F-Secure is organizing the next CARO Technical Workshop. It will be held in the end of May in Helsinki, Finland. Previous workshops have been in Iceland, The Netherlands and Hungary.
Call for Papers is open. We're looking for technical presentation relevant to the topic of Big Numbers in malware field.
Maintaining your computer can be a chore sometimes, especially if you're the kind of person that's always on the go. Keeping all the programs on a computer up-to-speed with the latest updates can be a hassle. Periodically 'housecleaning' the system (like defragging the hard drive) in order to optimize performance is even less exciting.
So we'd like to help with that. We recently launched the trial version of a single tool that handles both these tasks - Updater and Tuneup - on the Technology Preview page, and we'd like to get some feedback on how well your machine performs after using the tool.
The name says it all really - the Updater component keeps track of vulnerable applications installed on your machine and notifies you when updates are available; while Tuneup takes care of the housekeeping - defragging the hard drive, checking the registry, etc - so your machine stays optimized for speed.
And to say thanks for the trouble, we're offering the following items as prizes to users who give feedback:
• 5 boxes of F-Secure Internet Security 2010 • 15 VIP Cards for F-Secure Internet Security 2010 and F-Secure Mobile Security
Giveaway is by lucky draw.
The trial version is free, and the Technology Preview period closes at end January 2010.
I just got my hands on a new promo item our Marketing department came out with, which looks quite interesting:
It's Mikado, an old European stick game. Basically, the idea is to carefully pick up sticks without moving the pile, in order to gain points; player with the most points wins.
OK, so the game is rather cute, but it is supposed to convey a serious message - that IT security can be as simple as this game. Most people have the impression that IT security is complex, highly technical, frighteningly arcane, and difficult to manage.
To be fair, most people have good reason to think so. Even the language is difficult, like the latest from the Pentagon's cyber security people - the Global Information Grid Customizable Operational Picture (GIGCOP), which is just one component of their new security system (The Register article).
And even if all the 'technical' things are under control, sometimes it is possible to slip up on the "easy" stuff, like maintaining proper physical security - as in maybe not letting people use a slipper as a doorstop for a hi-tech server room. Really - that was reported in an article from The Star.
But it doesn't actually have to be that way. We'd like to have our products (and tools and services) be easy to use, and that's what we're increasingly working towards. Which I think is fairly neatly captured by drawing a parallel with Mikado.
Microsoft just released a patch to address the License Logging Server Heap Overflow Vulnerability (CVE-2009-2523). This vulnerability affects the License Logging Service (LLS), a feature which according to Microsoft is "designed to help customers manage licenses for Microsoft server products that are licensed in the Server Client Access License (CAL) model."
This vulnerability only affects Microsoft Windows 2000 Server Service Pack 4 and is rated Critical since this service is enabled by default in that OS. It is also accessible via anonymous network connection and exploiting this vulnerability can lead to extensive heap memory corruption which could possibly lead to remote code execution. It no longer affects the newer MS Server systems since this service has already been removed since Windows Server 2008.
So, there are these apparent MySpace phishing e-mails going around ("...please be informed that you are required to update your MySpace account, Please update your MySpace account by clicking here...")
When you follow the link, you end up to this MySpace look-a-like page, hosted on various .uk domains:
Once you log on, the bad guys gain access to your MySpace credentials.
Why do they want them?
So they can pose as you on MySpace and send malicious links to your friends — who will surely follow them, as they know you and trust you…
But in this case, this is not the only thing they are after. After logging on, you get this prompt:
A New MySpace Update Tool? Really? As an executable file?
Hmm… and of course it's not. The file (md5: 4c7693219eaa304e38f5f989a8346e51) turns out to be yet another Zeus / Zbot banking trojan variant.
F-Secure Anti-Virus blocks access to the malicious domains and detects the malware.
We have located the first iPhone worm, dubbed as Ikee. It's currently spreading in the wild, but it's only able to infect devices that have been "jailbroken" by their owners. Jailbreaking removes iPhone's protection mechanisms, allowing users to run any software they want.
Affected users will find that their iPhone wallpaper has been altered to a picture of Rick Astley (of Rickroll fame) and the message "ikee is never going to give you up".
The worm targets users who have jailbroken their phone but have not changed their default root login password. It will search for vulnerable iPhones by scanning a handful of IP ranges — most of which are in Australia. At the moment, we have no confirmed reports of Ikee outside of Australia.
After Ikee infects a phone, it disables the SSH service, preventing reinfection.
To protect your jailbroken iPhone, change your root password. Here's how.
The creator of the worm has released full source code of the four existing variants of this worm. This means that there will quickly be more variants, and they might have nastier payload than just changing your wallpaper or might try password cracking to gain access to devices where the default password has been changed.
