Be Smarter than John
Hilarious video from F-Secure. I’ve got people emailing their credit card numbers clear text. Perhaps this might get the message across.
Archive of posts tagged F-Secure
Fake AV on Drudge
I was over at the Drudge Report last night and finally saw a fake antivirus social engineering attempt there. I’d heard before that the ads on drudge often served that up, but it was the first time I ran across it myself. On my work computers, I have the full Symantec Endpoint Protection suite installed …
PDF Launch Vulnerability
If you’ve been sleeping on the Adobe Acrobat and Reader /Launch vulnerability, its time to consider taking mitigating steps. The proof of concept presented by Didier Stevens uses the /launch functionality that is part of the specification for PDF in order to execute arbitrary code. Because this was a problem with the PDF specification, the …
Kaspersky and csshover.htc Possible False Positive?
This morning Kaspersky is detecting Downloader.JS.Iframe.aqo in csshover.htc on a few different websites. Seems to be a false positive. Virustotal shows the following: File csshover.htc received on 04.09.2009 17:40:35 (CET) Antivirus Version Last Update Result
Mal/Dropper-L
We had a couple viruses get past MessageLabs last night. That is not something I normally see. Both files were named lgame.zip and contained a single file lgame.exe. The subject of the message was “Hot Pictures.” Sunbelt Software’s analysis of this file is really good. You can view that online here. The email messages were …
FDF Spam
F-Secure is reporting in their blog that they are seeing spam in FDF file attachments. FDF files will open in Adobe Reader. Spammers are using this as their latest attempt to bypass spam filters.
Delf.aki
The HTTP gateway detected the Delf.aki virus in a file profilewatcher_setup.exe which one of my users tried to download. Just for kicks I uploaded it to the virustotal site and here’s the result. File size: 985897 bytes MD5: 837c3036adf45c11a45c8a2f356c060e SHA1: ef7311d94a80962d886befefb6bc08f03941f3e4 packers: BINARYRES Antivirus Version Update Result AhnLab-V3 2007.5.21.1 05.22.2007 no virus found AntiVir 7.4.0.27 …
More Stormwatch
F-Secure has a blog entry on the latest virus varients from the stormwatch virus. Subject:So Unique Feeling Horny? Full Heart Sending Kiss Just You Heart of Mine I Love You Soo Much [events]Our Wedding Day Love at first sight Dream Date Coupon Back Together Attachment: flash postcard.exe postcard.exe greeting postcard.exe Greeting Card.exe Those are just …
Virus of the day
Today’s virus of the day is being detected as win32.small.dam in our inbound email. The recipient addresses so far are very old. I guess this is one spammer group that hasn’t been sold our corporate addressbook. The only reason I mention the virus, is the lurid subject lines got a laugh out of me. “U.S. …
F-Secure: postcard.exe spam run
F-Secure blogged this morning about a large scale spam run underway sending messages with the attachment postcard.exe and the subject “Happy New Year!” I saw that at my site last night. Actually, I probably wouldn’t have even noticed all those detections, but I reenabled the filters on my blackberry so it doesn’t get filled up …