F-Secure has an additional blog that launched today. It’s called Safe and Savvy . You’ll notice that the name is pink. That’s part of our new brand but it also reflects the authorship. Safe and Savvy’s contributors are the female employees of F-Secure (mostly). Hetta, Marja, Annika, Alia, Melody-Jane, (and Jason) have already gotten started. Read more of Hetta’s  Read More →

Microsoft schedules its security updates on the second Tuesday of the month. Adobe recently began following this schedule as well, and while there are no Adobe updates today, there was an out-of-cycle security update two weeks ago. That update should now be applied if you haven’t already done so. Why? Because we’re now seeing the vulnerability (CVE-2010-0188) being exploited in targeted attacks ( Microsoft also ). Our sample was submitted... 

As ” JiLsi ” — one of the online criminals from Darkmarket — was sentenced last week to almost five years in prison, we have received some media queries on the case. In particular, one journalist wanted to know what JiLsi (aka Renu Subramaniam), Matrix001 (aka Markus Kellerer) and Cha0 (aka Çağatay Evyapan) looked like when they were posting to the Darkmarket forum. So I went back to  Read More →

Somebody is trying to pose as us. If you see an email like the one below, please ignore it:  Read More →

Just when we thought SEO using Flash was as interesting as SEO poisoning can get, it seems it’s getting even sneakier… Imagine a PDF file posted by someone evil online. Of course, Google being Google, the file is recognized as a PDF. And when we open it, it really is a PDF. No evil codes inside, just a good old vanilla PDF file. Three hours later… Google still says the file is a PDF. Brod (one of our geeky guys here) is attributing... 

Another day, another news, and well… another SEO poisoning stint. Using PDF files in SEO poisoning is a bit recent, but not exactly fresh news. So we were thinking of just adding the malicious URLs to our Browsing Protection and creating detections for the corresponding files… Then, we saw something: Ok, could be one time thing, so we checked the other sites: And in the usual …  Read More →

Remember Microsoft’s action against 277 Waledac domains last week? Well, that’s one way of going after a botnet… Another way of shutting down a botnet? Arrest the botmasters! Three Spanish citizens have been arrested for running the “Mariposa” botnet. The three reportedly have no criminal records and have limited hacking skills. Mariposa is a Butterfly Kit based botnet, and the kit is no longer for sale. Details are... 

Charlie Miller, the Pwn2Own contest winner for two years in a row, gives his take on Internet security. Guess what — your Mac OS is no less vulnerable than its Microsoft Windows counterpart. Windows 7 or Snow Leopard , which of these two commercial OS will be harder to hack and why? Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash... 

Moscone Center, San Francisco, USA is the site of this week’s RSA Conference 2010 . It’s the world’s largest information security industry conference with well over 10,000 attendees. For some perspective on just how big it is: there are 19 different tracks of talks going on at the same time given by 556 speakers . This year we have three talks being presented by fellows of F-Secure: Mikko has two presentations, “Case m00p”... 

We’ve been seeing a gradual shift in malicious PDF file coding (no surprise there, we know malware authors can and do adapt their techniques). For a long time, we saw malicious PDF files that were simple enough to allow us to readily decipher the intent of the malicious code — shell code, download/execute, drop and load, et cetera. Now we’re seeing more and more complex obfuscation being used, which requires us to break down... 

Microsoft took a stab at Waledac bots last April when they added detection to their Malicious Software Removal Tool (MSRT). The MSRT is part of their monthly Microsoft Updates package. Well this week, Microsoft is going after the Waledac botnet en masse , by taking down 277 dot.com Command & Control servers. Kudos to Microsoft. We hope this endeavor is successful. We haven’t yet seen a drop in spam or bot samples, but we’re waiting... 

More than 60 websites have been found to be hotbeds for SEO poisoning. Each of these domains host hundreds of possible matches for search keys. Also, the topics in one domain overlap with that of the other domain, thus making it possible that they will both emerge in the search results. Topics range from the Winter Olympics Luge Crash to the death of Alexander McQueen and even to NASCAR Schedule. When an unsuspecting user happens to input a particular... 

SC Magazine (US) is hosting security blog awards next week at RSA Conference 2010 and our own Mikko Hypponen is among the nominees in the Five to Follow on Twitter category. Mikko decided to take a look at ” this Twitter thingy ” last year and has now posted over 900 tweets with more than 5,600 followers. Here’s an example of the type of thing you might find from his feed. Lots of good stuff there… Here’s SC Mag’s... 

Why is it that banking trojans are a problem when all online banks are HTTPS secured and many of them employ multi-factor authentication? The answer: Humans are not digital. If we would have a network cable attached to our brain, and our brain could decrypt and encrypt SSL, there would be no problem. However, due to the “analog” interfaces which …  Read More →

The lab has a survey request. As Windows 7 gains market share, code signing is becoming more important for software developers. A byproduct of more clean code being signed is that malware authors now have greater incentives to get their stuff signed in order to prevent it from being easily distinguished from legitimate software. With this in mind, we’d like to run a questionnaire aimed at developers who sign their code. So if you’re...