Monthly Archives: November 2011
Android malware invasion – only time can tell
These days the debate about Android platform malware become more intense than ever. On one side the open source and public sector engineering manager at Google, Chris DiBona wrote an article at Google+ blog containing some incendiary sentences like: No major cell phone has a ‘virus’ problem in the traditional sense that windows and some mac machines have seen. There have been some little things, but they haven’t gotten very far due to the user sandboxing models and the nature of the underlying kernels. ………………………………. Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. …
TDL4 TDSS Bootkit gets improved
The improvements in the new TDL4 bootkit versions are suggesting that the original code was outsourced. For example in the older TDL4 versions the computer infection was initialized by infecting the Master Boot Record(MBR) of the hard disk with malicious code and the attempts to fix it were initially thwarted hooking and malforming the disk read-write operations. In the recent TDL4 versions, the bootkit does not infect the MBR anymore, instead it creates its own primary and hidden partition with a new improved virtual file system at the end of the hard disk, add an entry in the partition table pointing to it and mark it as active, that’s mean …
Antispyware 2011, the most credible fake anti-spyware
The keyword “antispyware” has around 2000,000 monthly searches in Google search engine and it’s obvious why nowadays when the security related websites are abundant with news about new computer trojans, new dangerous creations which have in fact a unique objective: not to delete Windows installation, not to take over the mouse and keyboard but to spy silently and unnoticed on the victim’s computers or networks, posing a huge risk for all non public data. If we search in Google for keyword “antispyware” the results are depending slightly on the searching preferences as locations and languages but always contains on the first page of results a link to http://www.antispyware.com . It’s …
Backdoor Buterat, a multipurpose trojan
The backdoor trojans from Buterat(Butirat according to Dr.Web security vendor) family appear two years ago on the scene and was improved by its creators with each version. The latest version added new features as self modifying the data in the PE header(the executable file first bytes) in order to modify its hash. This renders unusable or better said ineffective the identification based on file hashes and antivirus detection based on files signature is deceived packing the malware with modified version of UPX. More, it was added the capability to intercept the traffic generated by the main browsers(Internet Explorer, Mozilla Firefox, Opera) especially the requests sent to search engines like Google, …