Where should security reside? (comment); Noteven close (malware analysis); Tiny modularity (malware analysis); Malicious PDFs served by exploit kits (feature); Unpacking x64 PE+ binaries: introduction part 1 (tutorial); Quick reference for manual unpacking II (tutorial)
‘It seems logical that, in the future, security must move closer to the information.' Greg Day, Symantec.
US Justice Dept. releases details of two-year operation involving undercover carding forum.
FTC says data breaches occurred as a result of group failing to maintain reasonable security on its networks.
VB welcomes newest member of the team.
Malware prevalence report
The Virus Bulletin prevalence table is compiled monthly from virus reports received by Virus Bulletin; both directly, and from other companies who pass on their statistics.
Code virtualization is a popular technique for making malware difficult to reverse engineer and analyse. W32/Noteven uses the technique, but has such a buggy interpreter that it's a wonder the code works at all. Peter Ferrie has the details.
Researchers have found a small piece of malware capable of doing just as much as its bigger brothers. Raul Alvarez looks at the structure of the malware, its code injections and modular execution and describes how the tiny ‘Tinba’is capable of doing so much.
Although the PDF language was not designed to allow arbitrary code execution, implementation and design flaws in popular reader applications make it possible for criminals to infect machines via PDF documents. Didier Stevens explains how this is possible.
Aleksander Czarnowski describes some of the main differences between the PE and PE+ file formats from the perspective of the binary unpacking process.
By packing their malicious executables, malware authors can be sure that when they are opened in a disassembler they will not show the correct sequence of instructions, thus making malware analysis a more lengthy and difficult process. Continuing on from his earlier article on the subject, Abhishek Singh provides a quick reference guide for unpacking malware from some more of the most commonly used packers.
Despite a haul of 20 VBSpam awards and a VBSpam+ award, most of the products on test this month saw another increase in the percentage of spam they missed. Martijn Grooten has the details.
Must-attend events in the anti-malware industry - dates, locations and further details.
Virus Bulletin currently has 230,989 registered users.