seeing is believing
Showing 1 - 25 of 37 RSS Feed

Files

Analysis Of Fake Antivirus Malware Delivery
Posted Feb 24, 2015
Authored by HauntIT

This is a brief whitepaper that documents how the author analyzed malicious javascript and a host used for slinging fake antivirus software.

tags | paper, javascript, virus
MD5 | 3654b81a0923d7139addc5474f5d80b0
Bypass Antivirus Dynamic Analysis
Posted Aug 25, 2014
Authored by Emeric Nasi

In this paper the author describes AV methods and focuses on how to fool antivirus emulation systems. They set themselves a challenge to find half a dozen ways to bypass AV dynamic analysis by using a fully undetectable decryption stub.

tags | paper, virus
MD5 | c4de1d2cdfde42f5957a9af64bb2de38
Sophail: Applied Attacks Against Sophos Antivirus
Posted Nov 6, 2012
Authored by Tavis Ormandy

By design, antivirus products introduce a vast attack surface to a hostile environment. The vendors of these products have a responsibility to uphold the highest secure development standards possible to minimize the potential for harm caused by their software. This second paper in a series on Sophos internals applies the results previously presented to assess the increased threat Sophos customers face. This paper is intended for a technical audience, and describes the process a sophisticated attacker would take when targeting Sophos users.

tags | paper, virus
MD5 | 66da75cd1ee4bb2355b0f58f1df3c518
Kindsight Malware Report Q3 2012
Posted Nov 2, 2012
Site kindsight.net

The Kindsight Security Labs Q3 2012 Malware Report examines general trends for malware infections in home networks or infections in mobile devices and computers connected through mobile adapters. The data in this report is aggregated across the networks where Kindsight solutions are deployed.

tags | paper, virus
MD5 | cee14b616ad58606b3d3bddc4949021c
Having Fun With VirusScan Enterprise
Posted Jul 12, 2012
Authored by Mert SARICA | Site mertsarica.com

VirusScan Enterprise Antivirus product may have a bug (or a vulnerability) in its parser that can lead to wrong action status messages and reports, malicious file scan bypass, and name spoofing by adding the magic line to the beginning of the file header.

tags | paper, spoof, virus
MD5 | fc6887a3ce24f94a5892bd2857f9dd29
Malware Reverse Engineering Part 1 - Static Analysis
Posted Jan 18, 2012
Authored by Rick Flores

This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.

tags | paper, root, virus
MD5 | 69bc5bbf5b19339b58ee550bfdd3e451
Anti-Virus Evasion Techniques
Posted Dec 11, 2011
Authored by Abhinav Singh

Whitepaper called Anti-Virus Evasion Techniques. Some of the techniques discussed are binding and splitting, converting exe to executable client side scripts, and performing code obfuscation/morphing.

tags | paper, virus
MD5 | 237fb3a0b67c7a4a85044e46e2aa993a
Sophail: A Critical Analysis Of Sophos Antivirus
Posted Aug 4, 2011
Authored by Tavis Ormandy

This paper describes the results of a thorough examination of Sophos Antivirus internals. The author presents a technical analysis of claims made by the vendor, and publishes the tools and reference material required to reproduce their results. Furthermore, they examine the product from the perspective of a vulnerability researcher, exploring the rich attack surface exposed, and demonstrating weaknesses and vulnerabilities.

tags | paper, vulnerability, virus
MD5 | 765ab9b1331b27bb4b61d2c897b3139f
Fake Malware And Virus Scanners
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.

tags | paper, virus
MD5 | 3916443ae896ac2816609b594d4e3753
Client-Side Threats - Anatomy Of Reverse Trojan Attacks
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.

tags | paper, trojan, vulnerability, virus
MD5 | 36054688bba7ebe7679c2a7ea52cb023
Paper On Unpacking Malware
Posted May 27, 2009
Authored by Piotr Bania | Site piotrbania.com

Whitepaper called Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs.

tags | paper, virus
MD5 | 81a46edfe56293f98cd90b87ec31be2a
malware.pdf
Posted Jan 14, 2007
Authored by Nicolas Falliere

Whitepaper entitled "Anatomy of a Malware". A tutorial that was created to educate people on how a simple piece of malware works.

tags | paper, virus
MD5 | 0c505de3a11f6f53a4679b6c0b100a10
vrg01.html
Posted Nov 7, 2006
Authored by roy g biv | Site vx.netlux.org

Interesting write up discussing the infection of Mach-O files including a link to the MachoMan virus.

tags | paper, virus
MD5 | f24ef57ac688b677b0d4207e5cbb650f
Taking_Back_Netcat.pdf
Posted Sep 7, 2006
Authored by Craig Heffner | Site craigheffner.com

While there are some easy ways of changing the antivirus signature of a program (packers, encryptors, etc), they may not always be viable options for those wishing to bypass antivirus applications. This paper will show how to locate the signature used to identify Netcat, and modify it so that the executable no longer matches Symantec's AV signature, without interfering with any of the program's functionality. This is an exercise in identifying and modifying sections of code (aka, signatures) that are used by antivirus programs to identify malicious code; the tools and techniques used here can be applied to any program that is marked as malicious by AV applications.

