InfoSecPodcast.com » Viruses & Worms

Cell phone virus writer arrested in Spain

Chris Harrington — Tue, 26 Jun 2007 13:30:35 +0000

Spanish police arrested a 28 year old man for writing several variants of the Cabir and Commwarrior viruses. These viruses targeted the Symbian operating system which is a popular cell phone OS. It was spread through Bluetooth connections. They are reporting that over 115,000 phones were infected. How did they catch him?

He put his fiance’s name in the source code. When will malware authors stop putting personally identifiable information in their malware? I hope never…..Darwin was right.

www.whitedust.net/speaks/3905/Spanish%20police%20pinch%20cell%20phone%20hacker/

–Chris

Technorati Tags: cell phone, virus, Cabir, Commwarroir, 29a, malware

ESET’s NOD32 Antivirus

Chris Harrington — Tue, 20 Mar 2007 02:10:23 +0000

I try not to write about or endorse products as a rule. Every now and then I come across a product that warrants a post. I’ve been a long time Symantec antivirus user, much of it a holdover from the Symantec System Center days. The latest versions, from Symantec and others like Trend Micro, seem to have everything but the kitchen sink. Take a look at running processes and you will likely find several hogging more than their share of memory. They seem to be approaching bloatware status.

For a while now I have been using NOD32 from Eset. A good friend who is Information Security Analyst at a local college here in NH turned me on to NOD32. It’s lightweight, fast and accurate. They have scored 100% on the Virus Bulletin detection tests a total of 41 out of 43 times. The next closest competitor was Symantec at 35 out of 38 attempts.

If you are thinking about trying a different AV, give NOD32 a try. I’ve had great luck with it. You can get a free trial at www.eset.com/download/index.php

–Chris

Technorati Tags: Antivirus, ESET, NOD32

Worm articles & presentations

Chris Harrington — Fri, 13 Oct 2006 15:45:16 +0000

The JoatBlog posted links to conference materials from last years Workshop on Rapid Malcode (WORM). A lot of great material worms, bots and other nastys can be found here.

–Chris

Technorati Tags: worm, bot, malcode

Virus targets AntiVirus researchers, sort of.

Chris Harrington — Thu, 13 Jul 2006 15:24:39 +0000

A new virus was detected in early July that reportedly targets AV researchers. The virus, know as Gatt / Gattaca, will scan an infected system for any files with the .idc extension and infect them. These .idc files are disassembler files used by Interactive Disassembler Pro, a very common tool used by AV researchers to reverse engineer malware.

Why do I say this sort of targets AV researchers? The virus doesn’t do anything as there is no malicious payload. It just replicates it self to other .idc files. So why write something like this? I agree with Mikko from F-Secure, “I think it was written to just show off it can be done”. In typical hax0r tradition there is a hidden message / shout out in the file accoding to this Sophos analysis. For the curious I’ve added links to several AV companies analyses of the virus.

And for the REALLY curious, pick up a copy of Ed Skoudis’ book, Malware: Fighting Malicious Code. I am just finishing the book now and will post a review soon.

–Chris

Links to W32.Gatt / W32.Gattaca / W32.Gattmann analysis
Symantec
Sophos
McAfee
Trend Micro

Technorati Tags: Virus, Malware, Antivirus