virus

About ransomware, Google malvertising and Fraud

I am sick and tired to see so many people affected by this wave of ransomware attacks. I don’t want to go into details about Ransomware like Locky because it has been written quite a lot about it. The most common way that Locky arrives is as follows: You receive an email containing an attached document. The document advises you to enable macros “if the data encoding is incorrect.” If you enable macros, you don’t actually correct the text encoding (that’s a subterfuge); instead, you run code inside the document that saves a file to disk and runs it. The saved file serves as a downloader, which fetches the final malware payload from the crooks. The final payload could be anything, but in this case is usually the Locky Ransomware. Read more details here (NakedSecurity of Sophos).   Now, desperate people who just got all their document encrypted by Locky, search the web for possible solutions. Remember: Locky scrambles any files in any directory on any mounted drive that it can access, including removable drives that are plugged in at the time, or network shares that are accessible, including servers and other people’s computers, whether they are running Windows, OS X…


No Image

Virus Bulletin International Conference 2011

  The VB2011 – the 21st Virus Bulletin International Conference took place between  5-7 October 2011 in Barcelona, Spain. The city of Barcelona is a wonderful place to be. Pity that I didn’t have enough time to see all of its wonders.   Here is the article about the Opening of the conference.   Here are the reports from the three days of the conference: Day 1 Day 2 Day 3  


No Image

The CompTIA Security+ Certification: passed

I’ve had today the exam for the CompTIA Security+ SYS-201 certification and passed it with 828 points out of 900 (min. 750 to pass it). I’ve learnt after the book The CompTIA Security+ 2008 Study Guide, 4th Edition., author Emmet Dulaney. Why this book ? It was recommended by CompTIA on their website and it was cheap 🙂 I started initially with the eBook : The CompTIA Security+ 2008 in Depth, author Mark Ciampa. Remember by posts about the posts : Not all AV software are the same” – CompTIA Security+ 2008 and Cybercriminals from Eastern Europe ? They were from that book. This is the reason for which I dumped it. About the Exam The book had not much to do with the exam… Yes, they covered more or less a part of the objectives, but very, very shallow. They barely scratched the surface. How did I pass ? Because of the previous experience with Security, reading a lot about Security and living it every day. It is a tough exam for someone who is not used to think in terms of software security. But it was fun to learn for it. And this is the last day when…



No Image

Why no antivirus for P2P programs ?

I received a nice email with a very good question from Mehdy Mohajery. It is not the first time I am asked the same question. This time I am documenting the answer I always give. Question: I saw you profile on linkedin.com just tonight , and I noticed that you are specialist in both p2p systems and designing security systems. that encouraged me to ask a question from you. As you know, nowadays a lot of viruses are being distributed via p2p networks like KAD & EDonkey. If an anti virus vendor like avira could provide a plug-in for a major p2p2 client (emule) to detect viruses before downloading by their FileID (MD4 Hash) , then a major part of virus traffic on p2p networks can be eliminated. So why nobody on security industry seems to care about securing p2p networks with this method? should I download every piece of scrap to know if it’s infected? I like to know your opinion about this. Dear Mehdy Mohajery, There are several reasons why nobody adds an AV for the P2P programs: 1. Having in mind the “free of charge” nature of the P2P networks, nobody will pay for an Antivirus program….


%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close