There is an infinite number of ways to calculate 2010, here is a fairly fun list of some of them.

The past year showed massive numbers of malware being run on systems across the globe. Behind the malware was an active malware marketplace, often with forums full of services for hire, advice on distributing and maintaining crimeware, and devious ways to hire money-mules.

Just before we pop corks at the arrival of 2010 and the passing of 2009, let’s take a quick look at the second half of 2009.

November 30th is World Computer Security Day. In conjunction with the event, the Forum of Incidence Response and Security Teams (FIRST) held a Technical Colloquium in Kuala Lumpur, which a few Analysts from our KUL Response Lab attended.

There were a number of interesting presentations, mostly dealing with the state of the Internet or the threat landscape today. There were also more technical demonstrations related to use of malware analysis tools.

Last week, Christine noted that Patch Tuesday the 13th is approaching. In fact, it's tomorrow.

This month's Microsoft Updates include 13 bulletins which fix 34 vulnerabilities. This is going to be a large number of updates.

Thanks to an effective PR strategy, most probably everybody has heard about URLZone by now.

Some hugely prevalent, worming families just won't wither away and disappear. They top vendors' prevalence lists for years on end, even as the malcode fails to serve its original purpose. As the ThreatFire community grows its presence in Mexico and Brazil, it protects more users from a relentless worm originally distributed from Indonesia, Brontok.

One of the Fellows from our Munich office, Rüediger, has written a paper on worms (including Conficker) in the course of his studies, which we'd like to share.

The paper is written in German and is available here (PDF, 2MB). Feel free to download and enjoy.

On 19/08/09 At 01:48 AM

In Las Vegas, the first day of the Black Hat briefings is nearly complete. Black Hat is one of the biggest security conferences and always attracts skilled researchers to present their work.

Having worked quite a bit with our BlackLight rootkit scanning technology I ended up sitting a lot in the Rootkit track sessions. Day 1 included some interesting presentations:

Stoned Bootkit, Peter Kleissner

There's evidence that the Conficker botnet (oh, did you really think they distributed those millions of bots without a plan to monetize them?) is now being used on a "for hire" basis. A story from the UK referencing a new report from Cisco, states that malware called Waledec is being distributed via Conficker's millions of infected computers. Waledec uses your system to send out spam and spread itself to other computers.

So says the spam that couldn’t spell Conficker correctly. The spam noted that Symantec was working with Microsoft to create a patch for "Conflicker." According to the spam message, Conficker is also called "Troj/Brisv.A." Wow!