Virus Total returned 96.88% detection rate which is 31/32 different AntiVirus scanners detect this malware. [VirusTotal Detection]
The culprit … As you can see in the screenshot below, autorun.inf contains instructions that allows USB to auto play once it is mounted in the computer and thereafter, automatically execute sys.exe.
McAfee detects this malware as W32/CEP.worm!33925d66 and has already published a malware report found here.
ThreatExpert Report here.
It feels good when your old malware reports still exist. I’m saying this because there was once a ruling (Trend Micro AV guidelines) that the last one who analyzed and modified the report gets the credit. So, the original analyst name is removed. I think they already modified this rule …
I remember this, the detection name was named after my sister – Minehaha.
I can’t find my name anymore… TROJ_THEMS — Meths. Actually, the rule is if its new and nobody detects it, then the analyst can name it (of course, following the naming conventions and guidelines).
Speaking of malware naming conventions, this topic is currently a who lot confusion to the industry… few AVs follow CARO naming scheme while others have their own.
Another thing is ethical issue, usually everyone gives the credit of following the detection name if someone already created the detection for that malware (given the name is right – meaning it is readable and doesn’t have any conflicts to a person, company and etc..) but some AV doesn’t follow instead they create their own name (perhaps, for marketing and PR/media purposes).
Refer this recent list/update from AVTest.org:
2008-05-12 Cross Reference List of Virus Names
Each vendor of anti-virus software has a different naming convention and the same virus could have a completely different name in another company’s product. To provide a candle in the dark and diminish the current confusion we created a cross-reference list of all virus names (421 KB), based on the WildList 03/2008
When serial entrepreneur Jason Calacanis took the stage at the CeBIT technology conference this week in Sydney, some audience members weren’t sure how to react to his comments. Responses ranged from nervous laughs and stoic looks to bemusement and knowing nods.
Fire the good people
“Fire the good people,” says Calacanis. “Fire them immediately. In a startup company, you can’t waste time on good people. You need excellent people. The excellent people do five times more than the good people.”
Calacanis emphasises that you can replace a good person with someone who is excellent. If you don’t fire the good or average people, Calacanis says: “The excellent people leave because there are just average people around.”
[Read Sydney Morning Herald Blog]
It’s amazing to see different ICT exhibitors all gathered in one roof for three days in CeBIT Australia 2008.
Actually, I missed the first day but it’s alright. I was excited on the second day, where I woke up early to get there at exactly 8:00 am for BloggerZone breakfast (this is a limited invitation to all bloggers around Australia).
The exhibit opens at 10:00am but with the blogger ID we (with my husband) were able to get in early and roam around, while everyone is still rushing to prepare.
As an electronic consumer, I was interested to see new and impressive gadgets but I end-up realizing that we need those CPU cabinets and power rack.
As we were walking around, we noticed that there are only few AntiVirus company there: AVG, ESET, Kingsoft and F-Secure; other security companies are GFI, IntelliGuard and MailGuard. ESET has the most impressive stand because of the data presented that shows their leading detection rate which covers prevalence and zero day threats, heuristics as well as zero false positives (these informations are base on independent AV testers and reviewers).
As we were heading to exit the exhibition hall, I noticed a small device (a thin client) from ThinLinx. Thanks to its CEO John Nicholls who was very welcoming and spent the time discussing to us.
In ceBIT you get freebies, so what I got ? CDs, ballpens, magazines, stickers and red hat (obviously, from RedHat).
Errata Security has presented the idea of Data Seepage in BlackHat Federal last year. This ideas has been defined as …
“data seepage”: bits of benign data that people willingly broadcast to the world (as opposed to “leakage”, which is data people want to hide from the world).
It’s interesting that this bits of data are also known as friendly informations. These are your digital footprints which can be used by hackers to gather or construct information about you. Yes, this is how vulnerable we are …
As an iphone user and security aware person, I was really excited when Errata blogged “Call for Beta Tester”. So, I immediately send my interest to volunteer and join as beta tester for Ferret (data seepage detection tool) iphone package and they accepted it.
I’m looking forward to see more security tools in iphone as well as in Mac.
These are phising sites that employs social engineering technique to lure MSN users in giving out their email address and password.
This is the best application i have installed in my mobile phones: iphone and nokia n95.
Using fring you can online all you messengers from YM, ICQ, AOL, Google Talk, MSN, SIP, Skype and Fring. If you have WIFI in your home, office, perhaps you’re in coffee shop or any access point, this application is incredibly useful which makes you always get connected. The best thing is you can call anyone for FREE. How cool is that!!
It’s currently in beta version but all functionalities you expect are working well. http://www.fring.com/