Category: malware

  • Remembering the OG ad/malware blocking hosts file

    For the longest time the first thing which I installed on new computers / computers I was asked to “help with” was the MVP hosts file (archive.org link). I credit this file with keeping many, many computers safe and running they way their owners intended to for almost two decades now. Sadly it seems like…

  • Sorry for the malware warning!

    If you have tried to visit my blog recently, you might have to a warning like this from your webbrowser: Warning: Something’s Not Right Here! hype-free.blogspot.com contains content from randaclay.com , a site known to distribute malware. Your computer might catch a virus if you visit this site. … The source of the warning is…

  • Security vendor’s “top-threat” list proof for their less-than-perfect performance?

    Here is something I’ve been thinking about lately: most (all?) security vendors publish their “top-threats” periodically. Those lists are made up by centralizing numbers reported by their clients. While it is safe to assume that the majority of the enumerated threats are blocked straight-away – before they can execute a single piece of code –…

  • SMOG button removed!

    Almost a year ago I added a SMOG button to each blogpost, which (in a more or less serious manner) evaluated the “reading level” needed to understand the blogpost. However, today the site used for this service came up with a warning from Google saying that it might be malicious. I’ve looked into it, and…

  • The myth of the cognitive quantum jumps

    Update: see this presentation given by Scott Berkun at Google, which which explains my points much more eloquently. Very often media (and I’m using the word “media” here in its most comprehensive way – including things like blogs, Slashdot, etc) tells us the story of some uber-hyper-mega-cool new-unseen-until-now method of performing X. This leads many…

  • A new security provider

    I found out about Dasient via the presentation they did at Google (which you can see embedded below). Their angle seems to be (although this probably will change – them being a young company) that: we check your rating at Google / McAfee / Symantec and if they say that you are bad, we will…

  • Creating a closed standard

    After reading on Graham Cluley’s blog that the IEEE came up with a new standard [PDF] for malware interchange, I had to check it out immediately. As always, being a cranky old man, I found several problems with the proposed standard: Even though the presentation has a section abou “Re-Inventing the Wheel”, it fails to…

  • What can a malicious program do under a limited account with Windows 7?

    The scope of this post is to demonstrate what a malicious program can do under Windows 7 (the newest and presumably most secure version of MS Windows) with a Guest account (the most limited one from a capability point of view). The “malware” in the video below demonstrates that a program run by the user…

  • Using Procmon for finding malware

    The scenario is: you know you are infected, because you’ve identified a process associate with a malware, but you can’t figure out how that given process is getting launched. A variation of this is: you kill the process, remove the executable but it reappears after a given amount of time / after reboot / etc.…

  • Gh0stNet

    The latest security news (hype?) is the discovery of Gh0stNet. Links: Original papare: Tracking GhostNet: Investigating a Cyber Espionage Network F-Secure blogpost about it The paper from Cambridge: The snooping dragon: social-malware surveillance of the Tibetan movement My take on it? There is no proof that China is behind this. There are alternative explanations (as…