Get the bait out - it’s phishing season

At the start of July we saw an to end to World Cup and all that football fever, along with this, spam levelled off, and virus activity was low. With the launch of the Internet Defence Phishery this month, the quantity of phishing attacks is far easier to see than ever before. In the late July sun, the smell from the phishery, as well the temperature, was rising as a vast amount of new phishes came into the phishery to be processed [ed: I think she means that there was a massive volume of phishing emails sent out, targetting a number of instutitions in the last weekend of July].

The US is back at numero uno for spam, viruses and phishing emails. Bleh.

(more…)

World Cup Crazy

With any worldwide event, security precautions increase, and people are on high alert, as you would expect an increase in malicious activity. In Germany, security professionals held their breath, especially the World Cup network operators as the football matches began.
(more…)

We saw a flurry of new viruses last Friday which gave us a further insight into the methodologies of virus writers (VXers) and exposed the staging ground for a new series of breplibot/brepibot variants.
(more…)

In keeping with our previous article on poor coverage from commercial AV vendors, we performed another comparison of AV systems against our IRCBot-639 Trojan, with interesting results.
(more…)

Bank Holidays?

May has definitely not been as drab and dreary as showery April. Although the overall view of spam, ham and viruses has not altered extremely, it is the breakdown of each of these which is interesting; the amount of ham seen has decreased from last month by ~3%, with spam gaining this percentage. Phishing activity is continually increasing, but we haven’t seen anything of much excitement. It’s also been a while since we have seen a new virus in the wild - but with May we have seen a change - a new virus and its several variants were detected between the middle and end of the month.
(more…)

What is the VBL

The VBL is a virus host blacklist which is provided by the Internet Defence team. The database is a list of all IP addresses from which email containing a virus, or phishing/fraud email, has been sent from. As with the SBL, the identification is an automated process - no user preferences are involved in making the decision about whether an email contains a virus or not. It is an aged database, so no IP’s remain in the database over 3 days, unless the timeout is reset by receiving another virus from the same address.

(more…)

The other day, I was reading some reviews of anti-virus (AV) products, and looking at some of the claims their marketing makes. In particular, most vendors claim a 100% success rate with a test against a set of known viruses. While, at first glance, this may seem like a good thing, the problem is that you really want your AV system to stop the “new” viruses. It seems kind of obvious, and a relatively easy thing to do, to stop “old” viruses. So, when an outbreak happens, how well do current AV systems do?
(more…)

A long standing problem when it comes to identifying viruses, or simply trying to find information out about a virus, is that each vendor names the virus in a different way. All too frequently, the only way to find out what name a given virus is called is to run it through a vendor’s anti-virus product. We primarily use the ClamAV anti-virus system, so tend to use the names generated by Clam as our starting point. In this article we will investigate this issue, and show some ways round it.
(more…)

We received a suspicious email today purporting to be an order confirmation from ‘element5info.com’ notifying us of an invoice for GBP 90.39, with an executable attached calling itself INV 4946911.exe. Putting it through a dozen different Anti Virus systems didn’t bring up any hits for known viruses.
(more…)

April Showers

April, usually a dull, grey month, in between Winter and early Summer. And the Spam report for this month, is much like the weather. After the excitment of the Winter’s WMF exploit, and the corresponding upsurge in spam, unsolicited email has been coming along in a steady deluge. Read on for an overview of the key trends and highlights in email attacks and spam sending for the month of April.
(more…)