Re: today in the news

["Dude VanWinkle" <dudevanwinkle () gmail com>]

This one (from one of the later stories) is interesting, if true:

Eighty percent of new malware defeats antivirus (eye catching eh?)

from: 
http://www.zdnet.com.au/news/security/soa/Eighty_percent_of_new_malware_defeats_antivirus/0,2000061744,39263949,00.htm

or from: http://tinyurl.com/nmj6v  (for those using MS)

"At the point we see it as a CERT, which is very early on -- the most
popular brands of antivirus on the market … have an 80 percent miss
rate. That is not a detection rate that is a miss rate.(")

"So if you are running these pieces of software, eight out of 10
pieces of malicious code are going to get in," said Ingram.


------------------------------------------------

hmm, so if you are a "first wave" hit, then 80% of malware will make
it through your AV?

How would you test that?

-JP<who is guessing all ports were open and users were click happy
with no SMTP filtering in this "test" ;-)>


On 7/24/06, Paul Vixie <paul () vix com> wrote:
> http://news.com.com/2010-7355_3-6097678.html?part=rss&tag=6097678
> "Perspective:  Zero-day Wednesdays"
>
>        Somewhere--perhaps in the United States, but more likely, somewhere in
>        China--a man walks out of a nondescript building, casts his eyes upon
>        the urban landscape around him after spending an eight-hour day
>        staring at a computer screen, and lights a cigarette.
>
>        He does not know his bosses by name or by face; he knows only that he
>        is paid, and paid pretty well, for his research. Like a legitimate
>        computer-security researcher, he uses automated testing tools against
>        Microsoft Office software, probing for buffer overflows, pointer
>        errors or negative integers in Word, Excel and PowerPoint. Unlike a
>        legitimate security professional, he does not report what he finds to
>        Microsoft.
>
>        ...
>
> http://it.slashdot.org/article.pl?sid=06/07/24/1442238
> "Sophos Reveals Latest Spam-Relaying Countries"
>
>        "For the first time in more than two years, the United States has
>        failed to make inroads into its spam-relaying problem.  The U.S.
>        remains stuck at the top of the chart and is the source of 23.2
>        percent of the world's spam. Its closest rivals are China and South
>        Korea, although both of these nations have managed to reduce their
>        statistics since Q1 2006. The vast majority of this spam is relayed by
>        'zombies,' also known as botnet computers."
>
>        ...
>
> http://it.slashdot.org/article.pl?sid=06/07/22/1612257
> "Why Popular Anti-Virus Apps 'Don't Work'"
>
>        Avantare writes "ZDNet Australia has a writeup about why AV apps don't
>        work. The reason given is because the malware authors are writing code
>        that will get around the signatures of the application by testing
>        their code on the most popular anti-virus software before release."
>        This comes as a follow up to another article detailing the sad state
>        of anti-virus software currently on the market.
>
>        ...
>
> http://it.slashdot.org/article.pl?sid=06/07/20/042253
> "Banner Ad on Myspace Serves Adware to 1 Million"
>
>        An anonymous reader writes "Washingtonpost.com's Security Fix blog
>        reports that a banner ad running on MySpace.com and other Web sites
>        used a Windows security flaw to push adware and spyware out to more
>        than one million computer users this week. The attack leveraged the
>        Windows Metafile (WMF) exploit to install programs in the
>        PurityScan/ClickSpring family of adware, which bombards the user with
>        pop-up ads and tracks their Web usage."
>
>        ...
>
> http://it.slashdot.org/article.pl?sid=06/07/18/0237221
> "Open Source Malware Search Engine"
>
>        chr0.ot writes "Metasploit creator HD Moore has released an
>        open-source search engine that finds live malware samples through
>        Google queries. From the article: 'The new Malware Search project
>        provides a Web interface that allows anyone to enter the name of a
>        known virus or Trojan and find Google results for Web sites hosting
>        malicious executables.' The tool then searches for actual malware
>        signatures and uses the signature output from ClamAV to find the name
>        of the malware. This is then used in conjunction with a PE signature
>        matching method to form a Google query. Afterwards the malware can
>        then be downloaded directly from Google."
>
>        ...
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.