The great prepender: W32/Nubys-A

2007-01-01

Robert Poston

Sophos, UK

Editor: Helen Martin

Abstract

W32/Nubys-A looked, at first glance, like a trojan downloader. However, most samples contained not one, but several legitimate PE files in the appended data. Samples with one appended executable would have suggested a prepending virus, but why several? Robert Poston makes sense of the conundrum.

The full article is available to registered users. Click here for free registration or, if you already are a registered user, login to access the full article.

Magazine


	January 2007 PDF Please register to download the PDF Comment Déjà vu all over again News Sony rootkit settlement costs escalate MMS mobile phone exploit released Malware prevalence report November 2006 Analyses Do the macarena The great prepender: W32/Nubys-A Feature The real motive behind Stration Insight From immunology to heuristics Call for papers VB2007 Vienna Product review Sophos Enterprise Security Spam Bulletin Government agencies take anti-phishing action UK anti-spam victory for Microsoft The TREC 2006 Spam Filter Evaluation Track See also Virus Bulletin archives How to become a subscriber Reprints

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB100 certification


	This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details. See full results.

Virus Bulletin currently has 224,243 registered users.

Fighting malware and spam

The great prepender: W32/Nubys-A

Robert Poston

PDF

Comment

News

Malware prevalence report

Analyses

Feature

Insight

Call for papers

Product review

Spam Bulletin

See also