This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.
69bc5bbf5b19339b58ee550bfdd3e451Whitepaper called Anti-Virus Evasion Techniques. Some of the techniques discussed are binding and splitting, converting exe to executable client side scripts, and performing code obfuscation/morphing.
237fb3a0b67c7a4a85044e46e2aa993aThis paper describes the results of a thorough examination of Sophos Antivirus internals. The author presents a technical analysis of claims made by the vendor, and publishes the tools and reference material required to reproduce their results. Furthermore, they examine the product from the perspective of a vulnerability researcher, exploring the rich attack surface exposed, and demonstrating weaknesses and vulnerabilities.
765ab9b1331b27bb4b61d2c897b3139fWhitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.
3916443ae896ac2816609b594d4e3753Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.
36054688bba7ebe7679c2a7ea52cb023Whitepaper called Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs.
81a46edfe56293f98cd90b87ec31be2aWhitepaper entitled "Anatomy of a Malware". A tutorial that was created to educate people on how a simple piece of malware works.
0c505de3a11f6f53a4679b6c0b100a10Interesting write up discussing the infection of Mach-O files including a link to the MachoMan virus.
f24ef57ac688b677b0d4207e5cbb650fWhile there are some easy ways of changing the antivirus signature of a program (packers, encryptors, etc), they may not always be viable options for those wishing to bypass antivirus applications. This paper will show how to locate the signature used to identify Netcat, and modify it so that the executable no longer matches Symantec's AV signature, without interfering with any of the program's functionality. This is an exercise in identifying and modifying sections of code (aka, signatures) that are used by antivirus programs to identify malicious code; the tools and techniques used here can be applied to any program that is marked as malicious by AV applications.
595c987f017f5351e9fbd2d609a5acc0Whitepaper entitled "Summary of Mobile Threat For Year 2005" that provides a detailed analysis of mobile malware and a full understanding of how such virii propagate. Also included is CalvinStinger.SIS which is a disinfection tool for the Symbian S60 platform.
1abc86f2a88b24e42e700d09e266e680Whitepaper as well as presentation slides entitled 'Anti-Virus in the Wild' that were presented at the Virus Bulletin 2005 conference in Dublin, Ireland.
2eb9fce04803b5a48cb675c3a107e235Brief analysis of the Bofra, aka MyDoom.AG/AH, worm that was first discovered circulating in the wild November 8th.
1ada5872347d870822aec9f3feb880b6Full analysis of the Win32.Grams trojan. It differs from previous E-Gold phishing trojans in that it does not steal credentials instead uses the victim's own browser to siphon all the E-Gold directly from their account to another E-Gold account, using OLE automation. This would completely bypass all the new authentication methods financial institutions are using to thwart keystroke loggers/password stealers, because the trojan simply lets the user do the authentication, then takes over from there.
595a24440e3a2c58515e37bc9c53b38eResearch on the various reactions of anti-virus software against decompression bombs. Has a thorough comparison chart and is definately a good read.
2e46ee8734eb62ab02051b6832e2d55bWhite paper discussing methodologies for accessing internal networks using HTTP tunneling and tricking end users.
ccd40eb358c1a868a3672f6b1af39a1aThe Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.
71a20160c5a66f2cabb26243a5d9bc0bA detailed vendor analysis on Kaspersky's line of anti-virus products.
a3fb0418877ad5b3027e97a141cf113fThe Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.
05d3c473e0046d473f4ea4763ac6d456"Techniques a worm might use to be harder to locate" is a look at how worms may evolve to be harder to locate on a infected computer. It begins very simple to build up to some ideas that are quite complex. Includes example source code written in Perl.
8283bc6a78e7a27bb5b76906b3f53bcaThe future of viruses and operating systems.
3db99393c0c1debcbdee9a0763ed6addAn overview and Analysis of the LOVE-LETTER-FOR-YOU virus/worm.
8dc04033153d7eb463b862dd23be672cTrojans: what they are, different kinds of trojans (RATs, keyloggers, password trojans etc') for Unix and Windows, how to look out for trojans and defeat them etc'. Everything you always wanted to know about trojans but were afraid to ask (in fear of appearing to be lame).
0f8e710a84fb9589d2a474cae91d55cdComputer Viruses as Artificial Life: A consideration of computer viruses as artificial life - self-replicating organisms
1ae4b7f4e2c8c0a58b24fec542d0949bFrequently Asked Questions on VIRUS-L/compvirus
7412ddeb7e54a0b7d2ed6a5c271b8a7bThe Internet Worm Program: An Analysis: A description of the algorithms used by the Internet Worm program of November 2, 1988
c0d479a69e22b9cccabb87e09c2c27d6
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed