Virus Bulletin - May 2007

Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editor: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding

2007-05-01

Abstract

Securing the Web 2.0 (comment); ANI-hilate this week (analysis); Beyond Virtu(e) and evil (analysis); Nirbot: targeted attacks get personal (analysis); Covert zombie ops (feature); Trend Micro PC-cillin Internet Security 2007 (product review)

Comment

Securing the Web 2.0

'I believe that if the human factor is such a significant part of the problem, then it must also form part of the solution.' David Emm, Kaspersky Lab.

David Emm - Kaspersky Lab, UK


News

A new generation of Panda

Panda sells majority shareholding.



Websense snaps up SurfControl

$400m for British web-filtering company.



VB100 procedure review

Test procedures clarified.



Erratum: VB100 Linux comparative

Dr.Web results corrected.



Malware prevalence report

March 2007

The Virus Bulletin prevalence table is compiled monthly from virus reports received by Virus Bulletin; both directly, and from other companies who pass on their statistics.



Analyses

ANI-hilate this week

The time between the announcement and exploitation of vulnerabilities continues to shrink - especially in the case of stack overflow vulnerabilities, which require very little skill to exploit. Peter Ferrie describes a prime example: the recent ANI vulnerability and its exploits.

Peter Ferrie - Symantec Security Response, USA


Beyond Virtu(e) and evil

While not technically a new virus (being modelled on the almost ancient Tenrobot family), W32/Virtu does introduce some interesting changes and new techniques. Víctor Álvarez and Mario Ballano describe this polymorphic file infector that also behaves as an IRC bot.

Víctor M. Álvarez - PandaLabs, Spain & Mario Ballano - PandaLabs, Spain


Nirbot: targeted attacks get personal

Nirbot gains its notoriety primarily from the cat fight in which its author has been engaged. Although keenly aware of the descriptions and blog entries posted about his creations, the author seems not to be so well versed on the naming conventions used within the AV industry. Lysa Myers shares the details of this technologically unremarkable, yet reasonably successful bot.

Lysa Myers - McAfee, USA


Feature

Covert zombie ops

Can a botmaster send commands covertly to a botnet of over a million zombies and control them in real time? John Aycock considers how such a botmaster’s command channel might look.

John Aycock - University of Calgary, Canada


Product review

Trend Micro PC-cillin Internet Security 2007

John Hawes shares his experiences with Trend Micro's PC-cillin Internet Security suite.

John Hawes - Virus Bulletin, UK


Calendar

Anti-malware industry events

Must-attend events in the anti-malware industry - dates, locations and further details.



Spam Bulletin

Spam Bulletin - May 2007

Anti-spam news; MIT Spam Conference 2007 (conference report)



Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

VB2012
VB2012 VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,238 registered users.