Michael Gracie

StopBadware, the coalition of big names aiming to protect people from drive-by infections, is on the move. Google is now integrating warnings into it’s search results. Nice.

Google, a “crossing guard” for malware avoiders. No telling what other members of StopBadware are doing, but I’ll guess Websense doesn’t care - they are now someone’s likely acquisition target.

With all the talk about social networks - the inherent safety issues of “going public,” the politics that won’t help, and the sneaky buggers taking advantage of the situation, we’ve forgotten to take a step back and see what might be headed this way so we can prepare.

You have some much in your face, but what’s next? Well, think about all those public profiles - a great way to develop dossiers. Add the fact that there are groups of like-kind thinkers/feelers banding together for social interaction. Throw in malicious code writers ramping up targeted attacks.

I say it’s a recipe for a big headache.

***UPDATE***

A new study suggests the same.

Just a few years back, malicious code writers were meeting in stealthy IRC chat rooms, exchanging ideas on obscure forums, and doing their thing just for fun (and notoriety). Now, it is a money game, and in business you need efficiencies.

Couldn’t think of anything better to drive down time to market in the software game than going open source, and that is exactly what malware technicians are doing. They are leveraging tools like CVS to share code, and it wouldn’t surprise me if CVS and Subversion depositories start popping up all over the place. But how will we know when that happens?

There are now malware search engines as well.

When you think of blue pills, you imagine tv ads by politicians, people who are bored with their partners, and people who can’t get enough of their partners. You might also think of a lot of spam, due primarily to the previous points. However, you’d likely never think a “blue pill” could hide malware, completely undetectable, on your Windows computer, but that is exactly what a researcher in Singapore has devised. I suspect the name was an afterthought.

I’d say its good to know that such things are possible ahead of time, so someone can devise a way of detecting the undetectable (always happens). I’d also say I’m feeling pretty comfy sitting in at my desk right now - with one computer running OS X and the other running Fedora Core.

Despite all the “altruistic” services warning people of dangerous websites (via paid clients, of course), Jose Nazario has found one that just won’t die. Note: various contributors are “ready to take action.” I’d personally love to hear why action has been so absent for so long.

Compliments of Sophos (pdf).

I love the introduction, where they say the whole thing about rumored slowing of threats (which never seems to happen). Of course, take all reports of growing threats from security companies with a grain of salt - the same dose of incredulity you would apply to an operating system company saying their software is safe and sound will do just fine.

You’ll never know if your PC has been zombified unless you check. IT Observer gives you a few clues, but I will make it even simpler.

Install a free copy of the ZoneAlarm firewall (and turn off the Windows firewall for a bit as well). Keep ZoneAlarm access messages on, and wait. If you start seeing all kinds of popups coming from your taskbar, with no applications active, that is likely the zombie talking. Those popups signify your computer trying to access the internet every which way from Sunday, with spamming and further infection attempts high on the priority list.

If you are an everyday joe, you can pick up some anti-virus tools to clean things up. If you are a Microsoft executive, you just reformat your hard drive and start over.

StopBadware.org, that coalition of smarties aiming to, uh, stop badware in its tracks, is about to release its first report. This report is rumored to contain a doosie - that P2P file sharing software like Kazaa may contain spyware!

The group will recommend..

“that users stay away from Kazaa and three other programs that can be combined with Trojans and bots for use in data theft attacks.”

Damn, am I glad those guys are around. Who would of thought?
Read more »