I’ve been seeing a couple of viruses detected heuristically in the inbound email at my company.
Subject: Finally!
Subject: Finally! Captured!
File: pics.scr (could be inside a zip)
Fsecure has a mention in their blog that seems to match what I”m seeing. They call it bobic.d
Archive for July 2005
Bobic.d
New Software
I performed an upgrade on the blogging software I use here. No worries thus far. Hopefully there aren’t any security holes lurking. 
0wning systems via antivirus
This presentation was given earlier, but its worth mentioning again. At Blackhat this year there was a demo on owning systems through antivirus. It was more of a history lesson of the ISS discoveries which allowed remote code execution via many antivirus products.
http://blackhat.com/html/bh-usa-05/bh-usa-05-speakers.html#wheeler
Housekeeping: Time off
Summertime and the living is easy. Well not so far. Been working too hard. So I’ll be taking a break until around August 1st.
FTC goes after porn spammers
http://www.pcworld.com/news/article/0,aid,121883,00.asp
What is interesting here to me is that the FTC didn’t just go after the spammer, they went after the company paying the spammer.
its another festivus miracle
I went to Symantec’s Fileconnect site and they actually had the latest version of symantec available. 10.0.1.1000. Amazing. Downloading now. Tomorrow, I’ll remote 10.0.0.359 from my test server and try out 10.
I’m sure the airing of the grievances will come after I install the software.
So is ms05-037 the fix?
Techweb has an article (which they repeat on their SecurityPipeline website) regarding Trojan.Jevproxy. They say that this is a trojan horse exploiting a still unpatched vulnerability in Microsoft Windows.
However MS05-036, Microsoft’s security bulletin for this vulnerability says in the executive summary, “this is the fix.”
Who is right?
Rosenberger @ CPCUG August 8th
Rob Rosenberger of Vmyths.com will be at the Capital PC Users Group Meeting (in Springfield, VA) on August 8th at 7pm. He will be speaking on the subject “Why Don’t Antivirus Firms Get Infected.”
If I remember right, the two reasons Rob has cited in the past are 1) severe penalties and 2) different antivirus. If you shut down your company by opening the loveletter virus, you dont get blamed, you dont get fired. At antivirus companies, you’re in for a severe shunning or worse if you manage to get infected. The later claim that they use different antivirus software I dont think I can explain without sounding like a conspiracy theorist.
Check out the CPCUG site for more info. I saw Rob at the CPCUG a number of years ago and it was very entertaining and informative.
