Hello, welcome to the Tuesday, February 7th, 2017 edition of the Santan and Storm Center's

Stormcast. My name is Johannes Ulrich, and the time recording from Jacksonville, Florida.

Readers often send us files and then ask, well, is this file malicious or not? We really enjoyed

if people send it to us, but often there isn't

an easy solution to figure out if something is malicious or not, in particular if it's not

malicious. Typically, it's relatively easy to figure out. It's ransomware or something obviously

malicious, but then there are a lot of border cases like spyware, ad wear

that may be considered malicious by some people, but not so malicious by other people.

And I have an interesting example here that the reader submitted earlier today.

That actually turns out to be pretty certainly non-malicious. It's part of a Chinese office suite

that apparently gets pre-installed on some HP laptops, but for example, Avast still decided to

label this file as possibly malicious.

And if you do sort of a quick automatic reverse engineering on the file,

it turns out that it does send data to a remote site.

Well, that's what a lot of office suites do. It also is able to download additional components, of course, for auto update and the like,

and it does have access to, for example, your browser history.

All of this is considered often malicious behavior, but in this case, it's also in line with

what an office suite typically does as it interacts with the network and with the browser.

I have links to some of the analysis results in the diary, so if you want to check yourself how you

would characterize the file, take a look. And in vulnerabilities today, we have two remote denial of service attacks against the

OpenBSD HTTP server.

A little bit disappointing here because these are well-known denial of service conditions

...