Web blog d'un ingénieur en sécurité informatique. IT Security watcher's blog: news, threats analysis, AV issues, PoC, IT security, bugs... Contact: philippe.vialle@wanadoo.fr
Quelquefois, pas besoin de chercher pour qu'un élément malveillant à analyser pour qu'un ben échantillon vienne à moi. Les mauvaises langues diront que ce sont tous mes pots de miel qui sont derrière ce constat... pas à tout à fait faux. Bref, en lisant...
Lire la suiteI was not even really monitoring the LAN when I noticed strange requests... Why strange? because of the following: - Netbios over TCP protocol whereas the proxy should handle that kindda name resolution (part of web requests) - broadcast name query, spreading...
Lire la suite
Recently, a new contact requested me to add her/him as a new MSN one. Even if I did not recognize the address, I accepted the invitation. This was for analysing purpose, I do NOT recommend any people to do the same! Anyway, here is the contact: altagraciatehney09...
Lire la suiteYears ago, when I started to study viral threats, I discovered Zango. Zango used viral technologies to spread and remain resident on compromised computers. I won't give a new talk about the past Zango, search engines will on their own if you wanna try....
Lire la suiteFirst of all, the problem of you wanna try Firefox 64bits version, is to find a way to download it. I honestly don't even understand why Mozilla did not add any special page on the official Firefox portal, for the 64 bits version! Why so...? don't know....
Lire la suite
A few people I recently met asked me why I do write articles in English, and not (or almost not) in French. Well... the thing is Google Translation is not yet fully functional, and French used to be an international language but things change. So... voila....
Lire la suite
I find it quite funny when an AV or any security system alerts for something regarding another security system. This time, it is about antispam and AV vendor security newsletter... The antispam is: Thunderbird 2.0.23 The newsletter is: Sophos enews Here...
Lire la suite
Well, this is not new, but it is not a reason not to talk about that, I guess. THis time, the supposed online MSN access server is hosted on the domain: come-face-the-truth.com. To be more accurate, I recently received the following MSN message, coming...
Lire la suite
As everybody would say, an antivirus is not supposed to take all the system ressources. Taking that into account, I tested ESET Nod on my computers, because I knew it was said to prove quite reasonable memory and CPU usage. Anyway, this was about real...
Lire la suite
Let's act just for once as a Computer Security Incident Response Team member. What a great pleasure... An user called the helpdesk because the antivirus was yelling about a supposed malicious PDF file. The only problem was: this alert was happening while...
Lire la suite