Twenty Year Anniversary
Showing 1 - 25 of 37 RSS Feed


Analysis Of Fake Antivirus Malware Delivery
Posted Feb 24, 2015
Authored by HauntIT

This is a brief whitepaper that documents how the author analyzed malicious javascript and a host used for slinging fake antivirus software.

tags | paper, javascript, virus
MD5 | 3654b81a0923d7139addc5474f5d80b0
Bypass Antivirus Dynamic Analysis
Posted Aug 25, 2014
Authored by Emeric Nasi

In this paper the author describes AV methods and focuses on how to fool antivirus emulation systems. They set themselves a challenge to find half a dozen ways to bypass AV dynamic analysis by using a fully undetectable decryption stub.

tags | paper, virus
MD5 | c4de1d2cdfde42f5957a9af64bb2de38
Sophail: Applied Attacks Against Sophos Antivirus
Posted Nov 6, 2012
Authored by Tavis Ormandy

By design, antivirus products introduce a vast attack surface to a hostile environment. The vendors of these products have a responsibility to uphold the highest secure development standards possible to minimize the potential for harm caused by their software. This second paper in a series on Sophos internals applies the results previously presented to assess the increased threat Sophos customers face. This paper is intended for a technical audience, and describes the process a sophisticated attacker would take when targeting Sophos users.

tags | paper, virus
MD5 | 66da75cd1ee4bb2355b0f58f1df3c518
Kindsight Malware Report Q3 2012
Posted Nov 2, 2012

The Kindsight Security Labs Q3 2012 Malware Report examines general trends for malware infections in home networks or infections in mobile devices and computers connected through mobile adapters. The data in this report is aggregated across the networks where Kindsight solutions are deployed.

tags | paper, virus
MD5 | cee14b616ad58606b3d3bddc4949021c
Having Fun With VirusScan Enterprise
Posted Jul 12, 2012
Authored by Mert SARICA | Site

VirusScan Enterprise Antivirus product may have a bug (or a vulnerability) in its parser that can lead to wrong action status messages and reports, malicious file scan bypass, and name spoofing by adding the magic line to the beginning of the file header.

tags | paper, spoof, virus
MD5 | fc6887a3ce24f94a5892bd2857f9dd29
Malware Reverse Engineering Part 1 - Static Analysis
Posted Jan 18, 2012
Authored by Rick Flores

This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.

tags | paper, root, virus
MD5 | 69bc5bbf5b19339b58ee550bfdd3e451
Anti-Virus Evasion Techniques
Posted Dec 11, 2011
Authored by Abhinav Singh

Whitepaper called Anti-Virus Evasion Techniques. Some of the techniques discussed are binding and splitting, converting exe to executable client side scripts, and performing code obfuscation/morphing.

tags | paper, virus
MD5 | 237fb3a0b67c7a4a85044e46e2aa993a
Sophail: A Critical Analysis Of Sophos Antivirus
Posted Aug 4, 2011
Authored by Tavis Ormandy

This paper describes the results of a thorough examination of Sophos Antivirus internals. The author presents a technical analysis of claims made by the vendor, and publishes the tools and reference material required to reproduce their results. Furthermore, they examine the product from the perspective of a vulnerability researcher, exploring the rich attack surface exposed, and demonstrating weaknesses and vulnerabilities.

tags | paper, vulnerability, virus
MD5 | 765ab9b1331b27bb4b61d2c897b3139f
Fake Malware And Virus Scanners
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site

Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.

tags | paper, virus
MD5 | 3916443ae896ac2816609b594d4e3753
Client-Side Threats - Anatomy Of Reverse Trojan Attacks
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site

Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.

tags | paper, trojan, vulnerability, virus
MD5 | 36054688bba7ebe7679c2a7ea52cb023
Paper On Unpacking Malware
Posted May 27, 2009
Authored by Piotr Bania | Site

Whitepaper called Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs.

tags | paper, virus
MD5 | 81a46edfe56293f98cd90b87ec31be2a
Posted Jan 14, 2007
Authored by Nicolas Falliere

Whitepaper entitled "Anatomy of a Malware". A tutorial that was created to educate people on how a simple piece of malware works.

tags | paper, virus
MD5 | 0c505de3a11f6f53a4679b6c0b100a10
Posted Nov 7, 2006
Authored by roy g biv | Site

Interesting write up discussing the infection of Mach-O files including a link to the MachoMan virus.

tags | paper, virus
MD5 | f24ef57ac688b677b0d4207e5cbb650f
Posted Sep 7, 2006
Authored by Craig Heffner | Site

While there are some easy ways of changing the antivirus signature of a program (packers, encryptors, etc), they may not always be viable options for those wishing to bypass antivirus applications. This paper will show how to locate the signature used to identify Netcat, and modify it so that the executable no longer matches Symantec's AV signature, without interfering with any of the program's functionality. This is an exercise in identifying and modifying sections of code (aka, signatures) that are used by antivirus programs to identify malicious code; the tools and techniques used here can be applied to any program that is marked as malicious by AV applications.

tags | paper, virus
MD5 | 595c987f017f5351e9fbd2d609a5acc0
Posted Apr 30, 2006
Authored by Calvin Tang | Site

