The other day, I was reading some reviews of anti-virus (AV) products, and looking at some of the claims their marketing makes. In particular, most vendors claim a 100% success rate with a test against a set of known viruses. While, at first glance, this may seem like a good thing, the problem is that you really want your AV system to stop the “new” viruses. It seems kind of obvious, and a relatively easy thing to do, to stop “old” viruses. So, when an outbreak happens, how well do current AV systems do?
(more…)

A long standing problem when it comes to identifying viruses, or simply trying to find information out about a virus, is that each vendor names the virus in a different way. All too frequently, the only way to find out what name a given virus is called is to run it through a vendor’s anti-virus product. We primarily use the ClamAV anti-virus system, so tend to use the names generated by Clam as our starting point. In this article we will investigate this issue, and show some ways round it.
(more…)

Over the weekend of 12th - 15th May, news of a interesting exploit against VNC was announced CVE-2006-2369, enabling an attacker to bypass the VNC authentication on the server, gaining remote access to the desktop. We’ve been looking for signs of increased activity against the VNC ports (typically 5900, although, depending on the configuration, more could be in use).
(more…)

We received a suspicious email today purporting to be an order confirmation from ‘element5info.com’ notifying us of an invoice for GBP 90.39, with an executable attached calling itself INV 4946911.exe. Putting it through a dozen different Anti Virus systems didn’t bring up any hits for known viruses.
(more…)

April Showers

April, usually a dull, grey month, in between Winter and early Summer. And the Spam report for this month, is much like the weather. After the excitment of the Winter’s WMF exploit, and the corresponding upsurge in spam, unsolicited email has been coming along in a steady deluge. Read on for an overview of the key trends and highlights in email attacks and spam sending for the month of April.
(more…)

From the dept. of what not to do - security in airplane design.
(more…)

A design error has been found in the ‘ntdll’ DLL in Windows which would allow an malicious attacker to place a virus on a system which would be bypassed by most of the major Anti-Virus products.
(more…)

A new and interesting vulnerability released yesterday is certainly due to create headaches for Windows Administrators. with all key versions of Exchange Server affected.
(more…)

To recap, the intent of 419 scams is an attempt to extract money from the email recipient - the victim. There is usually an offer of a large sum of money to be given to the victim, however before the victim can receive this large some of money, they have to pay an upfront fee.
(more…)

….following up from last weeks article, IKMA has declined in market value - it now as at 0.125. which is down by 61%!!
(more…)