As of January 19, we have lived 25 years with malware. The first ever virus for the personal computer was written by two Pakistan brothers, Basit and Amjad Farooq Alvi. ©Brain was the name of this virus, it infected the MS-DOS FAT boot sector and it was harmless. This MBR rootkit just promoted their company with following text:
Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination...
We would reach 3 millions of detections in our virus database (VPS) this week, but … this huge number means that when you put all the detections together, there is no difference between sophistical algorithmic detection and “temporary” machine generated detection.
avast! Free Antivirus can be downloaded for free from our servers or from other download servers such as download.com, 01.fr and others. But why limit yourself to avast! Free Antivirus if there are other products available with additional functionality that can be downloaded for free?
At least, that is what some people are thinking. Read more…
In this time, most of all new computers are sold with Windows 7 64bit. This new operation system and new processor features (DEP + ASLR) makes exploiting more difficult. Easier way how to run attacker’s code on victim computer is to convince users to download it voluntarily. Last week we received one interesting example. Let see it… Read more…
A few days ago, Andreas Marx (independent AV tester) sent all AV companies a file infected by “Delphi Source Code infector”. This file was linked by chip.de and a few others. Two days ago an analysis of this innovative file infector was published by Kaspersky Lab and F-Secure. But this is just the recent media bubble. This virus is actually several months old and all AV companies were blind. Why? Read more…
Swizzor is the detection name for a highly sophisticated, long lived piece of malware / adware. It’s based on a huge distribution network and is made by highly skilled bad-guys. At first sight, Swizzor looks like the usual modern software. The bad code is divided into small pieces and is distributed in the whole file by some code-generator. This technique makes analysis and detection difficult.
Let’s look at Swizzor from the other side… What is the first thing the common user sees before running some file? Yes, it’s an icon. The icon is code-generated as well as the whole file. And here inter alia can be seen the mathematical skill of the bad-guys. As Swizzor evolves and each generation becomes harder to detect, the icon becomes more sophisticated too. It’s interesting to see bad-guys producing nice art.
A patch is a utility that can be used to change a few bytes in the original file. It’s usually used to bypass license validation or to enable a hidden function. These patches are normally used with the knowledge and agreement of the user. However, another group of patches is actually malware which is used to perform the same functions without the user’s knowledge or agreement. In this case, system files are patched to gain backdoor access to a system (i.e. by changing the startup key to run the malware after booting). These files are detected by avast! as Win32:Patched.
The difference between file infectors (viruses) and patches is shown in the picture below. Patches just change a few bytes and can’t spread themselves. File infectors infect (patch) the victim file and add a virus body to perform a malicious action and can infect other files.
Are you always sure that what you are downloading is safe? Every day, many of our users report “false positive alerts” to us. I use quotes, because most of them are actually malware. See the picture below. The reported “wrong-detection” is Win32:Ardamax-LV [Spy].
Ardamax is a well known legitimate keylogger, but the “bad guys” often use it to steal account information. In this case, keylogger is a part of some hack. This is the reason why 90% of antivirus programs detect this keylogger as suspicious (VirusTotal report).
So, do you put your trust in unknown web sources such as RapidShare, MegaUpload etc. or in your antivirus program?