Web blog d'un ingénieur en sécurité informatique. IT Security watcher's blog: news, threats analysis, AV issues, PoC, IT security, bugs... Contact: philippe.vialle@wanadoo.fr
To those who still believe that downloading a file from "common downloadZ websites", here is (another?) kindda sample of how dangerous it can be for your computer... First, the video file displays the following message in the Windows Media Player (or...
Lire la suiteHere is the mail that currently spreads: The link provided does not work itlself. But the real link does: http://noticias. terra.woonet.co.kr/videos/paquistao/terrorismo/osama/05/05/2011/video-proibido-mostra-momento-da-execucao-de-obama-por-agentes-na-operacao.php?0.14094...
Lire la suiteA force de lire un petit peu tout et n'importe quoi sur le sujet, je me suis dit que je devrais mettre à profit le retour d'expériences de quelques années de lutte antivirale (notamment désinfection en centre d'assistance). Je vais donc proposer ici un...
Lire la suiteJust to say that I received a few hours ago a spam , like in the ancient time :), but not in French this time. Here is the link that appears within the body of the email: http://g1.globo.com/sao-paulo/noticia/2011/02/video-em-que-ex-escriva-de-policia-e-despida-em-delegacia-cai-na-internet.html-0.79795...
Lire la suiteHi all, just to say: be very carefull with CamWin running on a Windows Server 2003 (well, yeah that can happen...). You have not only to specify exclusions for the databases themselves, BUT also for the SQL Server binaries! If not, the last updates (for...
Lire la suiteAt the time AV vendors tend to complain about theiir difficulties to maintain a base of malicious software definition (20 millions in 2009, according to Kaspersky?), some people may remember old ideas of creating a "whitelist" of harmless / well known...
Lire la suite
Je n'ai pas honte de le dire, j'ai failli m'y faire prendre moi-même. Voilà le courriel reçu (e 04/11), faussement émis par 123radar que je connais de nom : L'affichage dans Lanikaï est trompeur : le champ envelope-from est en fait : envelope-from
Je vais rédiger cet article en Français, vu que le message et la cible sont francophones... :) J'ai reçu un message, et j'avoue que moi le premier j'ai failli me faire prendre. Heureusement, je me suis souvenu que j'avais résilié il y a quelques mois...
Lire la suite
I had recently to deal with a compromised computer. It was though supposed to be protected by a up to date antivirus with real policies. The file has been detected using Spybot S&D: ZBot. It's been a long time ago since I did not find a malware which...
Lire la suite
Just after the Adobe and French CERTA advisories, I wanted to talk a lil bit about the website that is said to host the Adobe 0day. Here is Adobe's advisory: http://www.adobe.com/support/security/advisories/apsa10-01.html According to Symantec (see: http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-060601-3020-99,...
Lire la suite