Review

It’s a normal day to us. We receive a new Bamital virus sample report from a customer, and we provide an analysis. Suddenly, something interesting bursts into my eyes: What’s your thought on this code fragment? At the first glance, this piece of code looks like a non-malicious call to manipulate the Windows Printer SubSystem. But if you’ve analyzed Alureon before, it may look familiar to you. Yes, Alureon also takes advantage of the Windows Print Subsystem to install its payload. ...

The New York Time: The Google e-bookstore is finally open. Tom Turvey, head of strategic partnerships at Google, said he thought the book business should have diversity of retail points After years of planning and months of delays, the search giant Google started its e-book venture on Monday, creating a potentially robust competitor in the digital book market to Amazon, Barnes & Noble and Apple. ...

The latest W32.Yimfoca.B variants can target malicious links in no fewer than 44 countries and nearly 20 different languages. It has also increased the number of instant messaging applications (previously Yahoo! Messenger) to include the following popular IM clients: Msn Messenger Google Talk ICQ Paltalk Skype XFire Here is a code snippet from W32.Yimfoca.B: This picks the desired messages based on a comparison with the full list of countries listed below: ...

You might be seeing something on your Facebook wall today: Sadly, it’s not a fun video. It’s just a phish. The link goes to apps. facebook.com/ lookatuhah, which then redirects to a phishing site: In other words, if you’re absent-minded enough to enter your credentials again, they will be used to then send more of these stupid fake videos posts to others — or do any of a number of other rather nefarious things. ...

Mashable: The AOL-Yahoo rumors are heating up once again. This time, they involve splitting up the AOL empire into two divisions before engaging in a merger of the two Internet companies. AOL has two main components: A content and display advertising business, and its longstanding dial-up business. In the past few years, AOL has focused on developing and expanding its advertising arm, its web portal and its media properties (e.g. Engadget and TechCrunch). ...

At first glance, two recent security stories, the Stuxnet attack on Iran’s nuclear industry and the WikiLeaks breach of US State Department communications, don’t seem to have much in common, but they do. They are united by a vector, a method of transmission and that vector is removable media. I am sure that the Iranians felt pretty secure with air-gapped systems, but like a spark from the burning house next door that finds its way into your shingles, the right USB found its way into the right PC and then suddenly all those uranium enrichment centrifuges running at 807-1210 hz started to act funny and fail in unexpected and reportedly fairly energetic ways (you can see some pics of failed centrifuges here http://web.mit.edu/charliew/www/centrifuge.html and here http://www.chem.purdue.edu/chemsafety/NewsAndStories/CentrifugeDamages.htm). ...

Avira TechBlog: We discovered a new ransomware threat which is downloaded by a Trojan of the Oficla family. This downloaded threat replaces the MBR (master boot record) of the hard disk with its own MBR which asks the user for a password and thus blocks the loading of the operating system. Upon starting the Oficla Trojan and successive execution of the downloaded payload the system will be rebooted and the user will be presented the ransom notice. ...

Righard Zwienenberg, Chief Research Officer at Norman posted this on Norman Security Blog, Thanks to Mr.Fagerlid for sharing: I have been a user of PayPal for many years, actually ever since PayPal opened its services for international users. PayPal, originally only for US citizens, is now used worldwide with local offices in many countries. From the Dutch affiliate, I just received the next message from PayPal (the actual message was in Dutch, see picture below): ...

Mashable: Bing is getting an early start on the “best of 2010” lists, releasing its compilation of the year’s most popular search terms a little more than a month before the New Year. Reality TV star Kim Kardashian tops the list, which is dominated by celebrities; in fact, seven of the top 10 terms are people, as you can see in the list: Kim Kardashian Sandra Bullock Tiger Woods Lady Gaga Barack Obama Hairstyles Kate Gosselin Walmart Justin Bieber free Kardashian’s online dominance extends beyond searches, however. You may recall that a recent study pegged her as the celeb that gets the most traffic to their website via Twitter (despite not having the largest audience). ...

Sophos Labs: There are two stories that have been the focus of much speculation that have come to some closure today. New information confirming many peoples suspicions about Aurora and Stuxnet have been reported by Wikileaks.org and Reuters. As has been widely reported Wikileaks began releasing over 250,000 previously secret diplomatic cables that it is assumed they received from PFC. Bradley Manning. Most of the cables are as uninteresting as reading your friends Yahoo! mail. ...