Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Malware

New BIOS attack renders antivirus useless

by Shanmuga

"A new form of attack that installs a rootkit directly onto a computer’s BIOS system would render antivirus software useless researchers have warned. Alfredo Ortego and Anibal Sacco of Core Security Technologies explained that the attack was possible against almost all types of commonly used BIOS systems in use today.

Read the full article →

Analysis of Conficker C

by Shanmuga

"Variant C represents the third major revision of the Conficker malware family, which first appeared on the Internet on 20 November 2008. C distinguishes itself as a significant revision to Conficker B. In fact, we estimate that C leaves as little as 15% of the original B code base untouched… Whereas the recently reported B++ […]

Read the full article →

The lifecycle of a trojan horse

by Shanmuga

carrumba over at Megapanzer gives a good overview of the lifecycle of a trojan horse, he writes "What a trojan horse needs first are its configuration settings. The information it knows what to do once it is executed on the target system. At this point we have to know the trojan horse is divided into […]

Read the full article →

Massive Profits Fueling Rogue Antivirus Market

by Shanmuga

"One service that exemplifies a very easy way these bad guys can make this kind of money is TrafficConverter.biz, one of the leading "affiliate programs" that pays people to distribute relatively worthless security software. Affiliates are given a range of links and Javascript snippets they can use to embed the software in hacked and malicious […]

Read the full article →

Conficker.C primed for April Fool’s activation

by Shanmuga

"CA (formerly Computer Associates) has published an extensive guide to Conficker.C, which includes information on its attack vectors, behavioral analysis, and how to tell if the "C" variant of Conficker is running on your system. This last part could pose a challenge—unlike previous versions, C adopts what DeBolt refers to as a "defensive stance" and […]

Read the full article →

Latest Conficker worm gets nastier

by Shanmuga

"The authors of the latest variant of the Conficker worm are upping the ante against security vendors who are working to stop the spread and threat of the persistent program. Conficker.C shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan.

Read the full article →

Spyware Guard 2008 Fraud Unabated

by Shanmuga

Benjamin Googins a senior engineer working on CA’s Anti-Spyware product has blogged about the installation and operation of Spyware Guard 2008. "On a daily basis I see or hear about people (a lot of people) who are duped into buying fake security software that was installed on their PC. The distributors of this ‘rogue’ software […]

Read the full article →

Google developer site being used to distribute malware

by Shanmuga

"Google’s free code-hosting Web site for developers is being used to distribute malware, a security researcher said on Friday. Google Code is a place where programmers can host projects and code.

Read the full article →

OSX.Lamzev.A – An OS X malware

by Shanmuga

A new trojan for the OS X has been discovered. When the Trojan is executed, it creates the following file: /Applications/ezmal

Read the full article →

VirusTrigger Analysis and Removal

by Shanmuga

VirusTrigger is a new entrant to the ever growing family of rogue security software products. A clone of the rouge Antivirus Lab, the software and their Website is very professional in design and uses a variety of aggressive scare messages about non-existent malware infections.

Read the full article →

Anti-malware Testing Guidelines Published

by Shanmuga

"The Anti-Malware Testing Standards Organization has published a set of best practices and guiding principles for testing security software. Call it a much-needed first step.

Read the full article →

WinDefender 2009 Analysis and Removal

by Shanmuga

WinDefender 2009 is one of the recent rogue security software. A variant of the rogue IE Defender and Total Secure it deceptively looks similar to Windows Defender, a legitimate Microsoft anti-malware program. A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use […]

Read the full article →

25 years of the computer virus

by Shanmuga

"A stressed e-mail from a friend once read: "A worm has just eaten my kid!" Thankfully, the message was not referring to infanticidal earthworms, but rather to a type of computer virus, a "worm", that had just infected some files (known as KID files) on his computer.

Read the full article →

Malware Detection Goes Hybrid

by Shanmuga

"What do we do about malware? The long term solution, at least for managed networks like enterprises, may be whitelisting. But in the meantime we’re still drowning in new variants every day. In the 2009 generation of their products Symantec is trying a new approach: file reputation.

Read the full article →

New Malware Family Took Off in October

by Shanmuga

"According to Sunbelt Software’s monthly listing of the most ubiquitous malware and spyware attacks, an entirely new family of threats emerged rapidly during October.

Read the full article →

Spyware Guard 2008 Analysis and Removal

by Shanmuga

Spyware Guard 2008 is a new entrant to the family of rogue security software. It is not to be confused with SpywareGuard a fine freeware from Javacool software. A rogue security software belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure […]

Read the full article →

Spyware then and now

by Shanmuga

Google brought back its oldest available index from the year 2001 on the occasion of its 10th birthday. It brought back certain nostalgic memories…I was into my second PC, a Compaq. That was the year I first got the internet connection at home through a 56kbps dial-up connection and that was the year I truly […]

Read the full article →

Antispyware Pro XP Analysis and Removal

by Shanmuga

Antispyware Pro XP or Anti spyware Pro XP is one of the many variants belonging to the family of rogue security software. The following is an account of my experience with this rogue.

Read the full article →

XP/Vista Antivirus 2008 Analysis and Removal

by Shanmuga

This rogue anti-malware application mostly installs via encoded re-directs from hacked web pages. When you happen to visit a hacked web page on a otherwise legitimate website your browser is automatically redirected to a rogue ware hosting website which shows a popup with a the text “Your computer is running slower than normal, maybe it […]

Read the full article →

Fake XP SecurityCenter Analysis and Removal

by Shanmuga

XP SecurityCenter is rogue antimalware application installed through dubious means like a link in a spam mail or through a link in a hacked website. It’s look-alike of the legitimate Windows Security Center and it does what other rogue antimalware apps do that is to scare the unfortunate victim by throwing various pop-up messages about […]

Read the full article →

Researchers Build Malicious Facebook Application

by Shanmuga

"The researchers developed an application called "Photo of the Day," which serves up a new National Geographic photo daily. But in the background, every time the application is clicked, it sends a 600 K-byte HTTP request for images to a victim’s Web site.

Read the full article →

Malware: Rootkit evolution

by Shanmuga

"This article focuses mainly on Windows rootkits – they are the most numerous, they are continuing to evolve, they pose a serious threat for users and because Windows is the most popular OS today, they are widely used by virus writers.

Read the full article →

Antivirus 2009: Analysis and Removal

by Shanmuga

This post analyzes the installation method of a rogue antivirus application Antivirus 2009 and its effective removal as observed by me. Antivirus 2009 is a fake antivirus application, designed to scare the users with fake alert screens about non-existent and often misleadingly named threats found on your system. When the user tries to clean the […]

Read the full article →