Security firms are well known for spreading fear, uncertainty and danger (FUD) but a press release today on the Conficker worm takes the biscuit.

Security experts are largely agreed that the Conficker update scheduled for tomorrow will not bring about the end of the world as we know it. Instead the malware will probably just update itself. After all, it's not in the malware writer's interest to shut down the network that has been so laboriously built up.

Nevertheless this hasn't stopped endless press releases seeking to grab headlines. This is to be expected but some are 'jumping the shark'. Take IT security company Imerja, which has jumped on the bandwagon and come out with some truly preposterous guff.

"30 per cent of all Window's PCs could be at risk. Organisations that are in danger of being affected include the Houses of Parliament, the Ministry of Defence and a number of UK schools," said Matt Hampton, chief technical officer at Imerja.

The logical problems with this are many. Firstly, no-one knows how many PCs are unpatched in such a way to make them vulnerable to the Conficker malware - 30 per cent is a guestimate at best.

Secondly, even if the PCs are unpatched that's no guarantee that they will become infected. After all, many unpatched PCs will be corporate systems behind strong firewalls, which is why the IT administrators have been slow to patch since they are protected.

Similarly people may be protected by running anti-virus software but haven't bothered to patch their systems. People are now getting much better about running security software but running operating system updates is less common.

It also assumes that Conficker is everywhere and will automatically infect any PC that isn't patched. This is of course complete rubbish.

Some security companies have worked hard to rescue their reputations. Imerja seems to be bucking this trend, and FUD like this makes one wonder how professional they really are.

March 31, 2009 | Permalink | Comments (2)

You know how the last blog posting talks about technology being the most important thing in the anti-malware industry? Well, that probably has to be qualified a little bit, because the other key message coming from the Kaspersky Lab New Dimensions press event so far has been the importance of the engineers. So, it's actually all about the technology ... and the people.

Yes, the unsung heroes of anti-malware industry were finally given their day in the sun today - well, not literally, they were still locked away in a windowless room staring at code - as Eugene Kaspersky explained how the astonishing success of the company has been down largely to attracting and keeping talented engineers. The firm is lucky enough to have access to the talent pool of graduates from Russian universities, many of which have a reputation for excellence in engineering and technology courses. But it still has difficulty in finding enough of the best, and on occasion even loses them.

According to Kaspersky, one employee had to re-locate to another software company as it became too distressing to stay on the good side of the malware war, once he found out how much some criminals were making.

That's a pretty extreme example, of course, but what is true is that competition for the best of the best is fierce. Kaspersky also has a bit of an advantage over some of its competitors, however, because of its reputation, VP of R&D Nikolay Grebennikov told me. It is well-known in the industry for innovating, and supporting its engineers with whatever projects they might find it necessary to undertake, so it has garnered a good reputation among the security researcher community. Things get done, in other words, and with the recent creation of the Global Research and Analysis Team (although most security vendors have something like this already) there is yet another lure to tempt potential white hat recruits into the Kaspersky ranks.

December 5, 2008 | Permalink | Comments (0)

Internet and messaging security firm Websense has uncovered its first Christmas virus scam, and we aren't even out of November.

The scam, which is so devilish it can only have come from the Grinch, offers a lucky email recipient the chance to feel like they have the sort of friends who send out tedious e-cards, but has a nasty little payload.

Yep, apparently some swine has spoofed a reputable firm's type of message and put a stinky pile of malicious code in the back of it. Websense said that a URL within the postcard leads the recipient to a .exe file. If downloaded, this creates a backdoor on their computer which allows access to and control of the compromised machine. And all this from a Christmas message celebrating the season of goodwill.

However, it's difficult to not be dismayed with the type of person who would be conned by such a virus. "During the install process an image called xmas.jpg is displayed to the user as a distraction technique," Websense explains. A distraction technique - what are they, monkeys? It's amazing the impact a picture of some elves in Santa's grotto can have on IT security best practice.

Author: David Neal

November 28, 2008 | Permalink | Comments (0)

It's been widely touted recently that the threat from viruses and worms is rapidly being overcome. One of the latest proponents of this argument is Symantec, which has asserted that such threats are effectively a thing of the past.

http://www.vnunet.com/vnunet/news/2166102/symantec-shifts-focus-security

Traditional nasties are, Symantec burbles, waning as cyber-criminals turn to identity theft. But how are these nefarious scammers conducting their identity thievery? They are not hiding in dark alleyways, jumping on unsuspecting victims and making off into the choking miasma of  Olde London  Town to pass on their ill-gotten gains to some shadowy cyber-Fagin.

In fact they are using a variety of methods including key-loggers, rootkits and precisely the Trojans that Symantec says are no longer a threat to steal sensitive personal and financial details.

We, with due respect, believe that the proponents of the notion that we've seen the last of viruses, Trojans and worms are talking out of their BackOrifices.

October 18, 2006 | Permalink | Comments (2)