jump to navigation

A bit of travel part 1 May 29, 2007

Posted by Dave Marcus in General Chatter, General Security.

What a week last week was! I had the opportunity to travel to both Germany and Ireland last week on business for McAfee. Having only been shortly to Germany and never to Ireland, I jumped at the chance to go.

For Germany I was in Hamburg for two days. Quite a beautiful city and I very much enjoyed the people, food and beer! I would like to have had more time there but work kept me quite busy and on a tight schedule. Spent most of my time with my co-workers (who are great) and getting more familiar with malware in Germany and Europe. I have always said McAfee Avert Labs has the finest researchers and this trip to Germany has solidified that view. Our researchers in Germany and across Europe are on the bleeding edge.

In Ireland I had the chance to spend time in Cork. Cork City to be exact. This very well may be one of the most beautiful countries on Earth (at this point I haven’t been to all the countries on Earth!). Being from The Bronx, NYC originally meeting friendly people on the street is kinda odd to me. Several folks actually stopped me to ask where I was from, did I know where I was going, could they help, etc… I was amazed and quite touched. The highlight of my time in Ireland was a trip to Kinsale. We stopped at Forts Charles and James to walk a bit. Didn’t have a chance to walk inside them as it was late in the day but, hey, there is always next time. And of course we went to The Spaniard! Finest pints of Guinness I have ever had (I lost count of exactly how many).

I cannot wait for an excuse to return…..


Bonus episode of AudioParasitics Podcast May 24, 2007

Posted by Dave Marcus in General Security, Malware, PodCasting, Vulnerabilities, Zero Day.
add a comment

We released a bonus podcast episode of AudioParasitics – The Official Podcast of McAfee Avert Labs earlier this week.

In this episode we delve once again into the debate around vulnerability disclosure and bounty programs. Jim Walter and I wrestle with the ethics of bounty programs and whether or not they help protect customers. We battle with the explosive and complex relationships between bounties, vulnerabilities, exploits and malware.


Remember that you can subscribe to the podcast through iTunes or Podzinger as well.

A bit of shameless self-promotion May 9, 2007

Posted by Dave Marcus in General Chatter, General Security, PodCasting.
add a comment

Hey, it never hurts! We have begun podcasting at McAfee Avert Labs. Episode 6 will be coming out next week and I really must say they are quite good (alright I am the co-host so could I really say anything different).

The podcast is titled AudioParasitics – The Official Podcast of McAfee Avert Labs and can be subscribed to through the following methods:

We are definitely a security podcast with difference and a whole lotta attitude! Check us out.

My latest presentation May 8, 2007

Posted by Dave Marcus in General Security, Malware, Presentations.
add a comment

I posted recently about a presentation I was about to give at the DoDIIS Conference. I am pleased to say that it went well. I really like these types of conferences best – smaller venue, smaller rooms – ’cause it lends itself better to really good Q&A. I think presentations are truly about Q&A. I think it the ultimate test of whether or not you have connected with an audience.

The presentation itself was about malware trends. Two areas in general:

  • Financial Trends in Malware
  • Stealth in Malware

We then had some really good discussions about rootkits and proactive detection in anti-malware technology. I always like discussing proactive detection which usually comes from the “AV is dead” line of discussion. This area of discussion is a great opportunity to discuss the different types of “signature” or driver detections. Most exponents of the whole “AV is dead” line of thinking simply do not truly understand the main types of detections – specific, generic and heuristic. Most tend to think that AV detection is solely specific signature (or driver) detection. This usually gives rise to the whole “AV is dead” line of thinking. A friend of mine at McAfee, Greg Day, does a great job of explaining the differences in a paper he presented at VB2005.

Re-birth and a bit of re-focusing May 3, 2007

Posted by Dave Marcus in General Chatter, General Security, Presentations.

