Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Crime is still Crime! Pt 2

Published: 2011-02-07
Last Updated: 2011-02-07 15:10:08 UTC
by Richard Porter (Version: 1)
3 comment(s)


There is an interesting piece running on several web news outlets and twitter is abuzz with HBGary Federal being hacked by Anonymous. HBGary was in the news less than 3 days ago stating they were tracking down members of Anonymous and aiding the FBI.

Last month we ran a piece Crime is still Crime and were assessing the risks of non-security firms "attacking back."

http://www.isc.sans.org/diary.html?storyid=10300

With today's events and HBGary having an incident it re-enforces the advice for of assess your risk and posture before attacking back. Esspecially for those that are not in the Information Security field. If your revenue driver is making baby bottles then ask yourself is this the right move and do I have the skill set on staff.

Less than 3 days ago:
http://uk.finance.yahoo.com/news/Cyberactivists-warned-arrest-ftimes-3487898538.html?x=0
Today:
http://nakedsecurity.sophos.com/2011/02/07/hbgary-federal-hacked-and-exposed-by-anonymous/

I have been following these events (And will continue to follow) from the start as they cross government lines and this could set legal precedent for the future. Let's stay tuned as this takes shape.

And remember a paraphrase/quote from Cliff Stoll's The Cuckoo's Egg "Professionals don't make big mistakes, they make little ones!"

Richard Porter

--- ISC Handler on Duty

3 comment(s)

The Good , the Bad and the Unknown Online Scanners

Published: 2011-02-07
Last Updated: 2011-02-07 03:41:48 UTC
by Pedro Bueno (Version: 1)
1 comment(s)
 
The Good , the Bad and the Unknown Online Scanners
 
 
Online Virus Scanners are quite common services, usually offered by individual Anti-Virus vendors, and most major AV's offers it. 
But sometimes, you may want to check if other AV's are seeing anything malicious on a file, and for this reason the Online Multi-AV Scanners exists.
Over the past few years we saw really good examples of these services, such as Hispasec's VirusToal and many others, that while should not be 
used as an AV comparative test, will give a good idea if a file is malicious or not.
 
The good Multi-AV Online Scanners provide good level of information to the community, such as allowing for search based on the file Hash, and 
some level of feedback to the security companies. 
 
However, the malware writers also found out about it and are now looking for such services that are not willing to contribute to the security
community.
 
What follows below is a compiled list that I've been observing and researching from some time.
 
I classified them as RED, YELLOW and GREEN.
 
RED means is/was actively being used by malware writers/cyber criminals to create/verify malware
YELLOW means that I consider it suspicious but could not find enough info to classify as RED.
GREEN means general purpose AV Scanner websites that contribute/share results with AV industry.
 
virustotal.com - GREEN
filterbit.com - GREEN
virscan.org - GREEN
scanner.novirusthanks.org - GREEN
virusscan.jotti.org - GREEN
 
scanner.virus.org - YELLOW
viruschief.com - YELLOW
virus-trap.org - YELLOW
killv.com - YELLOW
 
virtest.com - RED
avcheck.ru - RED
avcheck.biz - RED
scan4you.net - RED
avhide.com - RED
nicescan.net - RED
 
Another technique used by the malware writers is the use of standalone multi scanners, where KIMS seems to be the most popular one.
 
So, from now on, before you scan your file, I would recommend those marked as Green.
 
If you have good info about the ones marked as Yellow, please share with me and I will update this diary as needed.
 
--------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno // isc. sans. org)
Twitter: twitter.com/besecure
www.mysectools.com
 
Keywords: av malware scanner virus
1 comment(s)
Diary Archives