September 2005 VECTORBLOG

September 20, 2005

subscription

The latest versions of Bagle/Beagle hit this week. The changes are minor, mostly cosmetic, and seem to be another thumbed nose at the Internet – the author continues to do business on the web without fear of widespread antivirus adoption, firewalling, or being caught. 

The newest versions adopted the often-seen “price” filenames (i.e.: price.zip), opens Notepad upon execution, and aims to disable a number of security applications. The Bagle author also included a routine that renames certain executables to contain a number in their filenames, in an apparent attempt to prevent them from working as well. 

September 19, 2005

firefall

The Internet Explorer bashing won’t stop just because of a report that shows 25 vulnerabilities for Firefox this year, and 13 for Microsoft’s browser, but it should at least get more interesting. The figures that everyone saw coming, are available in Symantec’s Security Threat Report, always an interesting read. It is available, with registration, at: Symantec.

September 16, 2005

summer's end

Reprieve this month, kind of, from Microsoft. No patch to deploy, but it is a rather ominous report: the patch was pulled for a Critical flaw because of problems with the fix. The idea that the vulnerability will remain secret may seem impossible to some readers, but at least give Microsoft’s internal security respect if it does.

September 3, 2005

starter kit

So you live in Japan and you got one of the 4,000 Zen Neon MP3 players that has a copy of Wullik on it (Wullik.B actually). Maybe you should hang on to it right? It may be a collector's item. Of course, anyone could put the worm onto a new Zen device, so you'll need the list of serial numbers from Creative to prove yours is authentic. And, who do you think may be interested in purchasing your MP3 player one day? Not much of a market for such things is there...

Back in November 2003, this mass mailer made its way around a few Outlook inboxes. It was not terribly widespread and was somewhat easy to spot because of its use of Chinese characters in the Subject line of the email. 

http://www.toptechnews.com/story.xhtml?story_id=001000000TDE 

September 2, 2005

net storm after the storm

If you have been following the tragedy in the southeastern United States at all you have come across reports of scams aimed at those who are interested in helping and learning more about the plight of thousands of people affected by hurricane Katrina. This being a malware site, the portion of that crime discussed here is the Trojans being delivered under the guise of being news updates. A new report is available, entitled, "Aftereffects." It is available here and as a PDF. Beyond the morality and legality evaluation, there is still the impact that such actions have on the Internet, and the people that rely on it to get things done - such as make donations to help fellow humans that really need them.