TechBlog

One of the issues malware writers deal with is having their programs load and execute on a victim’s computer. An unwary victim may click on an email attachment and have the malware run once. But in order to continue to be of value to the author, that piece of malware has to arrange for itself to be run after the computer inevitably gets rebooted. There are several well known ways to accomplish this task. The problem here is these methods are well known and security software know where to look. Which brings us to the topic of this blog entry. We recently came across a hacked copy of imm32.dll which is Microsoft’s Input Method Manager library. The authors inserted an extra imported library into the file’s import directory. The extra library name starts with “net” and the imported function name is randomized. ...

The 2010 Winter Olympics were held in Vancouver, Canada, from February 12-28. With more than 82 countries participating and millions across the globe catching day-to-day action, it was sadly quite obvious that we would see spam attacks centered on this event. However, the volume of spam relating to the Winter Olympics is actually very low, which is unlike the Beijing Olympics, when spam campaigns had started way before actual event. In the case of the Winter Olympics, spammers seem to be only now waking up from their slumber. ...

Communications security firm FaceTime of Belmont, Calif., has released the results of a survey (of 1654 people) that strongly indicates we are all using a lot of Web 2.0 applications at work and a third of our IT staffs aren’t aware of it. It was FaceTime’s fifth annual survey. Social media and Web 2.0 apps are being used by virtually all end users (99 percent) to support business processes, but 38 percent of IT professionals surveyed think there is no social networking on their networks. ...

Google Wave has finally turned on email notifications as a feature for users who want to see immediate, hourly, or daily email notifications for new and updated waves. Email updates can be turned on via the Inbox dropdown menu. Once on, Google Wave will notify you with a summary of updates to your waves and email you when you’re added to a new wave. Thankfully you’ll only receive one update for each individual wave — instead of receiving an email for each update to a wave — until you log into that wave again. ...

Facebook Connect integration with Yahoo Mail! The new feature means that Yahoo Mail users can now connect their Facebook accounts and integrate their Facebook friends’ email addresses into their Yahoo Contacts list. Users can visit the Import Contacts page to be guided through he Facebook friend import process. What do you think of this, do you like it or dislike it. Tell us in the comments!

It’s time for your daily dose of “spot the fake program / avoid the fake program”. What is it this time? Well, if you have family members who are into webcams and chatting you might want to point them to this writeup because a new challenger has entered the ring: Yes, “Chat Cam” is a rather smart looking (and entirely fake) program designed to make end users think they’re taking part in a large community of webcam owners. Clearly, the creator had the recently launched Chatroulette in mind when they made this one (if you’re not familiar with it, Chatroulette is a site where you jump from webcam chat to webcam chat over and over again, all within one large community of strangers. In practice, you tend to mash the “Next” button endlessly as one “chat” after another fails to materialise). This is what Chatroulette looks like – you’ll notice the similarity as we move further into the writeup: ...

It’s been over a year since we first started seeing the familiar Windows XP My Computer page where it appears your drives are being scanned and it reports a bunch of non-existent malware on your computer. Yesterday I was investigating the latest hot news item where there was a FAMU (Florida Agricultural and Mechanical University) sex tape released on the internet and sure enough I found many SEO poisoned links claiming to have the video. Imagine my surprise when I saw the following. ...

Symantec has been observing several spam and phishing attacks regarding the recent Valentine’s Day. One such phishing attack was on an e-card website that asked for user credentials in order to send Valentine’s Day greetings to loved ones. The legitimate e-card website has partnerships with several other brands and so accepts credentials from certain other websites as well. Hence, attackers can steal user information from several brands’ sites by phishing on just one e-card website. This particular attack asked for users’ credentials for a popular information services website. The phishing domain was hosted on servers in China and has been reported as “domain tasting.” Domain tasting is a situation in which a domain name is used for a small period of time and is checked to see if it is making enough money. If it doesn’t earn enough, the domain name is deleted and the registrant is refunded the entire registration fee. This is a technique used by attackers to perform phishing activity for small periods of time at low costs. ...

Readers may well have read some of the news stories posted after yesterday’s news concerning the take down of the “Mariposa” botnet. So what is Mariposa? Mariposa is the name given to a particular botnet that started getting some attention during the first half of 2009. The botnet was dubbed Mariposa thanks to the name of one of the C&C servers that is used: butterfly dot sinip dot es since Mariposa is the Spanish word for butterfly. ...

Microsoft has released new spring theme for windows 7 to bring the feeling of season change right on your desktop. It is named Czech and is a light, simple and beautiful theme with eight eye catching nature wallpapers. Just download the theme and double click on it to apply. After applying the theme you can customize and tune color scheme according to your choice. Download: Czech Spring Theme