I have been away from my blog for quite some time. Believe it or not tho, this was intentional. It is not that I have felt I have little to say or contribute (most who know me would probably agree that I talk to much and am way to opinionated) but more around what I want to contribute to or converse on. That has been what has occupied me so much recently.

More and more I find myself fascinated by communication, mainly presenting through storytelling, and being drawn continually back to music. Presenting and communicating is an integral part of my career at McAfee Avert Labs – Threat Briefings, blogging, podcasting, journalists and analysts relations, etc….. are all, to me anyway, different mediums to tell stories and build relationships. And I love them all.

Going forward, that will be my main focus. Presenting. The guitar. Computer security. In no particular order!

The ball drops and the bubble bursts January 2, 2007

Posted by Dave Marcus in General Security, Vulnerabilities, Zero Day.
add a comment

It should prove to be a very interesting New Year indeed! The ball has dropped in Times Square signifying a fresh start. What better way to start of a new year than with a new month of bugs. As most already know, January 2007 is to be the Month of Apple Bugs and the first one has been released.

I think this will be an interesting bug month for a few reasons. The Apple community, in general, has an overblown sense of invulnerability when it comes to security. True, there has been little exploitation of the various Apple platforms. This is mainly true for a very simple reason: lack of deployment footprint. At the end of the day, Apple is not really a great target of opportunity. Scan a million IP addresses and what will you get? Well over 90% (that is a very low estimate) will be various incarnations of MS Windows. If I am a malware/exploit writer and money or data is my goal, where would I focus my efforts?

Interesting when you consider that by the end of this month there will probably be more public exploits for Apple OS and applications then there have been in several years. Will any of these exploits end up being used in targeted attacks? Who knows. But I think that many peoples bubbles will be burst over the next month.

Hey, they may even have to change those dopey ads they run……….

Malware and Metal December 29, 2006

Posted by Dave Marcus in General Chatter, General Security, Malware.
add a comment

Kinda slow lately in the world of computer security (not a bad thing mind you). A bit surprising there hasn’t been more holiday malware (virtual e-cards and such).

On a more personal note – I just began learning the guitar! I have been a lifelong headbanger and have finally gotten off my lazy butt to weild an axe. Got a sweet Gibson Les Paul and have been working scales, chord forms and lead patterns for about two months now. Boy, do I suck but I am having the time of my life!!!!

I think I am attracted to the guitar for the same reason I was attracted to hacking initially – it is a purely personal form of expression and skill. You can take lessons but ultimately it is you on the fretboard. Same with true hacking. You can read about popping a box, but ultimately you have gotta put in your time behind the keyboard.

Skype malware or hype malware? December 22, 2006

Posted by Dave Marcus in General Security, Malware.
1 comment so far

Be sure to check out a couple of new posts on the McAfee Avert Labs blog on Skype malware. First, Francois Paget discusses the recent PWS-JO trojan that targets Skype as well as shows a nice graphical breakdown on trojan families. Second up is Navtej Singh with a very interesting post on new developments in VoIP Spam (commonly called SPIT).

Considering how popular VoIP is getting in general (Vonage, Skype, etc….), this type of malware is kinda overdue. Pretty much figure as the deployment footprint increases, VoIP will be viewed as a bigger taget of opportunity by malware writers.

Vectors, bots and BuddyProfiles…… Oh my! December 5, 2006

Posted by Dave Marcus in General Security, Malware, Vulnerabilities.
add a comment

Some really great new posts on the McAfee Avert Labs Research Blog! OK, I am not exactly unbiased in my opinion here, however some really great blogs have been posted lately. In no particular order:

  • A really neat post from Allysa Myers on BuddyProfiles misuse. Just goes to show you what can happen when you allow users free reign over their own html code and content!
  • Bhaskar Krishna wrote up a really interesting piece on masking potential adware/spyware installs with 404 Errors. Adware and revenue – not a good mixture!
  • Vinoo Thomas on bots using more application vulnerabilities for exploitation/installation.

Read them. Learn them. Live them!!!