Virus Bulletin - October 2010


Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editors: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding

2010-10-01


Comment

Changing times

‘Ten years ago the idea of malware writing becoming a profit-making industry simply wasn’t on the radar.' Helen Martin, Virus Bulletin

Helen Martin - Virus Bulletin

News

Overall fall in fraud, but online banking losses rise

Leading trade association reveals that banking and credit card fraud in the UK fell overall in 2009, with a decrease in all areas apart from online banking.

Helen Martin - Virus Bulletin, UK

Cybersecurity Awareness Month

Seventh National Cybersecurity Awareness Month in the US.

Helen Martin - Virus Bulletin, UK

Dip in Canadian Pharmacy spam

Levels of Canadian Pharmacy spam drop following closure of notorious spam affiliate.

Helen Martin - Virus Bulletin, UK

Malware prevalence report

August 2010

The Virus Bulletin prevalence table is compiled monthly from virus reports received by Virus Bulletin; both directly, and from other companies who pass on their statistics.


Malware analyses

It's just spam, it can't hurt, right?

One nice summer’s day, emails started flooding into Gabor Szappanos's mailbox with a spam-like message and a suspicious-looking attachment. The messages promised news on the latest FIFA World Cup scandal, so he took a look. In fact, the messages were not only distributing spam, but also members of the Bredolab family, and were doing so using the infamous Gumblar distribution architecture. Gabor describes the working of the attack.

Gabor Szappanos - VirusBuster, Hungary

Rooting about in TDSS

During the course of their research into the TDSS rootkit, Aleksandr Matrosov and Eugene Rodionov developed a universal utility for dumping the rootkit’s hidden file system. Here they provide the details [1]

Aleksandr Matrosov - ESET, Russia & Eugene Rodionov - ESET, Russia

Technical feature

Anti-unpacker tricks – part thirteen

Last year, a series of articles described some tricks that might become common in the future, along with some countermeasures. Now, the series continues with a look at tricks that are specific to the IDA plug-in, IDA Stealth.

Peter Ferrie - Microsoft, USA

Feature

On the relevance of spam feeds

Claudiu Musat and George Petre explain why spam feeds matter in the anti-spam field and discuss the importance of effective spam-gathering methods.

Claudiu Musat - BitDefender, Romania & George Petre - BitDefender, Romania

Review feature

Things to come

New anti-malware companies and products seem to be springing up with increasing frequency at the moment, many reworking existing detection engines into new forms, adding new functions, as well as several that are working on their own detection technology, aiming to take on the entrenched big names at their own game. John Hawes take a quick look at a few of the up-and-coming products which he expects to see taking part in the VB100 comparatives in the near future.

John Hawes - Virus Bulletin, UK

Comparative review

VB100 – Windows Server 2003

This month the VB test team put 38 products through their paces on Windows Server 2003. John Hawes has the details of the VB100 winners and those who failed to make the grade.

John Hawes - Virus Bulletin

Calendar

Anti-malware industry events

Must-attend events in the anti-malware industry - dates, locations and further details.


 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.