ICSA Labs Security Testing Blog


This morning, we woke up to find this SMISH (Sms Phish) on my wife’s cell phone…

Given that we don’t have an account with a Federal Credit Union, it was instantly obvious that it was a scam, but we decided to play along.

I called the number, and it was answered by an automated voice mail system, (which in humor is accessible to older geeks, we shall call Eliza… sorry if you don’t get that bit).

Shamoon – a week later

Late last week, word surfaced about a new piece of malware that had apparently attacked an oil company by overwriting all or most files on a victim’s pc, and then overwriting the Master Boot Record. 

My initial reaction, upon looking at the code, was that it was:

Clickjackers still Chasing Facebook

A friend recently asked me to check whether a particular link was malicious, so I fired up my trusty sacrificial goat pc, and clicked the link in question.

I was taken to this page that on the surface looks a bit like a Facebook page…

DNS Changer Catch 22

In my last blog I talked about the DNS Changer and its impact on victims.  Today, the DNS Changer deadline has arrived, which means victims of DNS Changer are kicked off the Internet until they have their computer fixed. 

An obvious problem is this: Many people need software to fix their computers.

So you have a catch 22…
Those that need to fix their computer need software, but the software is on Internet sites they can’t get access.

Cloud Security: Not all Clouds are Created Equal

This was my initial response to a question posed by the panel moderator, Brad Gow at the NetDiligence Cyber Risk and Privacy Forum a few weeks back.  Our panel was focused on emerging technologies, and was comprised of myself, Tom Kellerman (Trend Micro), Mike Viscuso (Carbon Black), Brad Gow (Endurance Insurance), and Mark Teolis (

A Hidden Apple in the DNS Changer Sandwich

I wonder if I am following the right crowd on Twitter? Last week, I was inundated with a superabundance of tweets about battling DNS Changer. Sources everywhere warned that if you didn’t take steps soon, you could lose access to the Internet on Monday July 9th (i.e., today). With so many folks tweeting, blogging, and writing articles about the evils of DNS Changer, one might suspect that it’s a really big problem out there on the Internet...

Will Malware Knock Thousands Off the Internet?


DnsChanger deadline looming

The DnsChanger deadline is this coming Monday. In short, any personal computer infected by this DnsChanger malware will no longer be able to access the Internet until it is cleaned.   


Are You Being Followed?


No, you’re probably not being followed.  Or at least, let’s hope no one is following you.  And while there may not be a person keeping tabs on your whereabouts, you’re probably carrying something that can and often does keep track of you.  That something is your smart phone.  

The Flame Reality & Swiss Cheese Security

Two articles appeared overnight that got me thinking. The first is a Reuter’s piece that says Iran has discovered and preempted a “massive, new cyber attack”. No real details are available, so it might be so, or it might not. It might even just be talking about Flame. http://www.reuters.com/article/2012/06/21/us-iran-cyber-nuclear-idUSBRE85K1EA20120621

From LinkedIn to eHarmony, Users Must Assume a Hack is Possible

This week we saw about 10 million passwords leak from LinkedIn.com, Last.fm, and eHarmony.com, and it started me thinking about the general issues of passwords, and keeping them safe.