03 May Internationalized Domain Names used to spread malware Fabio Assolini
13 Aug Whitelisting - how it protects us Dennis
14 Jul Bluelisting - pros and cons David
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
As we published last year, the first Internationalized domain names (IDN) using non-Latin characters appeared on the internet; these contain characters from Cyrillic, Arabic and other languages. We also started to see some news domains using diacritics such as “à, á, â, ã, é, ê, í, ó, ô, õ, ò, ú, ü, ç” in their names, or accents, for instance as seen in http://amarylliscomunicação.com.br.
It’s also important to point that some browsers and mail readers aren’t prepared to show these characters correctly. A domain in Arabic such as http://وزارة-الأتصالات.مصر/ might be shown as http://xn--4gbrim.xn----ymcbaaajlc6dj7bxne2c.xn--wgbh1c in your mailbox. We call this alternate way to show non-latin characters punycode.
During our regular monitoring of malicious activities in Brazil, we discovered an interesting and legitimate URL shortener service which is using the diacritics “ó.ò” in his name:
Malware writers are inventing new attacks regularly - but the anti-virus industry invents new protection techniques just as regularly. Whitelisting is on of the newer protection technology which are now standard in Internet Security products. It sounds positive, but how does it actually work? Does it overload your computer? How can developers whitelist their programs? Will whitelisting replace other protection technologies?
Join Andrey Nikishin, Director of Cloud and Content Technology Research, Vladimir Zapolyansky, Manager of Whitlelisting and myself as we discuss how whitelisting itself works. We will also discuss how software writers can join our program and what the benefits are for them.
I'm sure most of us are familiar with whitelisting. It's the idea of filtering applications (or emails, depending on the context) and allowing only those that are explicitly listed.
Well, what about 'bluelisting', i.e using a database of digital fingerprints to find pornographic content on a drive?
It's easy to see why such a solution might be attractive. It could help parents to shield their children from pornographic content. It could help businesses avoid the HR and legal fallout from the presence of such content on corporate systems and eliminate the hit on corporate bandwidth associated with pornographic downloads. And it could help law enforcement agencies track down those storing illegal images.
However, it seems to me that while such an approach may tell us 'What?' and 'Where?', it does little to tell us 'Who?' and 'How?'; and these are the key questions in a forensic investigation. There have already been several cases of people accused of downloading pornographic content who have claimed that a Trojan was responsible for the download: man cleared of porn charges, trojan responsible for porn and new trial in porn case.