PR Storm

Great to see that Mike Rothman and Bill Brenner know how to read between the lines. Here's a related point of view on the Storm Worm - Why do users still receive attachments they are not supposed to click on?

Meanwhile, Eric Lubow (Guardian Digital, Linuxsecurity.com) have recently joined the security blogosphere and I'll be keeping an eye on his blog for sure -- hope it's mutual. Two more rather fresh blogs worth reading are ITsecurity.com's one -- how's it going Kev -- and Panda Software's blog. And with PandaLabs now blogging, the number of anti virus vendors without a blog, namely still living in the press release world is getting smaller. I remember the last time I was responsible for writing press releases for a vendor I'd rather not associate myself with, and how Web 1.0 the whole practice was. If you really want to evolve from branding to communicating value, hire a blogger that's anticipating corporate citizenship given he's commissioned, and reboot your PR channels.

Clustering Phishing Attacks

Clustering a phishing attack to get an in-depth and complete view on the inner workings of a major phishing outbreak or a specific campaign only - that's just among the many other applications of the InternetPerils. Backed up with neat visualization features, taking a layered approach, thus, make it easier for analysts do their jobs faster, its capabilities are already scoring points in the information security industry :

"InternetPerils has discovered that those phishing servers cluster, and infest ISPs at the same locations for weeks or months. Here's an example of a phishing cluster in Germany, ever-changing yet persistent for four months, according to path data collected and processed by InternetPerils, using phishing server addresses from the Anti-Phishing Working Group (APWG) repository. The above animation demonstrates a persistent phishing cluster detected and analyzed by InternetPerils using server addresses from 20 dumps of the APWG repository, the earliest shown 17 May and the latest 20 September. This phishing cluster continues to persist after the dates depicted, and InternetPerils continues to track it."

Here are seven other interesting anti-phishing projects, and a hint to the ISPs who really want to know what their customers are (unknowingly) up to.

Visual Thesaurus on Security

In case you haven't heard of the Thinkmap Visual Thesaurus, it's an "interactive dictionary and thesaurus which creates word maps that blossom with meanings and branch to related words. Its innovative display encourages exploration and learning. You'll understand language in a powerful new way." With its current database size and outstanding usability build into the interface, it has a lot of potential for growth, and I'm sure you'll find out the same if you play with it for a little while.

Testing Anti Virus Software Against Packed Malware

Very interesting idea as packed malware is something rather common these days, and as we've seen the recent use of commercial packers in the "skype trojan" malware authors are definitely aware of the concept. What the authors did was to pack the following malware using 21 different packers/software protectors - Backdoor.Win32.BO_Installer, Email-Worm.Win32.Bagle, Email-Worm.Win32.Menger, Email-Worm.Win32.Naked, Email-Worm.Win32.Swen, Worm.Win32.AimVen, Trojan-PSW.Win32.Avisa, Trojan-Clicker.Win32.Getfound, and scan them with various anti virus software to measure which ones excel at detecting packed malware. What some vendors are best at detecting others doesn't have a clue about, but the more data to back up your personal experience, the better for your decision-making.