Malware


Drive By Download Sites Using New Tricks To Avoid Detection

Amid an increase in defacements of legitimate websites over the past few weeks, Fraser Howard, a researcher from Sophos, has discovered that the groups behind the attacks are increasingly using sophisticated filtering and dynamic content to avoid detection by search engines and web filtering firms.


By Alex GostevFirst of all, we feel it necessary to clarify some of the confusion surrounding the files and their names related to this incident. To get a full understanding of the situation you only need to know that we’re talking about just two malicious programs here (at a minimum) – the main module and a keylogger. All that has been mentioned in last 24 hours about connections between Duqu and Stuxnet is related mostly to the first one – the main module.

The last couple of years have seen a rise in the volume of malware targeted specifically at various mobile operating systems, including Android, iOS and Symbian. Getting a handle on exactly how much of that mobile malware is actually infecting users has been a bit difficult, but Microsoft researchers have found that many mobile malware samples also show up on the desktop for various reasons, giving them a view into the prevalence of malware on key platforms.

To hear many of the leading computer security experts, Tuesday, October 18 was “D-Day,” with the “D” standing for “Duqu,” a new piece of malware that virus experts were tripping over each other to call “Stuxnet 2.0.” “Stuxnet Clone ‘Duqu’ Possibly Preparing Power Plant Attacks” read a headline on the Website of Foxnews, summing up the air of hysteria surrounding the new malware. But less than a day later, questions are being raised about the purpose and threat posed by the new malware.

By Tillmann WernerAbout two weeks ago, the German Chaos Computer Club (CCC) has published an analysis report of a backdoor trojan that they claim had been used by German police during investigations in order to capture VoIP and IM communication on a suspect’s PC. Our friends over at F-Secure published a blog post last week where they wrote about another file that, according to them, seemed to be the dropper component of the trojan. They were kind enough to share the MD5 hash of the file, so we could pull it from our collection. Stefan and I took a closer look.

Mac-based malware is still a relatively rare occurrence when compared to the flood of malicious programs aimed at Windows. But, it appears that the attackers who are creating the more recent Mac malware either have experience writing Windows-based malware or are simply paying close attention to what’s been working for Windows malware for all of these years. The latest evidence of this being the discovery that the Flashback Mac Trojan has the ability to overwrite the Mac’s built-in anti-malware component and prevent it from updating.