jump to navigation

Bonus episode of AudioParasitics Podcast May 24, 2007

Posted by Dave Marcus in General Security, Malware, PodCasting, Vulnerabilities, Zero Day.
add a comment

We released a bonus podcast episode of AudioParasitics – The Official Podcast of McAfee Avert Labs earlier this week.

In this episode we delve once again into the debate around vulnerability disclosure and bounty programs. Jim Walter and I wrestle with the ethics of bounty programs and whether or not they help protect customers. We battle with the explosive and complex relationships between bounties, vulnerabilities, exploits and malware.

AudioParasitics

Remember that you can subscribe to the podcast through iTunes or Podzinger as well.

Advertisements

New podcast today! May 15, 2007

Posted by Dave Marcus in Malware, PodCasting.
add a comment

Jim Walter and myself unleashed Episode 6 of AudioParasitics today!

Jim is a great guy to be doing these podcasts with. He is great in interviews and discussions as well as being gifted with audio and music. On this episode we discuss rootkits and rootkit components as well as touch on detection, cleaning and varying perceptions.

Check it out on iTunes or Podzinger.AudioParasitics

My latest presentation May 8, 2007

Posted by Dave Marcus in General Security, Malware, Presentations.
add a comment

I posted recently about a presentation I was about to give at the DoDIIS Conference. I am pleased to say that it went well. I really like these types of conferences best – smaller venue, smaller rooms – ’cause it lends itself better to really good Q&A. I think presentations are truly about Q&A. I think it the ultimate test of whether or not you have connected with an audience.

The presentation itself was about malware trends. Two areas in general:

  • Financial Trends in Malware
  • Stealth in Malware

We then had some really good discussions about rootkits and proactive detection in anti-malware technology. I always like discussing proactive detection which usually comes from the “AV is dead” line of discussion. This area of discussion is a great opportunity to discuss the different types of “signature” or driver detections. Most exponents of the whole “AV is dead” line of thinking simply do not truly understand the main types of detections – specific, generic and heuristic. Most tend to think that AV detection is solely specific signature (or driver) detection. This usually gives rise to the whole “AV is dead” line of thinking. A friend of mine at McAfee, Greg Day, does a great job of explaining the differences in a paper he presented at VB2005.

Malware and Metal December 29, 2006

Posted by Dave Marcus in General Chatter, General Security, Malware.
add a comment

Kinda slow lately in the world of computer security (not a bad thing mind you). A bit surprising there hasn’t been more holiday malware (virtual e-cards and such).

On a more personal note – I just began learning the guitar! I have been a lifelong headbanger and have finally gotten off my lazy butt to weild an axe. Got a sweet Gibson Les Paul and have been working scales, chord forms and lead patterns for about two months now. Boy, do I suck but I am having the time of my life!!!!

I think I am attracted to the guitar for the same reason I was attracted to hacking initially – it is a purely personal form of expression and skill. You can take lessons but ultimately it is you on the fretboard. Same with true hacking. You can read about popping a box, but ultimately you have gotta put in your time behind the keyboard.

MS Word Zero-Day Trio December 22, 2006

Posted by Dave Marcus in Malware, Vulnerabilities, Zero Day.
add a comment

Boy was that ever a weekend!!! Three solid zero-day exploits over a 5-6 day period of time right around MS Patch Tuesday (no coincidence).

Over at Avert Labs we have been tracking this for quite some time. The trend seems to be to release a zero-day exploit within +3 or -3 days of the MS patch release. Pretty good strategy actually when you consider it. If an MS zero-day is released 3 days prior to the patch it is very unlikely it will get included in the release. If the exploit is released 3 days after the patch it is very unlikely that MS will release an out-of-cycle patch to address it. This gives the exploit writer a potential usage window of 27 – 33 days for the malware.

Definitely speaks to the continued organization and planning skills of the malware writer.

Skype malware or hype malware? December 22, 2006

Posted by Dave Marcus in General Security, Malware.
1 comment so far

Be sure to check out a couple of new posts on the McAfee Avert Labs blog on Skype malware. First, Francois Paget discusses the recent PWS-JO trojan that targets Skype as well as shows a nice graphical breakdown on trojan families. Second up is Navtej Singh with a very interesting post on new developments in VoIP Spam (commonly called SPIT).

Considering how popular VoIP is getting in general (Vonage, Skype, etc….), this type of malware is kinda overdue. Pretty much figure as the deployment footprint increases, VoIP will be viewed as a bigger taget of opportunity by malware writers.

Vectors, bots and BuddyProfiles…… Oh my! December 5, 2006

Posted by Dave Marcus in General Security, Malware, Vulnerabilities.
add a comment

Some really great new posts on the McAfee Avert Labs Research Blog! OK, I am not exactly unbiased in my opinion here, however some really great blogs have been posted lately. In no particular order:

  • A really neat post from Allysa Myers on BuddyProfiles misuse. Just goes to show you what can happen when you allow users free reign over their own html code and content!
  • Bhaskar Krishna wrote up a really interesting piece on masking potential adware/spyware installs with 404 Errors. Adware and revenue – not a good mixture!
  • Vinoo Thomas on bots using more application vulnerabilities for exploitation/installation.

Read them. Learn them. Live them!!!

New IE 0-day making the rounds November 5, 2006

Posted by Dave Marcus in Malware, Vulnerabilities, Zero Day.
2 comments

One of my buddies at McAfee Avert Labs has posted on a new IE zero-day exploit making the rounds. Tho he would never admit to it, Craig Schmugar is one of the finest researchers in the security industry and a fairly prolific blogger himself.