Are you always sure that what you are downloading is safe? Every day, many of our users report “false positive alerts” to us. I use quotes, because most of them are actually malware. See the picture below. The reported “wrong-detection” is Win32:Ardamax-LV [Spy].
Ardamax is a well known legitimate keylogger, but the “bad guys” often use it to steal account information. In this case, keylogger is a part of some hack. This is the reason why 90% of antivirus programs detect this keylogger as suspicious (VirusTotal report).
So, do you put your trust in unknown web sources such as RapidShare, MegaUpload etc. or in your antivirus program?
Win32:Allaple was a succesful worm few years ago. There are some instances of the worm in the wild also now, but the first boom was notably higher. The payload is a nice piece of polymorphic code, let’s look how it looks and how it works.
Few Avast viruslab guys & developers attended 3rd CARO workshop in Budapest/Hungary. We found a bit of time to make a short visit of the historical center. Here are some pictures caught by my “faithful friend” Canon EOS 400D.