Virus Bulletin - March 2010

Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editors: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding

2010-03-01

Abstract

Why flash web pages are like collateralized debt obligations (comment); Doin' the eagle rock (malware analysis); BackDoor.Tdss.565 and its modifications (aka TDL3) (malware analysis); The 26C3 Congress of the Chaos Computer Club (conference report); Memory analysis - examples (tutorial); CA Internet Security Suite Plus 2010 (product review); VBSpam comparative review (comparative review)


Comment

Why flash web pages are like collateralized debt obligations

‘We're wasting more time than ever dealing with malware that is more hostile than ever.’ John Levine, Taughannock Networks.

John Levine - Taughannock Networks, USA


News

HMRC addresses security

Security to be prioritized to prevent future data losses.

Helen Martin - Virus Bulletin, UK


Microsoft tackles Waledac

Software giant wins court order to take down botnet command and control centres.

Helen Martin - Virus Bulletin, UK


Mcafee growth plan unveiled

Three to four acquisitions planned per year.

Helen Martin - Virus Bulletin, UK


Malware prevalence report

January 2010

The Virus Bulletin prevalence table is compiled monthly from virus reports received by Virus Bulletin; both directly, and from other companies who pass on their statistics.



Malware analyses

Doin’ the eagle rock

If a file contains no code, can it be executed? Can arithmetic operations be malicious? In W32/Lerock we have a file that contains no code, and no data in any meaningful sense. All it contains is a block of relocation items. Peter Ferrie untangles the mystery.

Peter Ferrie - Microsoft, USA


BackDoor.Tdss.565 and its modifications (aka TDL3)

New BackDoor.Tdss rootkits are sophisticated pieces of malware. Alexey Tkachenko and Artem Baranov detail the BackDoor.Tdss.565 rootkit - which presented surprises within minutes of the start of its analysis.

Alexey Tkachenko - Doctor Web, Russia & Artem Baranov - Doctor Web, Russia


Conference report

The 26C3 Congress of the Chaos Computer Club

Morton Swimmer reports on the information fest at the 26th Congress of the Chaos Computer Club.

Morton Swimmer - Trend Micro, USA


Tutorial

Memory analysis - examples

Following last month's introduction to memory analysis, Ken Dunham walks through the process using Haxdoor as an example.

Ken Dunham - iSIGHT Partners, USA


Product review

CA Internet Security Suite Plus 2010

The VB test team took a closer look at CA's latest product for the home market. John Hawes has the details.

John Hawes - Virus Bulletin, UK


Comparative review

VBSpam comparative review

VB is delighted to report that, for the first time, all 16 of the products in this month's test earned VBSpam certification. Martijn Grooten has all the details.

Martijn Grooten - Virus Bulletin, UK


Calendar

Anti-malware industry events

Must-attend events in the anti-malware industry - dates, locations and further details.



Quick Links

Poll
Does your company allow you to use a personal laptop/mobile device to access company resources?
Yes, it's allowed
Yes, it's actively encouraged
No
I don't know
Leave a comment
View 2 comments

Jobs Recruit Sidebar

VB100 certification
VB100 As expected, the annual VB100 test on Windows XP was an epic. A higher than usual pass rate was tempered by numerous stability issues with the products under test, prompting the unveiling of a new stability rating system. John Hawes has all the details.
See full results.

Virus Bulletin currently has 225,307 registered users.