There is a small, high-tech and rather geeky war going on and the battlefield is your PC. Like any war, each side is trying to learn from the other. This war is for the ownership of resources – and ultimately for money. Maybe most wars are. Let us look...

Hello readers I am sorry that I haven’t updated my blog for a while. It has been a bit of a busy time. Since there have been press releases and other people have blogged, I suppose that I can talk a bit about what I have been doing. As I have...

Hello again I wanted to talk about some of the things that malware does to make itself hard to remove. Most Trojans are designed to work on an average XP workstation and make assumptions based on that – which typically breaks servers in rather nasty...

Hi folks Just a quick heads up - we know that the link from the bulletin is broken. We had a problem with propagating out the file to the web farm (it is a big old webfarm) and so the file is not universally available just yet. We have a lot of...

I saw a really old fashioned denial of service attack today. A customer was concerned that they were seeing odd ICMP packets. ICMP is the protocol used for pings. Very few system admins bother to monitor them because they are generally rather dull. However...

Well, nothing like getting all of my news out of the way in one go. Because of my self imposed rule that all blogs must have some technical content: Most bots don't use hard coded IP addresses for their command and control mechanism. Sometimes the...

Hello all I am sorry that I haven’t blogged for a while. It has been a bit of a busy time. After developing all that training (and I would love to be able to say who the audience were but I really can’t), I was on the receiving end of some for a...

Ah, another “update Tuesday” – known to the rest of the world as “patch Tuesday” but we are not supposed to call it that. We have a fine crop of updates for you but I am not going to talk about those, partially because we won’t be releasing them for...

Ah, I am back in the office and settling into to my normal day to day work. I am fairly often asked to remove malware from systems which the anti-malware programs on that particular PC system can’t handle. In fairness, it is often not the AV products...

I know that I do - but I don't want you to think that I have dropped off the face of the planet. The honest truth is that I have been stuck on a long term project which I can't really talk about. It is not "scary secret, Die Hard 4.0" stuff but...

Hello all I am sorry that I haven’t updated this blog for a while. I haven’t forgotten, just been busy on other things, most of which I can’t talk about to preserve customer confidentiality. In fairness, most of them were not that interesting in...

Hello again Two blogs in less than 48 hours? Whatever could be happening? No, this is not a reference to the issue documented in http://www.microsoft.com/technet/security/advisory/943521.mspx which is interesting but certainly not widely exploited...

Sometimes I like to talk about software engineering but today I would like to ramble on about a different subject: Social engineering. Social engineering is a common technique for getting malware on systems and of course, for Phishing. The “419 scam...

Well, another update Tuesday done and dusted. We are not supposed to use the word "Patch" So, the question that I left you with was what could be done to make it safer to run on a compromised computer; that is to ask how could you mitigate the risks...

To save you scrolling down, let me restate Law #1 of the immutable laws of security: " If a bad guy can persuade you to run his program on your computer, it's not your computer anymore" Is there any possibility that it is safe to do business with...

Hello ladies, gentlemen and others I am sorry that I have not blogged for a little while. I have been a little occupied with some pro-active stuff for a change. I was on training last week with David Solomon (smart fellow) and I have been preparing...

Paranoia : baseless or excessive suspicion of the motives of others What percentage of computers are compromised in some way? No-one knows for sure but there are estimates. Not many servers – but compromises of those tend to be critical. Some of...

Hi there Sorry that it has been a little while since my last post. I have been away at a customer’s site. As usual, I can’t say where I was or what I was doing but I left at 3 hours notice to go there and spent pretty much an entire day in an economy...

Hello again I haven’t blogged in a little while because things have been fairly uneventful here. That is not to say that there has been no work to do – we have been busy – but most of it is stuff that we really can’t talk about because it is internal...

Malware is often thought of as an equal opportunity nasty. After all, real viruses affect the rich and poor equally. However, things are not as they once were. In the heady days of Blaster and Slammer and Nimda et al, the malware would infect anyone that...

Wow – The code review entry was really popular. I have to admit that I have never used a code review tool and they may be wonderful. I tend to plough on through the code just to be sure that I haven’t missed anything. I don’t do that many...

Code reviews. What could be duller? It is very easy to put the brain in neutral and read the code in a daze. The eyes move but no information reaches the brain. Testing is also dull. The good thing about these dull things is that they avoid exciting times...

Well, technically, how malware writers like to hide malware. In my last post, I talked about subversion – hacking the OS not to see the malware. That is part of the rootkit. Not all malware uses a rootkit and all malware has to avoid detection by signature...

Subversion is defined by our friends in the Princeton U’s English department as follows: subversion noun 1. destroying someone's (or some group's) honesty or loyalty; undermining moral integrity; "corruption of a minor"; "the big city's...

In a slight change of pace, I would like to talk about malware and how things have evolved. I am not exactly a spring chicken which surprises some people because I am still part of the support organization. I like it here – I am working on real problems...