Articles by F Ho

October Patch Tuesday

danger-zone

Patch Tuesday has arrived again and this time we have a set of ten updates.  Nine from Microsoft and one from Adobe. Nine of these potentially allow remote code execution and the tenth involves information disclosure. For the full list Read more…

Oh Look. Another 419 Scam

Oh Look.  Another 419 Scam.

You've seen them before. The advance fee fraud or the 419 scams. The one where a prince, a distressed widow, or an unscrupulous but half literate bank manager contacts you with a proposal. Invariably, there is a large frozen bank Read more…

Patch for Link Handling

Default image

Microsoft has just released a security bulletin detailing a vulnerability in the way the Windows shell handles link files. An exploited link will trigger its payload when viewed form Windows Explorer.  The user does not have to click on it. Read more…

June 2010 Patch Tuesday - have you updated your computers?

Default image

This month Microsoft has released ten vulnerability updates, some of which they have labelled as "critical". The June updates include: MS10-033 - Vulnerability in media decompression libraries could allow remote code execution. MS10-038 - Multiple vulnerabilities in Microsoft Excel which Read more…

Contraband Imports

Contraband Imports

One of the issues malware writers deal with is having their programs load and execute on a victim's computer. An unwary victim may click on an email attachment and have the malware run once. But in order to continue to Read more…

ROFL Is This You on Here?

Image (1) twphish.jpg for post 24420

The direct message arrived in my Twitter account: "rofl is this you on here?" followed by a link. Oh no!  Are there embarrassing pictures of me on the Internet?  Again?! After calming down a bit, my cynicism prevails. Let's see Read more…

FakeAV -- Now with Porn!

Image (1) scan.jpg for post 24017

Once upon a time, surfing to a compromised porn site exposed the user to fake antivirus software through driveby downloads. I recently came across a sample that turns this concept around. Running the executable file does nothing at first but Read more…

Stupid Mario Bluster - malware worm becomes parasitic

Default image

I've been following the MarioF worm family for some time now. Until recently, it had a unique method of running itself when the computer boots. The worm made a subtle patch to user32.dll. It is easy to miss that patch Read more…

Picture Picture in the Worm

Image (1) smallpic.jpg for post 23059

I came across a worm this week that had some interesting properties. The worm was written using a copy of Visual Basic. Nothing unusual about that. This time, however, the author decided to include a portrait as an icon. I Read more…

Leave Britney Alone!!!!!!

Image (1) britney_spam_pic.jpg for post 19903

There will come a day, I'm sure, when anthropologists and historians will study spam. Spammers must craft content that intrigues us enough to click on links and risk infecting our computers. Spam, unfortunately, contains a snapshot of our interests as Read more…

The Zlob Glob

Default image

An interesting website was brought to our attention yesterday. The server hosted a php file that can send out over 1500 different versions of the same malware. Each version was slightly different in an attempt to avoid detection. Most likely, Read more…

Space Invaders

Default image

I was looking around in MySpace the other day when I came across the profile of someone I know quite well. At least I thought I knew him well until I saw his bulletin board where he proclaimed his great Read more…