Whitepaper entitled "Summary of Mobile Threat For Year 2005" that provides a detailed analysis of mobile malware and a full understanding of how such virii propagate. Also included is CalvinStinger.SIS which is a disinfection tool for the Symbian S60 platform.

tags | paper, virus
MD5 | 1abc86f2a88b24e42e700d09e266e680
Posted Oct 8, 2005
Authored by Eric Johansen | Site

Whitepaper as well as presentation slides entitled 'Anti-Virus in the Wild' that were presented at the Virus Bulletin 2005 conference in Dublin, Ireland.

tags | paper, virus
MD5 | 2eb9fce04803b5a48cb675c3a107e235
Posted Nov 20, 2004
Authored by Bryan Burns

Brief analysis of the Bofra, aka MyDoom.AG/AH, worm that was first discovered circulating in the wild November 8th.

tags | paper, worm, virus
MD5 | 1ada5872347d870822aec9f3feb880b6
Posted Nov 13, 2004
Authored by Joe Stewart | Site

Full analysis of the Win32.Grams trojan. It differs from previous E-Gold phishing trojans in that it does not steal credentials instead uses the victim's own browser to siphon all the E-Gold directly from their account to another E-Gold account, using OLE automation. This would completely bypass all the new authentication methods financial institutions are using to thwart keystroke loggers/password stealers, because the trojan simply lets the user do the authentication, then takes over from there.

tags | paper, trojan, virus
systems | windows
MD5 | 595a24440e3a2c58515e37bc9c53b38e
Posted Feb 3, 2004
Authored by Dr. Peter Bieringer | Site

Research on the various reactions of anti-virus software against decompression bombs. Has a thorough comparison chart and is definately a good read.

tags | paper, virus
MD5 | 2e46ee8734eb62ab02051b6832e2d55b
Posted Aug 26, 2003
Authored by Frederic Charpentier

White paper discussing methodologies for accessing internal networks using HTTP tunneling and tricking end users.

tags | paper, web, virus
MD5 | ccd40eb358c1a868a3672f6b1af39a1a
Posted Jan 21, 2003
Authored by Alexander Bartolich | Site

The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.

Changes: Added a rewritten segment scanner in C, added support for 64-bit ELF, and a fix for an embarrassing bug in the table of used RPM packages. The document is finished up to "Segment padding infection"; all the following chapters are probably broken.
tags | paper, virus
systems | linux
MD5 | 71a20160c5a66f2cabb26243a5d9bc0b
Posted Dec 24, 2002

A detailed vendor analysis on Kaspersky's line of anti-virus products.

tags | paper, virus
MD5 | a3fb0418877ad5b3027e97a141cf113f
Posted Aug 21, 2002
Authored by Alexander Bartolich | Site

The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.

Changes: A port to Debian GNU/Linux on SPARC was started. "The magic of the Elf" and "The language of evil" are finished.
tags | paper, virus
systems | linux
MD5 | 05d3c473e0046d473f4ea4763ac6d456
Posted Mar 6, 2002
Authored by One Semicolon | Site

"Techniques a worm might use to be harder to locate" is a look at how worms may evolve to be harder to locate on a infected computer. It begins very simple to build up to some ideas that are quite complex. Includes example source code written in Perl.

tags | paper, worm, perl, virus
MD5 | 8283bc6a78e7a27bb5b76906b3f53bca
Posted Mar 6, 2002
Authored by Nucleii

The future of viruses and operating systems.

tags | paper, virus
MD5 | 3db99393c0c1debcbdee9a0763ed6add
Page 1 of 2

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
RSA Fails To Assess Vendor, Leaks Attendee Details
Posted Apr 21, 2018

tags | headline, privacy, phone, data loss, flaw, conference, rsa
Trustjacking Exploit Abuses iTunes Feature To Spy On iOS Devices
Posted Apr 21, 2018

tags | headline, flaw, apple, conference
Ex-Employee Sun Trust Helps Compromise 1.5 Million Bank Clients
Posted Apr 21, 2018

tags | headline, privacy, bank, cybercrime, data loss, fraud
Teen Who Hacked Ex-CIA Director John Brennan Gets 2 Years In Prison
Posted Apr 21, 2018

tags | headline, hacker, government, usa, britain, cia
Google's Project Zero Exposes Unpatched Windows 10 Lockdown Bypass
Posted Apr 20, 2018

tags | headline, microsoft, flaw, google
LinkedIn Bug Allowed Data To Be Stolen From User Profiles
Posted Apr 20, 2018

tags | headline, privacy, data loss, flaw, social
Oracle Releases 254 Security Fixes
Posted Apr 20, 2018

tags | headline, flaw, patch, oracle, java
Yahoo! Webmail Hackers Faces 8 Years Inside
Posted Apr 20, 2018

tags | headline, hacker, email, yahoo
JP Morgan Ousted Security Chief Backed By Palantir After Executives Found Out He Was Spying On Them
Posted Apr 20, 2018

tags | headline, privacy, bank, fraud, spyware
PCI Council Releases Vastly Expanded Cards In Clouds Guidance
Posted Apr 19, 2018

tags | headline, bank, cybercrime, fraud
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By