Author: nathan

Two questions that I suspect that we'll be fielding on this are a) why is that important and b) why should you care.  I'll try to quickly address both here but don't hesitate to let me know if I've missed anything. Why is that important?  Simply put, you've probably got Java installed and, unless you've updated it in the past 5 minutes (ok, that's an exaggeration, but you get the point), you're likely vulnerable to at least one of the many attacks out there.   Why should I care?  Again, simply put, Java is one of the biggest (currently ranked by Kaspersky as THE biggest) vulnerability being exploited by cyber criminals to install malware.   Now, the question that you likely didn't ask is what you need to do about it.…

This is a follow-up to my earlier article 'How do people make money off of Viruses' and is from an Internet Storm Center diary entry describing very simply what viruses do.  Basically, the author has noticed some questionable traffic on his network that the antivirus completely missed and, after some investigating, found that the virus on the computer was transmitting data to a server in the Ukraine every time the computer visited a website (think bank, gmail, etc.).  Further investigation confirmed that the virus was installed after the user visited a newspaper website that happened to have a poisoned ad displayed on it (starting to sound familiar?).  It's a very quick read and good insight into why it is so incredibly important to keep your computer up-to-date.   Article - http://isc.sans.edu/diary.html?storyid=14428

Ok, for the record, our stance on new Microsoft operating systems is (and always has been) to hold off until at least Service Pack 1 and let someone else find all of the undocumented features.  There have been a few exceptions here (Windows 98SE [yes, it was technically a new release and not a SP for Windows 98] from Windows 95, Windows 200 from Windows ME [uggggh, what a horrible thing that was] and Windows 7 from Windows Vista [or, as we refer to it, Windows ME2]).  All in all though, it's not a good idea to be an early adopter of a new Windows Operating System.  Window 8 is really no different and it should come as no surprise that Vupen has already found a zero day in the…

I saw this article today and it hit me that, dang, that would be an awesome tool to have from the antivirus, rather than having to try to go all CSI (from the article) to see what had been changed and, perhaps more importantly, how long ago it had been changed (2 seconds prior to the pop-up or 2 months ago, and it's been piping data to the attacker ever since).  There are server-side tools that can be installed to do this kind of thing (think tripwire and the like) but, for a simple workstation, I'm not aware of anything that will actually alert you when something was changed, only when it (the anti-virus tool) notices it.

A question that we get asked regularly is "How do people make money from viruses?".  This is a topic that, for many, is hard to get their brain around.  I've covered several ways to 'monetize' malware in the past but saw this article this morning and wanted to share it with a quick op-ed. The article basically takes a look at malware designed to 'steal' money from advertisers by faking clicks (e.g., an advertiser pays to advertise on a page and is billed based on the number of people that 'click' on the advertising link).  This is only one way that criminals have found to monetize malware but the article does an excellent job of demonstrating how it works.   The article also gives a good cross section of the…

Just wanted to remind everyone that Cyber Tech Cafe would be giving out candy as part of the Downtown trick-or-treating tomorrow from 3:00pm to 5:00pm.  If you're going to be in the area, swing by and pick up some candy and say hi!

We have just noted an issue with some of our outbound emails being queued, resulting in some non-delivery reports.  We have confirmed that none of our servers are blacklisted and all appear to be functioning properly.  Troubleshooting to this point indicates that there is a problem on the ISP side and we are working to get the problem resolved ASAP.  I will post a response here as soon as a resolution has been reached.

Back on 9 October, I reported on a worm that was spreading (primarily) via Skype.  Today, I found a good write-up on the worm, how it spread and a very important component to it's success (user action required).  The story is available here and was carried by Packet Storm Security (lends a lot of credibility).  I'll spare you all of the details (available in the article) but some important things to take from it are: It was spreading via Skype initially but later was found to also be using the Instant Messenger networks.  Skype quickly acknowledged the problem and released a statement on their website. It was spreading via a link, requiring that users click on the link.  Even though the link a) was to a valid URL shortening service (Google) and was…

There is a new worm making the rounds that is specifically targeting Skype users.  There are details in the linked article but the short story is that Skype users are receiving phishing emails asking  "is this your new profile pic?".  If you click on the link, the virus code is launched.  Skype has advised that they are looking into ways to mitigate the problem and have advised all users to upgrade to the latest version and make certain that their computers are up to date.  If you are a Skype user, beware.   Article