All copy and paste makes Jack a bored boy

We recently came across what appeared to be a new sample, but was actually part of malware discovered in 2010. This new-old sample is built from publicly available source code and, like many of its kind, is frequently rebranded. Because of all the changes that malware authors have made, we have detection for each customized…

0

Happy Halloween from the MMPC

One of my pet peeves working in computer security has always been the use of emotive language. I have always felt that using highly emotive terms to discuss malware greatly adds to the already-considerable FUD (fear, uncertainty and doubt) that surrounds a lot of malware information. The FUD, in turn, leads users to think that this is…

0

MSRT October ’12 – Nitol by the numbers

As mentioned in our previous post, Microsoft’s study [PDF] behind Operation b70 found that PC consumers might be at risk of malware infection even with brand new computers, if the computers come pre-installed with counterfeit versions of Windows software. This is what happened to some consumers in China who purchased their computers from an untrusted supply chain….

0

Know your enemy – protect yourself

Of the many weapons and tricks in an attacker’s arsenal, none is more dangerous or insidious than the ability to hide and continuously compromise a system from within. This is the role of a rootkit. Malware uses rootkits, or rootkit functionality, in order to hide their presence on an affected computer and thus impede their…

0

MSRT October ’12 – Nitol: Counterfeit code isn’t such a great deal after all

Just recently, Microsoft shut down the command-and-control infrastructure (C&C) of Win32/Nitol malware – one of the most active DDoS-performing malware families today. The take down, dubbed as “Operation b70“, was a great success. To amplify its disruption, DDoS:Win32/Nitol was included in this month’s Malicious Software Removal Tool (MSRT) release. Microsoft’s study [PDF] behind Operation b70 found…

0

MSRT thwarts rogues with just one scan

Most rogue antivirus software displays an interface that is predominantly in English, with some presenting a few other European languages as well. However, this month one of the families added by MSRT is Win32/Onescan, a Korean fake antivirus scanner that is the most prevalent of the Asian language-based rogues.   Recently we noticed that several…

0

SIRv13: Be careful where you go looking for software and media files

The Internet is a great place to share; we share information, ideas, experiences, software, and media through many different services over the Internet. The Internet is also a great place to do business and to shop for great deals on software, movies, and music as well as other goods and services. Unfortunately, malware distributors take…

0

A Facebook scam, end to end

Just recently, I logged on to my Facebook account and saw that a couple of people on my Friends list had posted something about a free $250 gift card from Costco, similar to this: When you click the link, Facebook asks you if you’re sure that the link is not spam. If you choose “not…

0

ELAM Is Black and White

At the Virus Bulletin conference this year, there was a talk about the limitations and suggested enhancements for the Early Launch Anti-Malware (ELAM) environment. The main observation, complaint if you will, was that there is no way for an anti-malware (AM) engine to perform a deep scan. However, there is a very good reason for…

0

Malware signed with the Adobe code signing certificate

Last week, Adobe released an advisory (APSA12-01) announcing the upcoming revocation of an Adobe code signing certificate as it was compromised and used to sign at least two malicious utilities. They identified a compromised build server that required access to the code signing infrastructure and have forensic evidence that links it to the signing of…

0