The great prepender: W32/Nubys-A

2007-01-01

Robert Poston

Sophos, UK
Editor: Helen Martin

Abstract

W32/Nubys-A looked, at first glance, like a trojan downloader. However, most samples contained not one, but several legitimate PE files in the appended data. Samples with one appended executable would have suggested a prepending virus, but why several? Robert Poston makes sense of the conundrum.

Copyright © 2007 Virus Bulletin

The full article is available to registered users. Click here for free registration or, if you already are a registered user, login to access the full article.

Poll

Do you use the same password(s) across multiple websites?
I use the same password for all sites
I have a number of passwords but use the same for some sites
I use a different password for each site
I don't sign up to any sites that require a password

Leave a comment
View 4 comments
Jobs Career Sidebar

VB2010

VB2010 VB2010 will take place 29 September-1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada. Early bird discount available until 15th June 2010.
Virus Bulletin currently has 190,989 registered users.