The road less truvelled: W32/Truvel

2008-07-01

Peter Ferrie

Microsoft, USA

Editor: Helen Martin

Abstract

By the addition of a relocation table, Vista executables can be configured to use a dynamic image base. That essentially turns them into executable DLLs. Now a virus has come along that has made a ‘breakthrough’ by infecting these executables - or it would be a breakthrough if it weren’t for the fact that relocatable executables have been supported since Windows 2000. Peter Ferrie takes an indepth look at the buggy W32/Truvel.

The full article is available to registered users. Click here for free registration or, if you already are a registered user, login to access the full article.

Magazine


	July 2008 PDF Please register to download the PDF Comment A commitment to quality and reliability News IT heavyweights combine forces to fight cyber crime Liar, liar Fast flux trojan author to plead guilty Malware prevalence report May 2008 Virus analysis The road less truvelled: W32/Truvel Features New memory persistence threats Reversing Python modules Advertising database poisoning Product review Sunbelt Software VIPRE Antivirus + Antispyware Calendar Anti-malware industry events Spam Bulletin New best practices for ISPs Spear phishing – on the rise? See also Virus Bulletin archives How to become a subscriber Reprints

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB100 certification


	This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details. See full results.

Virus Bulletin currently has 224,243 registered users.

Fighting malware and spam

The road less truvelled: W32/Truvel

Peter Ferrie

PDF

Comment

News

Malware prevalence report

Virus analysis

Features

Product review

Calendar

Spam Bulletin

See also