19-August-10

Intel has just bought McAfee

Intel has just bought its neighbour in Santa Clara.

Well there’s a surprise. According to today’s Wall Street Journal it’s a done deal at $48/share (about £5bn). Paul Otellini (Intel’s CEO) has been saying that “security was becoming important” in addition to energy efficiency and connectivity. This lack of insight does not bode well.

I’ve been expecting something like this since Microsoft really got its act together with “Security Essentials”, its own PC virus scanner by another name. Unlike other PC virus scanners, Microsoft’s just sits in the background and gets on with the job without slugging the PC’s performance. Why would anyone stick with McAfee and Symantec products in these circumstances?

Whether PC virus scanners have much benefit in today’s security landscape is questionable, but at least the Microsoft one does no harm.

Intel has (apparently) paid about £5bn in cash for McAfee. I wonder if they’ve paid too much. It’ll generate revenue while lusers and luser IT managers are too scared to stop paying the subscription, but as anti-virus becomes built in to Windows this is going to dry up. I suspect McAfee was aware of this situation ad was moving on to mobile device security – not by developing anything itself, but by buying out companies that are.

When McAfee bought Dr Solomons in 1998, it was basically to pinch their technology for detecting polymorphic viruses and close down their European rival, which they did – everyone lost their jobs and the office closed. (Declaration of interest: Dr Solomons was a client of mine). Whether McAfee has any technology worth plundering isn’t so obvious, so presumably Intel is buying them as a ready-made security division.

McAfee does, of course, have some good researchers in the background – we all know the score.

* Filed by Frank at 14:42 under Technology
No Comments

17-November-09

New Botnet?

Over the last 24-hours I’ve intercepted several emails containing malicious attachments in .zip files. There’s nothing odd about that, expect these are coming from ‘clean’ IP addresess.

Is this a new Botnet, spreading fast?

Yesterday the subject was “your mailbox has been deactivated” and they pretended to come from the IT support team at your domain name. If you don’t have an IT support team it’s a bit of a giveaway. The message continued:

We are contacting you in regards an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility.

Best regards, technical support.

Today they’ve got the subject “Payment request from , where the company varies.

The full text is:

We recorded a payment request from "" to enable the charge of $ on your account.

The payment is pending for the moment.

If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as "".

If you didn't make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).

The interesting thing is that none of these have come from IP addresses that are currently listed as part of a botnet, known spam sources or anything. They're completely clean. I've no proof that the two attacks are related, but I'm suspicious.

If anyone has more parts to the jigsaw, please share them with a comment.

* Filed by Frank at 22:43 under Technology
* 1 Comment

Easy AdSense by Unreal