Virus Bulletin - August 2011


Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editors: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding

2011-08-01

Comment

Google+, privacy and the human brain

‘In the security industry we know the dangers of sharing personal information and we never stop warning about it.' Luis Corrons, Panda Security.

Luis Corrons - Panda Security, Spain

News

VB2011 call for last-minute papers

Submissions invited for last-minute presentations at VB2011 in Barcelona.

Helen Martin - Virus Bulletin, UK

Erratum: VBSpam comparative July 2011

Setting the record straight.

Helen Martin - Virus Bulletin, UK

Phisher gets 12 years+ in jail

Phisher gets his comeuppance after stealing information from more than 38,000 victims.

Helen Martin - Virus Bulletin, UK

Malware prevalence report

June 2011

The Virus Bulletin prevalence table is compiled monthly from virus reports received by Virus Bulletin; both directly, and from other companies who pass on their statistics.


Malware analyses

Frankie say relax

The idea of a virus carrying (or calculating) a relocation table allows virus writers to use a high-level language and high-level APIs without having to perform tricks with position dependence. Peter Ferrie details two such viruses, Linux/Relax.A and Linux/Relax.B.

Peter Ferrie - Microsoft, USA

SpyEye bot – aggressive exploitation tactics

As a follow-up to their article on the SpyEye malware infection framework, Aditya Sood and colleagues discuss the SpyEye bot and the tactics it uses for stealing information from victim machines.

Aditya K Sood - Michigan State University, USA, Richard J Enbody - Michigan State University, USA & Rohit Bansal - SecNiche Security, USA

Features

A new trend in exploitation

Recently, a new type of exploitation technique has been observed that makes use of improper implementation of protocol specifications. This type of exploitation requires a different type of analysis from the more traditional classes of exploitation. Abhishek Singh and Johnathan Norman explain why.

Abhishek Singh - Alert Logic, USA & Johnathan Norman - Alert Logic, USA

IPv6 mail server whitelist declaring war on botnets

Thanks to the introduction of IPv6, spammers will have access to a much larger pool of unique IP addresses, making it almost impossible for anti-spam companies to maintain useful blacklists. The ‘IPv6whitelist.eu’ was founded to try to solve this problem. The project assumes that all computers send out spam, unless they have been registered on the whitelist. One of the project's co founders, Dreas van Donselaar, explains more.

Dreas van Donselaar - SpamExperts, The Netherlands

Relock-based vulnerability in Windows 7

Through analysis of an old piece of malware, researchers at the University of Verona have found unexpected vulnerabilities in Windows 7 and have demonstrated that with some slight tweaks, W32/Relock will run smoothly on the latest OS.

Andrea Fortunato - University of Verona, Italy, Marco Passuello - University of Verona, Italy & Roberto Giacobazzi - University of Verona, Italy

Comparative review

VB100 Comparative review on Windows Vista X64

This month's VB100 tests on Windows Vista proved to be something of a marathon for the VB test team, with several of the 48 products on test misbehaving - causing crashes, blue screens and system slowdowns. John Hawes has all the details and reveals which products achieved VB100 certification.

John Hawes - Virus Bulletin

Calendar

Anti-malware industry events

Must-attend events in the anti-malware industry - dates, locations and further details.


 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.