Author Archives: John Barrett
The hashes, shortest way to verify suspected files
Without doubt, scanning files with multi-engine online scanners like virustotal.com gives us the most accurate results about the possibility for a file to be infected because this kind of service will scan the file not with only one AntiVirus, but with more than 40 AntiVirus engines and is one of the best way to assure our computer will not be infected with malware, always the prevention is better than cure. The only problem with such services is the necessary time to upload the file which require some time, especially when their service is overloaded. A quick solution to this is to install a small program called HashTab 3.0 , a …
Malicious code, types and trends–part 2
Trojans These days, we can see a dramatic upsurge computers infections with trojans, they are the preffered tools for hackers. As in the old legend with the Trojan Horse, this type of malware masquerades as a useful program or is hidden(binded) in a useful program, tricking the user to execute it, “as it is” or together with the program that carry it. A Trojan horse neither replicates nor copies itself, but the damages it brings to the computer are huge. Once installed in a system, it gives to the hacker the ability to download or upload and execute other malware in the compromised system, or ability to steal passwords, other …
Malicious code, types and trends–part 1
– Computer viruses are parasitic programs which are able to replicate themselves, attach themselves to other executables in the computer, and perform some unwanted and often malicious actions. A virus is not able to spread itself to another computers, some user actions are needed for it to infect a new computer. Downloading and running software from untrusted sources, inserting an USB drive without a previous scan–remember always disable the AutoRun feature for the drives as CD-ROMs, DVD-ROMs– , downloading and running emails or IM attachments even from known persons, can put you in the nasty situation to have an infected computer. Always when you deal with these situations and to …
A new attack method–Kernel HOok Bypassing Engine ?
Almost all of the AntiViruses uses for their operations kernel mode drivers, more specifically modify the SSDTs. SSDT stands for System Service Descriptor Table and contain addresses of routines (known as system services) that user mode code can invoke indirectly as a result of the special system call instruction. Controlling the SSDTs, results in controlling every transition from User Mode to Kernel Mode, and this is why they are preffered by AntiViruses for real time protection or self-defense operations . By modifying the adresses stored in the tables to point to their own routines called “hook functions” , the AntiViruses are able to perform various checks on calls made by …
Simple check of a suspicious file
A friend of mine send me a RAR archive containing an executable and a “crack’, telling me his antivirus gives him an alert when he tried to run the “crack”. He downloaded the file from a link posted on a blog, the file was hosted on a file sharing site and the question was if the antivirus alert is because of the name “crack” so if it’s a “false positive”. For who does not know, a “crack” is a small executable which is able to modify an applications executable to act like a registered (licensed) program and a “false positive” is a false virus alert of the antivirus. I’ve used …
Zeus Banking Trojan now targets Firefox as well as IE
In the multitude of trojans spreaded in the wild these days, a special category named banking trojans as Zeus, Bzub or Torpig deserves the name of the most dangerous trojans for online banking transactions. The most known and scaring is Zeus and his features include a Polymorphic Engine which make it able to re-encrypt itself each time he infects a computer, as a consequence the common detection methods based on virus binary signature are not for any help–each time the trojan has another signature. It’s true the Zeus trojan is around from 2005 year, but now he has new and scaring features. Until now, the trojan was able to hook …
General rules for preventing computer infections
-Always use an advanced security solution for your PC which must include at least a good AntiVirus, a good firewall and a Spam Filter; -Always update your Operating System, your Antivirus and your browser–very often the updates patch some vulnerabilities. -Never open an email received from an unknown person, or strange emails with strange subjects. Never run executables received by email attachements, even if it’s sent by a friend. His computer can be infected by a virus which read his Contacts entries saved in the computer or his emails from the Inbox and can send infected emails to all his contacts. And never ever reply to an email received from …
