Virus Bulletin - May 2012

Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editors: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding

2012-05-01

Abstract

AV: Mind the gap (comment); evilMule in kernel mode - an analysis of the network functionality (malware analysis); Like a bat out of hell (malware analysis); Malware design strategies for circumventing detection and prevention controls - part one (technical feature); Mobile banking vulnerability: Android repackaging threat (technical feature); VBSpam comparative review

Comment

AV: Mind the gap

‘Has AV run its course and is it time to move on?’ Chad Loeven, Silicium Security

Tim Armstrong - Kaspersky Lab, USA


News

Flashback cash

Flashback botnet estimated to have generated $10,00 per day.

Helen Martin - Virus Bulletin, UK


Religion riskier than pornography

Symantec threat report suggests religious sites more likely to be infected than pornographic sites.

Helen Martin - Virus Bulletin, UK


Malware prevalence report

March 2012

The Virus Bulletin prevalence table is compiled monthly from virus reports received by Virus Bulletin; both directly, and from other companies who pass on their statistics.



Malware analyses

evilMule in kernel mode – an analysis of the network functionality of Sirefef

Win32/Sirefef (a.k.a. ZeroAccess) is one of the most prevalent threats in the wild today. Its main component is a kernel-mode driver, which implements a kernel-mode P2P file distribution system to deploy new malware components and upgrade existing ones. Chun Feng describes the design and implementation of this P2P file distribution system.

Chun Feng - Microsoft, Australia


Like a bat out of hell

A polymorphic batch file appears to be a holy grail to some virus writers, perhaps because of how insanely difficult it is to produce one. In spite (or perhaps because) of the challenges, one virus writer has managed it with BAT/Lymer. Peter Ferrie picks apart the details.

Peter Ferrie - Microsoft, USA


Technical features

Malware design strategies for circumventing detection and prevention controls – part one

Aditya Sood and Richard Enbody discuss some of the different techniques that are used by present-day malware to circumvent protection mechanisms.

Aditya K. Sood - Michigan State University, USA & Richard J. Enbody - Michigan State University, USA


Mobile banking vulnerability: Android repackaging threat

From a security point of view, Android's openness is one of its down sides. Researchers Seolwoo Joo and Changyeon Hwang show how a repackaged mobile banking app can be used to steal users' banking credentials.

Seolwoo Joo - AhnLab Inc., Republic of Korea & Changyeon Hwang - AhnLab Inc., Republic of Korea


Comparative review

VBSpam comparative review March 2012

Spam catch rates dropped significantly in the last VBSpam test, and they did not recover ground this time - and although all (complete) products qualified for VBSpam certification, none of the products in this month's test met the requirements for the higher level VBSpam+ award. Martijn Grooten has the details.

Martijn Grooten - Virus Bulletin, UK


Calendar

Anti-malware industry events

Must-attend events in the anti-malware industry - dates, locations and further details.



Quick Links

Poll
Does your company allow you to use a personal laptop/mobile device to access company resources?
Yes, it's allowed
Yes, it's actively encouraged
No
I don't know
Leave a comment
View 2 comments

EC-council-boston

Malware Prevalence
Autorun |#######|
Encrypted/Obfuscated |#####|
Heuristic/generic |#####|
Sality |####|
Zbot |####|
 View this month's full report

Virus Bulletin currently has 225,307 registered users.