ICSA Labs Security Testing Blog

Shamoon – a week later

Late last week, word surfaced about a new piece of malware that had apparently attacked an oil company by overwriting all or most files on a victim’s pc, and then overwriting the Master Boot Record. 

My initial reaction, upon looking at the code, was that it was:

Clickjackers still Chasing Facebook

A friend recently asked me to check whether a particular link was malicious, so I fired up my trusty sacrificial goat pc, and clicked the link in question.

I was taken to this page that on the surface looks a bit like a Facebook page…

DNS Changer Catch 22

In my last blog I talked about the DNS Changer and its impact on victims.  Today, the DNS Changer deadline has arrived, which means victims of DNS Changer are kicked off the Internet until they have their computer fixed. 

An obvious problem is this: Many people need software to fix their computers.

So you have a catch 22…
Those that need to fix their computer need software, but the software is on Internet sites they can’t get access.

Cloud Security: Not all Clouds are Created Equal

This was my initial response to a question posed by the panel moderator, Brad Gow at the NetDiligence Cyber Risk and Privacy Forum a few weeks back.  Our panel was focused on emerging technologies, and was comprised of myself, Tom Kellerman (Trend Micro), Mike Viscuso (Carbon Black), Brad Gow (Endurance Insurance), and Mark Teolis (

A Hidden Apple in the DNS Changer Sandwich

I wonder if I am following the right crowd on Twitter? Last week, I was inundated with a superabundance of tweets about battling DNS Changer. Sources everywhere warned that if you didn’t take steps soon, you could lose access to the Internet on Monday July 9th (i.e., today). With so many folks tweeting, blogging, and writing articles about the evils of DNS Changer, one might suspect that it’s a really big problem out there on the Internet...

Will Malware Knock Thousands Off the Internet?


DnsChanger deadline looming

The DnsChanger deadline is this coming Monday. In short, any personal computer infected by this DnsChanger malware will no longer be able to access the Internet until it is cleaned.   


Are You Being Followed?


No, you’re probably not being followed.  Or at least, let’s hope no one is following you.  And while there may not be a person keeping tabs on your whereabouts, you’re probably carrying something that can and often does keep track of you.  That something is your smart phone.  

The Flame Reality & Swiss Cheese Security

Two articles appeared overnight that got me thinking. The first is a Reuter’s piece that says Iran has discovered and preempted a “massive, new cyber attack”. No real details are available, so it might be so, or it might not. It might even just be talking about Flame. http://www.reuters.com/article/2012/06/21/us-iran-cyber-nuclear-idUSBRE85K1EA20120621

From LinkedIn to eHarmony, Users Must Assume a Hack is Possible

This week we saw about 10 million passwords leak from LinkedIn.com, Last.fm, and eHarmony.com, and it started me thinking about the general issues of passwords, and keeping them safe. 

EHR ADOPTION: Putting the Pieces Together

The U.S. health care system is undergoing a slow but steady technological revolution driven by the passing of the HITECH Act and the EHR Incentive programs that have resulted in thousands of eligible providers and hospitals implementing certified EHR technology products.

One of the chief characteristics of the incentive programs that drive adoption is that in order to obtain these incentives it is not enough to simply purchase certified technology. That technology needs to be used, and continued to be used in a way that will improve health care delivery.