Johannes Ullrich
Johannes Ullrich
Johannes Ullrich is the founder of DShield. DShield is now part of the SANS Internet Storm Center which he leads since it was created from Incidents.org and DShield back in 2001. In 2005, he was named one of the 50 most powerful people in Networking by Network World Magazine. He is the dean of research, and an instructor for the SANS Institute...
assembly available both code difficult functions limits operating relying virus work worm
Writing a cross-platform worm is difficult because it limits you to functions that are available on both operating systems. You have to also code the virus in assembly to make it work without relying on any OS-specific function.
activity becomes increase linux virus
I think we'll see an increase in virus activity as Linux becomes more mainstream.
apple call everybody operating sort viruses
It?s sort of a wake-up call for Apple users. Everybody focuses on Windows, but there are viruses for other operating systems.
basically built doors
We've basically built doors now for 4,000 years and still have burglaries.
against attack average defend hard problem
The problem with this attack is that it is so hard to defend against for the average user.
basically capable keeping last longer lost
Particularly over the last year, anti-virus (programs) have lost a lot of their effectiveness. They are basically no longer capable of keeping up with the proliferation of new viruses.
ask connect control network tries
will connect to a control server to ask for instructions. It scans network neighborhoods and tries to infect them, as well.
attempts aware blocks carefully checked exploit official patch percent sure tested worth
We carefully checked this patch and are 100 percent sure that it is not malicious. The patch is, of course, not as carefully tested as an official patch. But we feel it is worth the risk. We know it blocks all exploit attempts we are aware of.
based company convinced customers danger days early explorer given imminent internet issue microsoft patch patches prior production public release released require stated suspect within
We do suspect that Microsoft will still release an early patch given the imminent danger to its customers from this flaw. As stated by the company about two years ago, patches can be released within two days if needed. Based on prior public commitments, we do suspect that Microsoft will issue the patch early once they are convinced that customers require the use of Internet Explorer in production environments.
connected laptop
Typically, the infective vector is a laptop connected to unsecured networks,
cause chance patch side
Each patch (official or not) has a chance to 'blow up' and cause unintended side effects.
bragging looking teenagers
It used to be teenagers looking for bragging rights. Now it's done for profit.
attack cause code execute itself knew known mark memory problem remote until
The vulnerability itself has been known about for a while, but it was only a problem for a denial-of-service attack that would sometimes cause IE to crash. Up until now, no one knew how to mark the code and find it in memory to execute a remote code attack.
allow bad compromise crash excel file hackers program trying word
What hackers are trying to find is, if they can make a bad Excel file or a bad Word file, does the program crash and allow them to compromise the system.