Messenger virus plagues Finland

There is a messenger virus in the wild now in Finland. It will try to get user to open a picture in strange-looking web site. But that picture is actually malware installer. After installation it will try to make other Messenger users to open pictures by using following sentences (translated from Finnish):
"Hi :) Are u here? :D", "Is this your pic?" ja "U were pretty drunk :D"

File names vary a lot. One of the names is photo95.JPG-www.msnimages.com.
Some of these files are hosted under .fi domains.

This is a newer variant of old Sdbot family, Backdoor.Win32.SdBot.ebp. That will make
computer controllable by attacker.

Mikko Hyppönen from F-secure thinks that trojan might have been made in Finland and that latest F-secure virus database will recognize that threat.

Banker trojan strikes back

I wrote like a month ago about banker
spreading widely in Finland.

Now another hot Russian lady, Tatjana, seeks for love in Finnish-written email but has a dangerous link included.

Domain originates this time to China.

Vulnerabilities in archive formats

University of Oulu in Finland has researched vulnerabilities in certain archive formats.

These formats are ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO.

Vulnerabilities can cause buffer overflow or even Denial-of-Service (DoS) against some server.

This problem is quite wide-ranged as archives are used eg. in backups, office programs and in different operating systems. List of vulnerable programs can be found
from link below.

Read more here

Banker trojan spread widely yesterday in Finland

Yesterday many Finns got a new kind of spam - this time in Finnish.

It warned of a radioactive cloud spreading from a nuclear reactor close to the Finnish city of Mikkeli.

Well, there is no nuclear power plant near Mikkeli so it didn't get much success ;)

Another version claims to be from a woman seeking love.

File needed to view pictures was actually a banker trojan targeted to Finnish online banks.

Read more here