The global impact of COVID-19 has been profound, and the public health threat it represents is the most serious seen in a respiratory virus since the 1918 H1N1 influenza pandemic. This report presents the results of epidemiological modeling which has informed policymaking in the UK and other countries in recent weeks.
972c8783670e8ae617a1b4285efe8a6db663ee2bdca09806ab2ea5bc268737e1This is a brief whitepaper that documents how the author analyzed malicious javascript and a host used for slinging fake antivirus software.
e26853153c11af3c368c496b92cb79cc809c59f6efe56f5c321aefba8a22855cIn this paper the author describes AV methods and focuses on how to fool antivirus emulation systems. They set themselves a challenge to find half a dozen ways to bypass AV dynamic analysis by using a fully undetectable decryption stub.
ac72453c0063b45b72cc8060aab4c417bf781a5eebbe61cae50fb5c93dc9c3c7By design, antivirus products introduce a vast attack surface to a hostile environment. The vendors of these products have a responsibility to uphold the highest secure development standards possible to minimize the potential for harm caused by their software. This second paper in a series on Sophos internals applies the results previously presented to assess the increased threat Sophos customers face. This paper is intended for a technical audience, and describes the process a sophisticated attacker would take when targeting Sophos users.
6e947610a5f61d4dfef968f6267c1b7f69d040adf4a3f5f08d7edf9ebe6f3000The Kindsight Security Labs Q3 2012 Malware Report examines general trends for malware infections in home networks or infections in mobile devices and computers connected through mobile adapters. The data in this report is aggregated across the networks where Kindsight solutions are deployed.
4358fac16115036cd5347643c7df24ea0a1c9963e8d996174c8561f908070ef5VirusScan Enterprise Antivirus product may have a bug (or a vulnerability) in its parser that can lead to wrong action status messages and reports, malicious file scan bypass, and name spoofing by adding the magic line to the beginning of the file header.
2245ea07c6a13e3cfa317e75e1bd13e79210f3bafacb32336208b8c41a1e3a8fThis malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.
8ace29513474b3ae5ebf23335d1c8782b885f19d4f5db31bcf348fcb6e7db1b8Whitepaper called Anti-Virus Evasion Techniques. Some of the techniques discussed are binding and splitting, converting exe to executable client side scripts, and performing code obfuscation/morphing.
a67e9dfc2edc6ef44c9c82a4132902d3b4329e23e0b4c682cc1ef2191fb41ee3This paper describes the results of a thorough examination of Sophos Antivirus internals. The author presents a technical analysis of claims made by the vendor, and publishes the tools and reference material required to reproduce their results. Furthermore, they examine the product from the perspective of a vulnerability researcher, exploring the rich attack surface exposed, and demonstrating weaknesses and vulnerabilities.
57ecb0848e5b99ef5678dc00d7aabb2718195a8bb23f387f2d5ff429df854455Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.
0305582fef0a334d0098bff6db770a8a71c665735a44588fdd53e7b219351d8cWhitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.
2c1afb10f1f364d84902aa704ae75b54b7d538279adb0348248fba3c6e22acf9Whitepaper called Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs.
3f05f130e949b1a5fbd06be19a49f90f6ff2127726c983f09433195a7f4d92adWhitepaper entitled "Anatomy of a Malware". A tutorial that was created to educate people on how a simple piece of malware works.
5172b6396a1d3bf6c98f00741dec0697cfc325806e2509483c51c1658ee514dcInteresting write up discussing the infection of Mach-O files including a link to the MachoMan virus.
9d69c3b4907c8e1936994a2ecc946ac572b798554a5137dca2538f08b0952d50While there are some easy ways of changing the antivirus signature of a program (packers, encryptors, etc), they may not always be viable options for those wishing to bypass antivirus applications. This paper will show how to locate the signature used to identify Netcat, and modify it so that the executable no longer matches Symantec's AV signature, without interfering with any of the program's functionality. This is an exercise in identifying and modifying sections of code (aka, signatures) that are used by antivirus programs to identify malicious code; the tools and techniques used here can be applied to any program that is marked as malicious by AV applications.
acfa9cdef5c30cd4848dccab719ac832c6ce65cf0aae70ef4dc41ad12ea37fd7Whitepaper entitled "Summary of Mobile Threat For Year 2005" that provides a detailed analysis of mobile malware and a full understanding of how such virii propagate. Also included is CalvinStinger.SIS which is a disinfection tool for the Symbian S60 platform.
e539c152ba59e2540ddc231887dd894606a4dec7b799c519d0ed06cee73a609cWhitepaper as well as presentation slides entitled 'Anti-Virus in the Wild' that were presented at the Virus Bulletin 2005 conference in Dublin, Ireland.
edc0b15a49a168b1ba8e246aa35f5afb2f575f8a05bab99c33acb9a984c4d3b8Brief analysis of the Bofra, aka MyDoom.AG/AH, worm that was first discovered circulating in the wild November 8th.
c523a041b3bc82189566ff9554e40f8715e7d4a5d1e9058a5fbee8335170bea2Full analysis of the Win32.Grams trojan. It differs from previous E-Gold phishing trojans in that it does not steal credentials instead uses the victim's own browser to siphon all the E-Gold directly from their account to another E-Gold account, using OLE automation. This would completely bypass all the new authentication methods financial institutions are using to thwart keystroke loggers/password stealers, because the trojan simply lets the user do the authentication, then takes over from there.
a7c9529c4a026a4b4e4bdc5504bca409a177465b073217315de3f57e6b4fec18Research on the various reactions of anti-virus software against decompression bombs. Has a thorough comparison chart and is definately a good read.
960bc488f2320ff76aabcaee668318043ab11705ecc667a76e5cb089b8ab5799White paper discussing methodologies for accessing internal networks using HTTP tunneling and tricking end users.
8dce9784b0590af718a606fd4452e9c8d12319c1f0f6545582ff6576e80b13f2The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.
57cd5ef7d31feb8239ee8ae7ded9fb8cb1f7f1a5dbf986711adc0ae6901f5733A detailed vendor analysis on Kaspersky's line of anti-virus products.
dcd5658f03d58162c654ec662ebc8ed80ff8aeaeb4082e994de480a9d8077dc0The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.
c3eab65349d14045e1c71e01c0eee10c930954db406d18e2ef4fb2c4edc148d3"Techniques a worm might use to be harder to locate" is a look at how worms may evolve to be harder to locate on a infected computer. It begins very simple to build up to some ideas that are quite complex. Includes example source code written in Perl.
007cc93f8790a53659368914af4edfb50070e6df7bd9611be2379803052a050f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed