Computer Antivirus Protection Software » malware

Malware abusing digital signatures: VB2010 presentation highlights

Antivirus-Protection — Tue, 12 Oct 2010 04:39:17 +0000

I recently presented my paper Want My Autograph? The use and abuse of digital signatures by malware at Virus Bulletin 2010. I will refrain from delving into the gory details of digital signatures heuristics that strongly indicate malware — those interested can refer to the paper for that information. I will however highlight one of [...]

Malware abusing digital signatures: VB2010 presentation highlights is a post from: Computer Antivirus Protection Software

Choose your FakeAV?

Antivirus-Protection — Sun, 26 Sep 2010 23:56:32 +0000

Today, at SophosLabs, we encountered another interesting rogue security software variant, Troj/FakeAV-BTN. When run, Troj/FakeAV-BTN poses as Microsoft Security Essentials Alert and detects only one file as “Unknown Win32/Trojan”. When user wants to remove this fake threat, this malware offers “Scan online” option. One of the interesting part of this rogue application is that the page displays [...]

Choose your FakeAV? is a post from: Computer Antivirus Protection Software

Cat ‘n Mouse with spammed HTML redirects.

Antivirus-Protection — Wed, 22 Sep 2010 16:05:34 +0000

The attackers behind the spammed HTML redirects I blogged about last week have been busy over the last few days. In an ongoing attempt to evade detection they have continually tweaked and changed the manner in which the redirect is being hidden. In this post I will take a quick look at the evolution of [...]

Cat ‘n Mouse with spammed HTML redirects. is a post from: Computer Antivirus Protection Software

Mal/PDFJs-Y: PDFs using getField

Antivirus-Protection — Fri, 17 Sep 2010 16:38:21 +0000

This week I have been putting the finishing touches to my presentation for the Virus Bulletin Conference in Vancouver later this month. While doing the research I have collected a large corpus of PDF files; the results of analyzing these files form the bulk of my presentation. In these last few days before the conference [...]

Mal/PDFJs-Y: PDFs using getField is a post from: Computer Antivirus Protection Software

Another mass-spammed redirect (leading to fake AV)

Antivirus-Protection — Fri, 17 Sep 2010 14:11:41 +0000

In what seems to be a fitting close to the week, today we have seen further waves of mass-spammed JavaScript redirects. Fairly typical social engineering is used in the email messages to entice the user into opening the attachment. Double-clicking the attachment will load the HTML file in the default browser and (depending on the browser security [...]

Another mass-spammed redirect (leading to fake AV) is a post from: Computer Antivirus Protection Software