Tuesday, August 15, 2006

Iranian Malware Update

Despite The Register publishing an article claiming that Iranian President Ahmadenijad's does not spread malware, it turns out I have been able to confirm this. Actually, the Register article headline claims it's false but the actual text of the article says no such thing:
"The most likely explanation is that there is some scripting on the site that, although not malicious, triggers an alert from Symantec's firewall software," said Carole Theriault, senior security consultant at UK-based net security firm Sophos.

"It is possible that malicious content has once been on the site, but has since been removed. It is also theoretically possible, though very unlikely in our opinion, that the malicious content targeted visitors from an Israeli address," she added.

So, it could have been there and been removed from the site or else hidden in code she can't find from the U.K. Not a convincing argument that it's all a hoax, is it?

I have lots of family and friends in Israel, including one information security expert, so I did check it out. Yep, the code was there. Is it still there? Nope. Was this real? Yep. Was it removed once this story spread across the blogosphere? Yep. FWIW, I doubt the madman of Iran is computer savvy enough to have done it for himself.

FWIW, I am writing this from a computer running Ehad Linux and the Hebrew version of Firefox 1.5.0.6.

Technorati Tags:

No comments: