Ken Dunham
Ken Dunham
computers effort files handful reality security thousands victory
The reality is that there could have been hundreds of thousands of computers with overwritten files today. Instead, we only have a handful of reports, and that is a hands-down victory for the collaborative effort of the security community.
plenty ways
There are plenty of ways to get around all of those things.
computers connect date download found infected last likely reverse sober works
We did reverse engineering on the variants, and found this date in the code. The way this works is that at a pre-determined time, computers already infected with Sober will connect with specified servers and download a new payload, which will likely be spammed out in the millions, as was the last version.
add commercial free opinion package pay primary programs second time
Pay for one commercial package and add one or more free programs. Set the primary package to scan all the time and use the second ary programs only when you need them, so they don't conflict. It's like getting a second opinion from a doctor.
activity future increased mac shows threats viability
It shows increased activity and viability for future Macintosh-based threats on the Mac OS X platform.
media people primarily
It's primarily a media term. It's something people are going to read about.
afternoon anytime evening
The attack, if it comes, could come anytime after the afternoon and the evening of the 5th.
almost available data doubt evolving help impossible increased intelligence lead qualified research slowly threats worm
Slowly evolving threats like Grew.A often lead to increased fear, uncertainty and doubt without the help of an intelligence provider. It makes it almost impossible for some to get qualified research data on a worm when there is so much misinformation, aliases, and other data available on the Internet.
close date earlier found gotten group inside likely maybe might police sober version
Then, we thought maybe the police had gotten inside the group that made Sober and might be close to an arrest. But now it's likely that they found a date coded inside an earlier version of the worm.
assets available small
It's such a small population. Other assets are available to attack.
likely near past successful taken twelve
WMF exploitation has taken off in the past twelve hours. It's likely that WMF exploitation will be very successful in the near term.
proven social threat type worm written
This is a social engineering worm written in Russian. It is interesting when you look at it. This is a Java-based type of threat and it has been proven to be successful. We need to look at this and see what is going to be the threat down the road.
code compared criminals expect financial fraud high might people profits types yield
This is not something I would expect to yield very high profits for criminals as compared to other types of financial fraud and extortion that might take place. Many people have backups of their files, and now the code has been cracked.
attacks concerned targeted threats trend
This is one of those big, under-the-radar threats that we've been concerned about. There has been a trend away from big-bang attacks to very targeted and sophisticated attacks that take place right under your nose. This is one of them.