Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Author Archive
April 29th, 2013

High profile site scares users

We come across a plenty of malware reports every day. Sometimes we have to deal with some special cases, where a respected vendor is involved. This time it was the Dell driver download site.

Download site

Download site

Read more…

Categories: analyses, Virus Lab Tags: ,
February 13th, 2013

Avast antivirus 2012 trial? No, just a scam

I don’t know what kind of curiosity leads people to the dark corners of the internet, when they want to obtain a new version of antivirus software. It’s somehow irrational to find security software at insecure places. But…. it happens.

FP submission

FP submission

As you can see, the file name is Avast_Antivirus_2012_Trial_Verion.exe – but it is definitely not a proper setup released by us. Here are some facts, that are worth remembering:

Read more…

November 26th, 2012

Sality: A Nasty Binary Tracked Down from Download.com

What a weird positive we’ve just spotted on CNET’s Download.com…

Win32:SaliCode blocked

Read more…

Comments off
September 6th, 2012

LookMyPC or InfectMyPC?

For those, who remember my article about the “immortal” virus: here’s a proof. LookMyPC is a software for remote support and similar tasks. It has an official web page with downloads, which is unfortunately a place, where you can meet Win32:Parite virus.

Parite is still with us

Read more…

Comments off
May 11th, 2012

Deeper and deeper

Don’t worry, we’re not gonna watch movies marked with an asterisk :P. However, from the malware analyst’s point of view, following lines might be somehow “spicy”. We’ll take a look at a suspected false positive promoted as a regular GameMaster setup. The file appeared in our FP submission system with an usual comment “it’s clean” or something like that, thus we can only guess that the file has not been obtained from official source.
Read more…

April 6th, 2012

Lazy Friday? Maybe next time

Some of you may think that Friday (especially the afternoon) is an informal prequel to the weekend relaxation. As such, it should be devoted to putting legs high up on the desk and drinking long drinks from a glass with a little umbrella. You know, no one wants to make some last-minute embroilment. But unfortunately, malware seems to never sleep. Due to that, Friday can provide us with interesting revelations.

Read more…

Categories: analyses, Virus Lab Tags: , , ,
January 29th, 2012

Unexpected Czech footprint

I’ve already seen many strange things inside malware packers, but there’s always something surprising. The latest time, it was during the analysis of packer used to wrap Zbot, LockScreen and similar binaries (detected under various MalOb-* [Cryp] names). There’s a block of allocated memory with a long list of names. But these names are not used for anything related to malware execution, they’re not visible to the user (unless you emulate/trace the sample), they have no special purpose. But why they are there? And where’s the Czech footprint?

Read more…

October 14th, 2011

Communicative malware writers

Do you remember Mystic compressor and its “shouts” to the world, especially to Sunbelt guys? I hope so, but just in case – here’s one screenshot:

greetings to Sunbelt

And now we’ve got a kind of response also from Morphex authors :-)

Read more…

Categories: analyses, Virus Lab Tags: , , ,
October 12th, 2011

Wanna have an older sister?

Do you feel lonely for an older sister? Now getting one is easier than ever before! All you need is a pen drive and to follow a few easy steps.

  1. get your own USB flash drive
  2. plug it wherever you can (preferably use public stations)
  3. repeat the previous point 2. as often as possible and wait until your older sister is “born”
  4. finally – plug your flash drive to your PC/laptop

What will happen next?

Read more…

September 13th, 2011

Three strikes and you’re out

Don’t worry, this article is not about baseball, something which I find boring (well, reading sporadic gossip from Virus Lab might be boring as well). We are talking about “unwise” people here. Frankly, I would like to use some harder adjective (unwise is a real euphemism), but it’s up to you to give them a proper name :-). So, let me show you the chain of events that resulted in these strikes — and let you make your own decision.

FP submissions

Read more…