MoMusings

Well, I’ve been rather quiet on the blog-front for the last week or so, did you miss me?

Why? Well, I’ve been preparing for and then running a course. Since then I’ve been catching up with all my e-mail and all the work I wasn’t able to do while I was away.

So, what’s new?

Quite a bit, we saw a number of variants of Mytob over the last week, a 25,000 US Dollar bounty for the first ‘in-the-wild’ Mac worm [malware writing contest], a new toolkit to enable rootkit and other malware authors to make their creations more stealthy and less likely to be detected, and I’ve had another paper accepted for a major conference later in the year.

Let’s cover each of these in a little more detail below:

Mytob…

It seems that the Mytobs have been in the sack again, yet more family members. This malware family seems to be expanding at a phenomenal pace. If they continue at their current rate then they will be producing new offspring as fast as Giant African Land Snails [these guys leave rabbits looking on in envy and amazement at their abilities to produce large quantities of offspring in a very short time].

When I used to keep these creatures* I went from having just two of these large snails to over three-hundred in a few months, if I had let them carry on at this rate my house would have been literally bursting at the seams with snails…..but I digress.

So, back to the Mytob variants; at one point we had eight new variants in just five days, now that is just getting silly! The last time we saw that level of new variants being produced was back in the Netsky/Mydoom/Bagle wars of last year!

More details can be found here.

Details on one of the variants [they are all almost identical] can be found here.

Big Mac With Worms…

Oh dear, every now and then some bright spark gets it into their heads that we actually need more malware than we already have, and is amazingly prepared to offer good hard cash for them. In this case it was to write a worm targeted at the Apple Mac [running OS X], so someone was actually willing to pay for a worm in his/her Apple

The kicker was that if a Symantec employee infected the boxes then they would get 50,000 US Dollars, double what any other Tom, Dick or Harriet would get. Is it just me or does this just seem rather surreal? I mean come on guys, this has to be a scam, right?

Thankfully a number of enlightened Mac users suggested to the company offering the prize that it actually wasn’t a very good idea. So guess what, within 12 hours of announcing it they canned it!

You can see the original page that covers the contest here.

More details and analysis can be found here.

Hacker Defender….

Hacker Defender is a user-mode rootkit/trojan that includes a built-in hidden backdoor. Apparently the latest version released by the author called ‘Golden Hacker Defender’ has a per license cost of 390 euros (about 500 US dollars).

Who says that only the good-guys are making money from the malware scene? The bad-guys are increasingly writing and distributing malware for money or to steal data to sell, or to hijack systems to push spam, etc. through for money.

Wonderful, like we really need another tool for the bad guys to make their creations more difficult to detect.

More details can be found here and here.

Another Conference Paper…

After my last posting onMalware and Anti-Malware Training’ I have just been informed that one of the abstracts that I submitted for this years Virus Bulletin International Conference has been accepted. This takes my total of appearances [as a speaker] at this conference to eight, five of those have been since 2001, so since 1996 I have presented at all but two of them [1998 and 2000].

Anyway, on to the paper itself entitled: Bots and Botnets: Risks, Issues and Prevention.

The abstract should be up on the site early next month, if anyone desperately wants to see it beforehand then drop me a line.

This year is getting rather busy with speaking/training engagements; what with guest lecturing at the Univeristy of Warwickshire next week, the EICAR conference at the end of April, running another 3 day course in June, Virus Bulletin in October, probably lecturing at the university again that month and a third and final 3 day course also in October, sheesh! Oh, and I still have my other normal work to do too.

* Don’t ask about my other pets and creatures I keep.