Virus Bulletin - April 2011

Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editors: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding

2011-04-01

Abstract

IE 6 - 5 - 4 - 3 - 2 - 1 (comment); Defeating mTANs for profit - part two (technical feature); Hiding in plain sight (technical feature); Phighting cybercrime together (conference report); RSA 2011 conference review (conference report); Sender authentication - practical implementations (feature); VB100 comparative review on Windows XP SP3 (comparative review)

Comment

IE 6 – 5 – 4 – 3 – 2 – 1

‘...the outlook is alarming when you consider the browser’s local prevalence in China, which peaks at 34.5%.' Gabor Szappanos, VirusBuster

Gabor Szappanos - VirusBuster, Hungary


News

No mail for Alisons, Alberts, Algernons...

McAfee glitch prevents addresses starting with the letter 'A' from receiving mail.

Helen Martin - Virus Bulletin, UK


Old breach rears its head

Two years on, stolen card details from Heartland breach still being used.

Helen Martin - Virus Bulletin, UK


Malware prevalence report

February 2011

The Virus Bulletin prevalence table is compiled monthly from virus reports received by Virus Bulletin; both directly, and from other companies who pass on their statistics.



Technical features

Defeating mTANs for profit – part two

Until recently, malware on mobile devices had not been used for organized crime involving large amounts of money. This changed when the infamous Zeus gang, known for targeting online banking, started to show a clear interest in infecting mobile phones and released a new version of their bot to propagate a trojan for mobile phones. Axelle Apvrille and Kyle Yang present an in-depth analysis of the Zitmo trojan.

Axelle Apvrille - Fortinet, France & Kyle Yang - Fortinet, Canada


Hiding in plain sight

Raul Alvarez takes a look at a lesser known stealth technology - the alternate data stream.

Raul Alvarez - Fortinet, Canada


Conference reports

Phighting cybercrime together

Martijn Grooten presents a round-up of the first annual APWG eCrime Researchers Sync-Up.

Martijn Grooten - Virus Bulletin, UK


RSA 2011 conference review

Jeannette Jarvis presents a round-up of the 20th annual RSA Conference.

Jeannette Jarvis - Independent researcher, USA


Feature

Sender authentication – practical implementations

Previously Terry Zink has looked at how SMTP works, email headers, SPF, SenderID and DKIM. But what about some practical realities? How well do these technologies work in real life? Can we use them to solve actual problems? Here he describes a real case in which SPF and SenderID were combined to solve a problem.

Terry Zink - Microsoft, USA


Comparative review

VB100 comparative review on Windows XP SP3

With a staggering 69 products on this month's VB100 test bench, the VB lab team hoped to see plenty of reliability and stability. But, while the majority of products were well behaved, the team was woefully disappointed by a handful of unruly participants. John Hawes has all the details.

John Hawes - Virus Bulletin


Calendar

Anti-malware industry events

Must-attend events in the anti-malware industry - dates, locations and further details.



Quick Links

Poll
Does your company allow you to use a personal laptop/mobile device to access company resources?
Yes, it's allowed
Yes, it's actively encouraged
No
I don't know
Leave a comment
View 2 comments

Ciso-Intelligence

Jobs
In Virus Bulletin's jobs pages among others:

Virus Bulletin currently has 225,307 registered users.