tags | paper, virus
MD5 | 595c987f017f5351e9fbd2d609a5acc0
mobilethreats.tgz
Posted Apr 30, 2006
Authored by Calvin Tang | Site pipx.net

Whitepaper entitled "Summary of Mobile Threat For Year 2005" that provides a detailed analysis of mobile malware and a full understanding of how such virii propagate. Also included is CalvinStinger.SIS which is a disinfection tool for the Symbian S60 platform.

tags | paper, virus
MD5 | 1abc86f2a88b24e42e700d09e266e680
EJohansen_VB2005.tgz
Posted Oct 8, 2005
Authored by Eric Johansen | Site malwareblog.com

Whitepaper as well as presentation slides entitled 'Anti-Virus in the Wild' that were presented at the Virus Bulletin 2005 conference in Dublin, Ireland.

tags | paper, virus
MD5 | 2eb9fce04803b5a48cb675c3a107e235
bofra_overview.txt
Posted Nov 20, 2004
Authored by Bryan Burns

Brief analysis of the Bofra, aka MyDoom.AG/AH, worm that was first discovered circulating in the wild November 8th.

tags | paper, worm, virus
MD5 | 1ada5872347d870822aec9f3feb880b6
grams.html
Posted Nov 13, 2004
Authored by Joe Stewart | Site lurhq.com

Full analysis of the Win32.Grams trojan. It differs from previous E-Gold phishing trojans in that it does not steal credentials instead uses the victim's own browser to siphon all the E-Gold directly from their account to another E-Gold account, using OLE automation. This would completely bypass all the new authentication methods financial institutions are using to thwart keystroke loggers/password stealers, because the trojan simply lets the user do the authentication, then takes over from there.

tags | paper, trojan, virus
systems | windows
MD5 | 595a24440e3a2c58515e37bc9c53b38e
decompression-bomb-vulnerability.html
Posted Feb 3, 2004
Authored by Dr. Peter Bieringer | Site aerasec.de

Research on the various reactions of anti-virus software against decompression bombs. Has a thorough comparison chart and is definately a good read.

tags | paper, virus
MD5 | 2e46ee8734eb62ab02051b6832e2d55b
intrusion-agent.pdf
Posted Aug 26, 2003
Authored by Frederic Charpentier

White paper discussing methodologies for accessing internal networks using HTTP tunneling and tricking end users.

tags | paper, web, virus
MD5 | ccd40eb358c1a868a3672f6b1af39a1a
virus-writing-HOWTO-2003-01-08.tar.gz
Posted Jan 21, 2003
Authored by Alexander Bartolich | Site lwfug.org

The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.

Changes: Added a rewritten segment scanner in C, added support for 64-bit ELF, and a fix for an embarrassing bug in the table of used RPM packages. The document is finished up to "Segment padding infection"; all the following chapters are probably broken.
tags | paper, virus
systems | linux
MD5 | 71a20160c5a66f2cabb26243a5d9bc0b
Kaspersky_review_11_18.doc
Posted Dec 24, 2002
Site relevanttechnologies.com

A detailed vendor analysis on Kaspersky's line of anti-virus products.

tags | paper, virus
MD5 | a3fb0418877ad5b3027e97a141cf113f
virus-writing-HOWTO-2002-08-15.tar.gz
Posted Aug 21, 2002
Authored by Alexander Bartolich | Site lwfug.org

The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection.

Changes: A port to Debian GNU/Linux on SPARC was started. "The magic of the Elf" and "The language of evil" are finished.
tags | paper, virus
systems | linux
MD5 | 05d3c473e0046d473f4ea4763ac6d456
200201p.txt
Posted Mar 6, 2002
Authored by One Semicolon | Site onesemicolon.cjb.net

"Techniques a worm might use to be harder to locate" is a look at how worms may evolve to be harder to locate on a infected computer. It begins very simple to build up to some ideas that are quite complex. Includes example source code written in Perl.

tags | paper, worm, perl, virus
MD5 | 8283bc6a78e7a27bb5b76906b3f53bca
future.of.viruses.txt
Posted Mar 6, 2002
Authored by Nucleii

The future of viruses and operating systems.

tags | paper, virus
MD5 | 3db99393c0c1debcbdee9a0763ed6add
Page 1 of 2
Back12Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Phishers Getting Smarter By Making Use Of User Location
Posted Oct 20, 2017

tags | headline, malware, cybercrime, fraud, phish
OSX Malware Spread Via Compromised Software Downloads
Posted Oct 20, 2017

tags | headline, malware, apple
Canadian Spooks Release Their Own Malware Detection Tool
Posted Oct 20, 2017

tags | headline, government, malware, canada, spyware
Judge: MalwareTech Is No Longer Under Curfew, GPS Monitoring
Posted Oct 20, 2017

tags | headline, hacker, government, malware, usa, conference
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close