Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘rootkit’
September 7th, 2011

Unpacking the “Unitrix” malware

The “Unitrix” exploit takes several Unicode features designed for right-to-left languages and uses them to mask malicious executables as safe text or video files. Here is a short list of the main options.

We described Unitrix in a recent release Hackers flip filenames to create “safe” file extensions. But, this was just the start of the detective work. Analysis of this exploit showed that the hackers do not directly takeover the infected computers. Instead, they have a “pay per installation” network that provides outsourced infection and malware distribution services for other cybergangs – apparently based in Russia and the Ukraine  – after giving each infected computer its own identification number. And, this gang has the ability to change the final payload thanks to its downloader: rootkit today, tomorrow something else.

We’ve titled this malware W32:Fivfrom. It’s a malware downloader which, after activation, connects to several distribution centers to download and install malware to the infected computer.  We analyzed over fifty separate files, all of which initially looked quite different. But when we looked inside, Read more…

January 18th, 2011

I swear, I didn’t write this rootkit

As of January 19, we have lived 25 years with  malware. The first ever virus for the personal computer was written by two Pakistan brothers, Basit and Amjad Farooq Alvi. ©Brain was the name of this virus, it infected the MS-DOS FAT boot sector and it was harmless. This MBR rootkit just promoted their company with following text:

Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination...

Read more…

Categories: lab, Virus Lab Tags: ,
March 1st, 2010

Get avast! Free Antivirus or a „free“ upgrade with the Alureon rootkit

avast! Free Antivirus can be downloaded for free from our servers or from other download servers such as download.com, 01.fr and others.  But why limit yourself to avast! Free Antivirus if there are other products available with additional functionality that can be downloaded for free?

At least, that is what some people are thinking. Read more…

Categories: Virus Lab Tags: , , ,
July 29th, 2009

What to imagine behind Win32:MalOb [Cryp]

Our users are sometimes confused what can some malware name mean. In fact – there are some names without an special meaning – they are mostly related to short-lived pieces of malware. Contrary to this daily stuff there are some malware families (long-lived, widespread or highly dangerous), which should have some unique name. One of the reasons could be the possibility of effective seeking through the results of search engines (check the difference when you type “Win32:Trojan-gen” and “Win32:Fasec” in your search engine). There’s not a mandatory naming convention applicable to all AV vendors. Our names contain these parts:

- platform (or file type) prefix

- malware name

- malware type

Read more…

Categories: lab Tags: , , ,