Virus Bulletin - January 2012

Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editors: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding

2012-01-01

Abstract

MUTE: the rebirth of centralized sharing (comment); This Sig doesn't run (malware analysis); Dissecting the NGR bot framework: IRC botnets die hard (malware analysis); The top 10 spam, malware and cybersecurity stories of 2011 (feature); Challenges for the London Action Plan (spotlight)

Comment

MUTE: the rebirth of centralized sharing

‘The ability to exchange URLs in real time is a particular advantage ... since malicious URLs are usually a time-critical issue.' Philipp Wolf

Philipp Wolf - Avira, Germany


News

Tech firm to develop cyber weapon

Japanese government to use virus for defensive purposes.

Helen Martin - Virus Bulletin, UK


Weakness in Wi-Fi routers exploited

Researchers demonstrate tools that exploit recently discovered WPS vulnerability.

Helen Martin - Virus Bulletin, UK


Malware prevalence report

November 2011

The Virus Bulletin prevalence table is compiled monthly from virus reports received by Virus Bulletin; both directly, and from other companies who pass on their statistics.



Malware analyses

This Sig doesn't run

Some virus writers like to brag about themselves via their choice of virus name. It’s rare that the content justifies the bragging though. The author of W64/Svafa named the virus ‘Sigrún’, which is Old Norse for ‘victory rune’. However, there is little to be victorious about as the virus doesn't work. Peter Ferrie has the details.

Peter Ferrie - Microsoft, USA


Dissecting the NGR bot framework: IRC botnets die hard

The latest variants of IRC-based botnets, such as the NGR botnet, are designed to steal sensitive information by exploiting browser processes and acting as backdoors. Aditya Sood and colleagues discuss the framework of the NGR bot version 1.1.0.0, which is growing in prominence in the malware world.

Aditya K. Sood - Michigan State University, USA, Richard J. Enbody - Michigan State University, USA & Rohit Bansal - SecNiche Security, USA


Feature

The top 10 spam, malware and cybersecurity stories of 2011

2011 was filled with plenty of security stories involving spam, malware, hacking and more. Terry Zink picks out his top ten newsmakers.

Terry Zink - Microsoft, USA


Spotlight

Challenges for the London Action Plan

In 2004, the US Federal Trade Commission and the UK’s Office of Fair Trading organized a workshop in London in which 27 international organizations participated. They established an informal cooperation network: the London Action Plan (LAP). Wout de Natris describes some of LAP's early successes and the challenges it now faces.

Wout de Natris - De Natris Consult, The Netherlands


Comparative review

VBSpam comparative review January 2012

This month's VBSpam test saw 22 products on the test bench, 20 of which were full solutions and the other two were partial solutions (DNS blacklists). All of the full solutions achieved a VBSpam award but their performance differed greatly in the details. Martijn Grooten reveals more.

Martijn Grooten - Virus Bulletin, UK


Calendar

Anti-malware industry events

Must-attend events in the anti-malware industry - dates, locations and further details.



Quick Links

Poll
Does your company allow you to use a personal laptop/mobile device to access company resources?
Yes, it's allowed
Yes, it's actively encouraged
No
I don't know
Leave a comment
View 2 comments

EC-council-boston

VB2012
VB2012 VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 225,307 registered users.