Sicurezza IT proattiva
 

Snorre Fagerland's entries

Snorre Fagerland has worked for Norman as malware analyst since 1998. He built Norman's first signature database system, has programmed parts of the Norman Scan Engine

Snorre Fagerland is a frequent speaker on malware issues home and abroad.

Antivirus SSDT hook bypass vulnerability   Commento [0]

Snorre Fagerland May 11, 2010

Recent reports have detailed a problem with many antivirus solutions that use so-called SSDT hooking to inspect programs for malicious content. Norman also uses this technology, and can at this time be bypassed this way.

The question remains, how big a problem is this for the users?
The effect of the vulnerability is that malicious software may be able to attack running antivirus solutions and aspects of their malware detection and self defense mechanisms. This is achieved by creating a so-called…

Ulteriori informazioni
Blog tags: Malware, Vulnerabilities / Exploits

Hoaxing Facebook   Commento [0]

Snorre Fagerland January 27, 2010

We have received reports of a new scare running among Facebook users. The message is approximately as follows:

Has your facebook been running slow lately? Go to "Settings" and select "application settings", change the dropdown box to "added to profile". If you see one in there called "un named app" delete it ... It's an internal spybot. Pass it on. THIS IS NOT A DRILL!! ------

And indeed, most users will actually have such an application in their “added to profile” box. Relax. Breathe out. This…

Ulteriori informazioni
Blog tags: Social networks, Malware, New trends

[CVE-2010-0249] Vulnerability in Internet Explorer Could Allow Remote Code Execution   Commento [3]

Snorre Fagerland January 21, 2010

Microsoft advisory: http://www.microsoft.com/technet/security/advisory/979352.mspx

This security flaw, which was revealed about a week ago, is a threat that we follow closely. As of this writing we and others have seen a limited number of in-the-wild attacks using this. Some of these attacks were quite serious, affecting large targets like Google and Adobe (http://threatpost.com/en_us/blogs/inside-aurora-malware-011910).

The various virus scanners from Norman detect the known malwares that are installed…

Ulteriori informazioni
Blog tags: Vulnerabilities / Exploits

Apply brain   Commento [0]

Snorre Fagerland December 11, 2009

The Christmas holiday is almost upon us, and it is a good time to remind people that malware authors are likely to try to exploit periods like this to increase their spread of malware. They usually do this by sending emails and messages with content tailored to the occasion; f.ex. “Christmas e-card” or “Happy new year ”. And of course, to read your greeting you’ll have to install something that claims to be a plugin or similar, but invariably is a malicious program.
Actually, this problem is not specific…

Ulteriori informazioni
Blog tags: General security, Malware, Spam

A blast from the past – the source code virus Induc.A   Commento [0]

Snorre Fagerland August 21, 2009

Some days ago, Andreas Marx (of av-test.org) sent a copy of a new virus to all antivirus companies, with a warning that infected files were found on some magazine CD/DVD’s. True enough, the virus was new to the attention of antivirus companies. The virus was W32/Induc.A. This is something of a rarity – it is a source code infector. These viruses do not propagate directly from macine to machine, nor to they attach themselves directly to executables found on the victim machine. Instead, they try to…

Ulteriori informazioni
Blog tags: Malware
Previous >>