Per their blog, Kaspersky has received a couple of Cabir variants with a threat from the author.
Something about having the source code and releasing more dangerous versions of Cabir.
As 29a has been getting attention from the authorities lately and with rumors about the arrest of some of its members, I doubt Vallez is the one making such a threat.
according to Kaspersky, the new variants have not managed as yet to disable the OS install warning.
I do not currently have samples of these variants.
-----
On a side note, McAfee has added a generic detection for Cabir as of the 22 of December.
Friday, December 24, 2004
Thursday, December 23, 2004
Python for Series 60 released
The official Symbian Python distribution for the various Series 60 versions has been released.
I haven't installed the SDK yet, though I notice that there is a Bluetooth example in the package. From the readme it appears that aside from some console display and time issues most scripts should work fine.
Aside from Win32.remabl, I'm not yet aware of any python worms. The cost of entry for Symbian malware authors is now much lower.
Given the size of trojans like Skulls, I would not be surprised if the Python interpreter was installed on a large number of S60 phones by the middle of next year if not sooner. Never underestimate the lure of a free lunch.
I haven't installed the SDK yet, though I notice that there is a Bluetooth example in the package. From the readme it appears that aside from some console display and time issues most scripts should work fine.
Aside from Win32.remabl, I'm not yet aware of any python worms. The cost of entry for Symbian malware authors is now much lower.
Given the size of trojans like Skulls, I would not be surprised if the Python interpreter was installed on a large number of S60 phones by the middle of next year if not sooner. Never underestimate the lure of a free lunch.
Wednesday, December 22, 2004
More Cabir variants
A spate of minor Cabir variants has arisen in the past few weeks. Looks like it's up to G now.
Not really of much interest except that F-Secure now has a generic detection for Cabir. Considering that most "variants" are simply the Cabir worm with a few internal strings modified it is interesting that it has taken until now.
The size of detection databases has been a point of discussion on the Win32 side for some time. It is even more relevant with regard to the relatively limited resources of smartphones. As mentioned recently, types of detections can sometime be an indication of the limitations of a given scan engine. Six to seven independent detections for highly similar variants is a bit wasteful.
Unlike certain Win32 trojans and worms, the source code for Cabir has not been made available. Lacking source code but having a number of functional descriptions it is of note that no copycat/clones of Cabir have been released. The existing variants are minor "script kiddie" alterations. Essentially, the threat is minimal and could have been handled by a generic detection around the time of the C and D variants.
Not really of much interest except that F-Secure now has a generic detection for Cabir. Considering that most "variants" are simply the Cabir worm with a few internal strings modified it is interesting that it has taken until now.
The size of detection databases has been a point of discussion on the Win32 side for some time. It is even more relevant with regard to the relatively limited resources of smartphones. As mentioned recently, types of detections can sometime be an indication of the limitations of a given scan engine. Six to seven independent detections for highly similar variants is a bit wasteful.
Unlike certain Win32 trojans and worms, the source code for Cabir has not been made available. Lacking source code but having a number of functional descriptions it is of note that no copycat/clones of Cabir have been released. The existing variants are minor "script kiddie" alterations. Essentially, the threat is minimal and could have been handled by a generic detection around the time of the C and D variants.
Monday, December 06, 2004
Trend releasing new mobile AV
Just got the press release yesterday. Trend Micro is announcing Mobile Security.
Some points of note:
Some points of note:
- The current download is for Windows Mobile 2003 for Smartphone 2003 only. Other Windows Mobile 2003 editions next month.
Very useful if you have a copy of wince.duts on your phone. Duts.1520 asks permission to infect, so this is not yet that useful.
- The Symbian version ,also due next month, is written to use the UIQ UI instead of Series 60.
Timely if Cabir should ever be ported to UIQ. Still useful if some new fool decides to pull the Skulls trick with UIQ phones.
Subscribe to:
Posts (Atom)
Protecting the ‘Metaverse ecosystem’…: Openness is healthy
Meta’s Reality Labs has an opening for “Malware Reverse Engineer” . Not an uncommon role, but this particular one is a bit more specific whe...
-
Keys can be a bother. You forget them inside the apartment, they're stuck in a pocket or bag with your arms full, or you just lose them.... -
The Internet of Things is not as complex as one would think. Smart Objects(e.g. Power meters, Fridge computers, etc.) or "Things" ...