MoMusings

Sheesh, what a month or two!

What with the Virus Bulletin international conference, presenting at a UK University, running a course in France, writing a number of articles (both for my employer, and a magazine), my Worm Charmer system hard disk crashing, as well as my usual workload, it has been somewhat hectic recently. Hence the recent shortage of postings to this blog.

So, let us just play catch up:

• Right, my Worm Charmer is back up, and the statistics from September are now up, as are the daily stats for October (so far).
• I’ve trapped lots of new Ranky and SdBot multicomponent malware over the last month or so (no change there then!).
• We’ve seen a fake RedHat Advisory, which is supposed to install a rootkit.
• The author of POPFile (John Graham-Cumming) has posted a link to my VB2004 paper on using his product to catch e-mail borne malware.
• I’ve had two articles published by Virus Bulletin (Oct
  and Nov 2004) on using SNORT to detect malware.

This just in from SOPHOS:

Zafi worm variant attacks Hungarian Prime Minister’s website

The Zafi-C email worm attempts to launch a distributed denial of service attack against the websites of Google, Microsoft and the Hungarian Prime Minister. Sophos customers were automatically protected against the threat. http://www.sophos.com/virusinfo/articles/zafic.html

Along similar lines, this article from ‘The Register’ http://www.theregister.co.uk/2004/10/27/bushwhacked/ which covers some of the ‘fun-n-games’ with the official site of George W Bush. The site has been the victim of a DDoS attack and then the ‘men-in-black’ decided to stop all but ‘Americans-on-the-soil-of-the-homeland’ getting access to the site, by blocking non-USA IP address ranges…..Of course there are ways to still get to the site, if one was really, desperatley, interested in actually perusing its contents….<insert diety of choice here> forbid!