Life, the Universe, and Everything

In July, I wrote about two of the amazing new instructions in the SSE 4.2 set: CRC32 and PCMPxSTRx.  CRC32 is special because of its immediate application to obfuscated import resolution, a common technique among viruses and packers.  I said “the VX guys will probably be able to take advantage of it before AV guys…

0

Infected Hardware Myth or Reality?

Recently I stumbled across an interesting firmware – hardware contest hosted by the Polytechnic Institute of NYU. I’ve seen similar competitions run before – some promoting team work, some perhaps generating new ideas for hardware or firmware designs, some just wasting the participant’s efforts altogether. But not this time, this time it’s different. I’ll come…

0

Year Old Worm Weasels its Way Aboard I.S.S.

According to several reports across the ‘net, NASA revealed in a log report that a worm was discovered on some laptops aboard the International Space Station. The worm, known by some as Gammima which we call Worm:Win32/Taterf.gen!C, is at least a year old. NASA is known to perform experiments involving the order “Oligochaeta” whereas the…

1

A Normal Day at the Office

(Never ending story…) We arrived a bit early at the office the other day. It was a beautiful sunny day, you know, typical weather when you have to work 😀 Soon after arriving, we stumbled upon what became an interesting case. It was an executable file that apparently was related to the DNS cache poisoning attack…

2

Current Events Spark Round of Malware

Attackers are busy monitoring current events so they can distribute malware that appears relevant, such as sending spam message containing links to malware with contextual references to the 2008 Olympics in Beijing, or other current events. We recently began receiving reports of a new spam run with an attached malicious password-protected .ZIP file. The message…

0

Manufacturing Fear

We’ve seen some particularly nasty malware recently that has prompted me to think about how people react to scare tactics and fear appeals. The kind of malicious software I’m thinking of in particular here is generally referred to as ‘rogue security software’, and it displays false and misleading messages regarding malware infections in order to…

1

Helpful Suggestions to Protect You From Game Password Stealers

Greetings, As you probably figured out from Matt McCormack’s post, and Jeff Williams’ post; there are a lot of Game PWS (password stealers) out there. I decided to do a post on how you might prevent these PWS from infecting your computer. 1. Run up-to-date antivirus software. I know us gamers hate the performance penalty…

2

Another Malware Rides the 2008 Olympics Wave

We recently noticed a new malware threat that is spreading via email. The email contains a malicious ‘CHM’ (Microsoft Compiled HTML Help) file attachment which displays a document about free speech and media freedom during the Olympics in Chinese and English when opened. We have added detection for this threat and named it ‘Backdoor:Win32/Xinia.B’. You…

0

MMPC Encyclopedia Top 5: Mostly Vundo

The following is a list of our top five most commonly viewed encyclopedia pages last month: TrojanSpy:Win32/Bancos.gen!A Win32/Vundo Trojan:Win32/Vundo.gen!H Trojan:Win32/Vundo.gen!P Win32/Alcan It looks like our readers are really interested in Win32/Vundo, also known as Win32/Virtumonde. Of the 5 most popular malware encyclopedia entries last month, 3 of them are Win32/Vundo related (2, 3, and 4). We…

0

Malware rides the wave of 2008 Beijing Olympics

The great anticipation that awaited the Olympics is matched by the anticipation for malware to make use of the event to infect users.  The first executable malware taking advantage of this event has also arrived.  The malware is disguised as a screen saver named “2008BeijingOlympics.scr”. When you run the program, it actually displays some nice pictures…

1