This article in Le Monde caught my eye today: Australie : pas d’antivirus, pas de connexion à Internet. It concerns a report, published on June 21st by the Australian Standing Committee on Communications, in which the following recommendation is proposed: “… la coupure de l’accès à Internet si l’usager dispose d’un ordinateur infecté par un programme malveillant, ou si la base de [...] [...more]
Troj/BHO-QP is a rogue Browser Helper Object (BHO) which masquerades as a Flash Player extension from Microsoft, when in fact the BHO is a backdoor agent installed alongside QQ game automation freeware. The BHO has been seen installed as a file named directdbres.dll. The DLL spoofs Microsoft product information and is registered as “FlashPlayer.Class” component — [...] [...more]
Yesterday, I found a sample of Symbian malware while I was working on generic stuff. This kind of malware is quite difficult to spot, so today we are going to analyze this sample, which targets Symbian based smartphones. This malware spreads via a SIS file, which is a sort of archive, so first of all, let’s [...] [...more]
Some malware authors tend to be tricky to break detections based on static signature matching. So they scramble the malware code in a way that they consider to be useful to save the malware from being detected. So here we have a Java malware, which is trying to evade detection. Let’s take a look at [...] [...more]
Don’t you hate spam? It’s a nuisance, but not anything you really need to worry about, is it? I mean, it’s not like you ran an executable, you just found yourself somewhere trying to sell you Viagra, no harm done, right? Wrong - one recent campaign in particular highlights this fact. Graham’s been talking about spam [...] [...more]
You may remember in August last year SophosLabs blogged about XProtect and how it can protect you from Mac malware. Earlier, this year Graham blogged about OSX/Pinhead-B a backdoor for OSX. The update schedule for Snow Leopard has been: 10.6 - August 28, 2009 (release date) 10.6.1 - [...] [...more]
We’re currently seeing a limited-volume run of spam messages linking to a zip file containing Zbot/Zeus malware. The messages purport to be from the Department of Homeland Security, the Pentagon, or the Transportation Security Administration. The subjects of the spam messages we’ve seen so far are: (U) Transportation Security Administration FOR OFFICIAL USE ONLY RE:Al-Qaeda in the Arabian Peninsula [...] [...more]
As virus analysts, we’re used to seeing lots of inane quotes hidden in malware. These days, they can range from everything to anything. One malware author thought it funny to include Chuck Norris in his malware creations. Yes, Chuck Norris, the guy from the former TV series, Walker, Texas Ranger and the insanely bad Delta Force and [...] [...more]
It seems our friends over at ESET NOD32 have received a message that most people wouldn’t even notice. While doing some digging into SEO poisoned pages I was looking at the source code of the main FakeAV portal pages and noticed the following text in the CSS code. It’s interesting to see malware authors communicating with [...] [...more]
Last week, I blogged about the fact that the Jerusalem Post being infected. Several subsequent articles were published about this threat (1, 2 and 3). Yesterday, I notified my colleagues in our Italian office that the website of the football (soccer) club AS Roma was infected. My colleagues contacted AS Roma yesterday and today, and were [...] [...more]
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Feb | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
