What’s Travelling on the Wire (part 2)

Quite a while has passed since we started logging data about incoming attacks on an Internet-connected system and now we have gathered enough information to show the risks of exposing an unsecured computer on the Web. Let’s start with some data about the attacks, first where they originate from and later, what they are trying…

0

Rogue Antivirus – A Closer Look at Win32/Antivirusxp

Fake (or rogue) security applications have been a cause of confusion and problems for users for some years. These applications generally display fake warnings and malware detections in order to entice users to buy the  application and thus ‘disinfect’ their system. Over time, the mechanisms used to avoid detection and distribute these applications have become…

2

MMPC Encyclopedia Top 5: More Bancos

The following is a list of our top five most commonly viewed encyclopedia pages last month: TrojanSpy:Win32/Bancos.gen!A Program:Win32/Antivirus2008 Trojan:Win32/Vundo.gen!H Win32/Vundo Win32/Virtumonde The trends appear quite similar to the month prior: the most popular encyclopedia entry is still Bancos, and we still have several Vundo pages in the list. We covered Vundo last month, so I’ll…

0

Canada, Here We Come!

It’s late September. For any self-respecting anti-virus researcher this is the time of year when one thinks about the Virus Bulletin Conference. Am I going? Who else is going? Should we organize some extra meetings? When? Where?  Is my presentation ready? What’s the program? What will be the entertainment during the gala dinner? The closer…

0

Another Reason to Avoid Piracy

Earlier this month, our colleagues at the Online Services Security & Compliance Incident Management team were alerted to content on a Spaces page that was allegedly violating copyrights. The reporting party (a well-known band) was particularly concerned as this content was turning up on numerous web portals, having been leaked in Europe only 24 hours…

0

Win32/Slenfbot – Just Another IRC bot?

This month we added a new family of malicious IRC bots to MSRT – Win32/Slenfbot. IRC bots were all the rage a couple of years ago but have dropped off a little in recent times. In general, malware has both diversified and become more specialised, with many bad guys using custom communications protocols for backdoor…

0

Cleaning Over 10 Million IRC Bots

No one could have anticipated all the ways that Internet Relay Chat (IRC) would eventually be used when it was ‘created’ in Finland during the late 1980s. People really started picking up on IRC in the early 1990s, and as with virtually all popular technologies, it started to get abused. IRC enables a single user…

0

Life, the Universe, and Everything

In July, I wrote about two of the amazing new instructions in the SSE 4.2 set: CRC32 and PCMPxSTRx.  CRC32 is special because of its immediate application to obfuscated import resolution, a common technique among viruses and packers.  I said “the VX guys will probably be able to take advantage of it before AV guys…

0

Infected Hardware Myth or Reality?

Recently I stumbled across an interesting firmware – hardware contest hosted by the Polytechnic Institute of NYU. I’ve seen similar competitions run before – some promoting team work, some perhaps generating new ideas for hardware or firmware designs, some just wasting the participant’s efforts altogether. But not this time, this time it’s different. I’ll come…

0

Year Old Worm Weasels its Way Aboard I.S.S.

According to several reports across the ‘net, NASA revealed in a log report that a worm was discovered on some laptops aboard the International Space Station. The worm, known by some as Gammima which we call Worm:Win32/Taterf.gen!C, is at least a year old. NASA is known to perform experiments involving the order “Oligochaeta” whereas the…

1