, Northrop Grumman Petros Mouchtaris, TelcordiaSummary by Utsav MittalThe panel was started by Petros Mouchtaris. He said that applying for funding is not that bad although Read more
April 7, 2010 - Tuesday, March 30, 2010Panel Members:Steve Dill, Lockheed Martin Donald Robinson, Northrop Grumman Ross Maciejewski, Purdue Alok Chaturvedi, PurdueSummary by Ryan PoyarThe first panel of the 2010 annual security symposium kicked things off to a great start and an interesting discussion. The topic was Read more
March 3, 2010 - May 2010 will mark the 4th aniversary of our collective cowing by spammers, malware authors and botnet operators. In 2006, spammers squashed Blue Frog. They made the vendor of this service, Blue Security, into lepers, as everyone became Read more
