English
Français 
Deutsch 
Italiano 
日本語 
Русский 
Español 
Čeština 
polski 
Português 
Türkçe 
Ukrainian Archive
Unpacking the “Unitrix” malware
The “Unitrix” exploit takes several Unicode features designed for right-to-left languages and uses them to mask malicious executables as safe text or video files. Here is a short list of the main options.
We described Unitrix in a recent release Hackers flip filenames to create “safe” file extensions. But, this was just the start of the detective work. Analysis of this exploit showed that the hackers do not directly takeover the infected computers. Instead, they have a “pay per installation” network that provides outsourced infection and malware distribution services for other cybergangs – apparently based in Russia and the Ukraine – after giving each infected computer its own identification number. And, this gang has the ability to change the final payload thanks to its downloader: rootkit today, tomorrow something else.
We’ve titled this malware W32:Fivfrom. It’s a malware downloader which, after activation, connects to several distribution centers to download and install malware to the infected computer. We analyzed over fifty separate files, all of which initially looked quite different. But when we looked inside, Read more…
I swear, I didn’t write this rootkit
As of January 19, we have lived 25 years with malware. The first ever virus for the personal computer was written by two Pakistan brothers, Basit and Amjad Farooq Alvi. ©Brain was the name of this virus, it infected the MS-DOS FAT boot sector and it was harmless. This MBR rootkit just promoted their company with following text:
Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination...
Get avast! Free Antivirus or a „free“ upgrade with the Alureon rootkit
avast! Free Antivirus can be downloaded for free from our servers or from other download servers such as download.com, 01.fr and others. But why limit yourself to avast! Free Antivirus if there are other products available with additional functionality that can be downloaded for free?
At least, that is what some people are thinking. Read more…
What to imagine behind Win32:MalOb [Cryp]
Our users are sometimes confused what can some malware name mean. In fact – there are some names without an special meaning – they are mostly related to short-lived pieces of malware. Contrary to this daily stuff there are some malware families (long-lived, widespread or highly dangerous), which should have some unique name. One of the reasons could be the possibility of effective seeking through the results of search engines (check the difference when you type “Win32:Trojan-gen” and “Win32:Fasec” in your search engine). There’s not a mandatory naming convention applicable to all AV vendors. Our names contain these parts:
- platform (or file type) prefix
- malware name
- malware type
avast! on Twitter
avast! on Facebook