Virus Bulletin - May 2010

Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editors: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding

2010-05-01

Abstract

The best of... (comment); Anti-unpacker tricks - part eight (technical feature); TDSS infections - quarterly report (feature); Adapting to TxF (feature); Exploit kit explosion - part two: vectors of attack (tutorial); VBSpam comparative review (comparative review)

Comment

The best of...

‘[The security industry] has made great strides in attempting to get information across to the general populace in a palatable format..’ Helen Martin, Virus Bulletin

Helen Martin - Virus Bulletin, UK


News

Acquisitions, sales and rumours

Symantec makes purchases, Sophos sells majority interest and rumours rumble about McAfee.

Helen Martin - Virus Bulletin, UK


Cyber Security Challenge challenged by vulnerability

XSS vulnerability in site of project aimed at plugging cyber security skills gap.

Helen Martin - Virus Bulletin, UK


Malware prevalence report

March 2010

The Virus Bulletin prevalence table is compiled monthly from virus reports received by Virus Bulletin; both directly, and from other companies who pass on their statistics.



Technical feature

Anti-unpacker tricks – part eight

Last year, a series of articles described some tricks that might become common in the future, along with some countermeasures. Now, the series continues with a look at tricks that are specific to debuggers and emulators.

Peter Ferrie - Microsoft, USA


Features

TDSS infections – quarterly report

The TDSS/TDL rootkit is the cause of many a headache for anti-virus vendors. Here, Alisa Shevchenko presents a report and analysis of statistics collected from the users of a TDSS removal tool during the first quarter of 2010.

Alisa Shevchenko - eSage Lab, Russia


Adapting to TxF

Abhijit Kulkarni and Prakash Jagdale discuss why most real-time anti-virus scanners are ineffective at detecting malware written using the TxF facility and propose a working solution for the problem.

Abhijit P. Kulkarni - Quick Heal Technologies, India & Prakash D. Jagdale - Quick Heal Technologies, India


Tutorial

Exploit kit explosion – part two: vectors of attack

After introducing a multitude of exploit frameworks used in drive-by browser-based attacks in his last article, this month Mark Davis details the functionality of frameworks, focusing on attack vectors (exploits) and counter-intelligence efforts.

Mark Davis -


Comparative review

VBSpam comparative review

On the first anniversary of the VBSpam comparative review VB's team tested a record 20 full anti-spam solutions, together with one reputation blacklist. The number of VBSpam awards earned also reached a record high of 18. Martijn Grooten has the details.

Martijn Grooten - Virus Bulletin, UK


Calendar

Anti-malware industry events

Must-attend events in the anti-malware industry - dates, locations and further details.



Quick Links

Poll

When do you install software updates?
As soon as they are released
As soon as I have some time
I take my time, but I always install them eventually
Only when I feel it is absolutely necessary
Never
Leave a comment
View 12 comments
Jobs Recruit Sidebar
Twitter Feed

virusbtn: RT @emailsecmatters: The typical spam message has sources as diverse as the spam lunch meat: http://ht.ly/2yucd
1 hour ago

virusbtn: Can anyone write a rap about our RAP tests (http://bit.ly/255ySQ) and submit it to the Symantec competition http://bit.ly/bOJg8r
5 hours ago

VB2010

VB2010 VB2010 will take place 29 September - 1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada.
Virus Bulletin currently has 208,221 registered users.