As of January 19, we have lived 25 years with  malware. The first ever virus for the personal computer was written by two Pakistan brothers, Basit and Amjad Farooq Alvi. ©Brain was the name of this virus, it infected the MS-DOS FAT boot sector and it was harmless. This MBR rootkit just promoted their company with following text:

Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination...

Their ©Brain rootkit included two things missing in current malware. First of all, it was harmless and secondly, they also provided their names and contact information.

I have made a lot of malware detections while working in the Virus Lab. Most people are happy when their avast! antivirus catches a new threat. But not everyone thinks so. There are a few people that, when they get a “virus detected” warning, even disagree and send us a “false positive alert”. These often come with comments such as “Actually, you don’t know what you’re doing” or “this is just patch for some program”.

A few days ago, my colleague that handles false positive alerts noticed a funny thing for me in the file for “banker ring 0” malware, a very popular rootkit in Brazil. Let’s see our FP report:

::23C9529678F7D18D0D9111C176B5C54CBDD53A3A99D6B846D9D002F7C6062674:
Detected by 10122900-
Dates 101230-
_points=19
_samples=19
blocks_o=100
filetype=win 32bit exe-dll
flen=7168
fnames.000=19x trs.sys
fp_emails=1
oripath=[Chest] C:\Windows\SysWOW64\drivers\trs.sys
pe_code_rank=3
pe_native=1
peid_packer=Custom packer
rpt_av5=Win32:Banker-HCQ [Rtk]

Nothing special for you, but it is for me. I’m Michal Trs … I swear, I didn’t write this rootkit .

•