Clik here to view.
There's nothing old school about viruses
Recently, we discovered a new parasitic infection virus in the wild – Win32/Floxif - which specifically targets DLL files. Most of the attacks of this threat have been observed to come from a specific...
View ArticleClik here to view.
The role of 'agent' as part of distribution channel decision
In a recent blog post, we pointed out a trend we described as economies of scale in cross-platform vulnerabilities. We noted that this method of distribution allows the attacker to maximize their...
View ArticleClik here to view.
A technical analysis on CVE-2012-1535 Adobe Flash Player vulnerability: Part 1
This post is part one of two. On August 14th, Adobe released a fix and an advisory for a vulnerability (CVE-2012-1535) in Adobe Flash Player. On Windows systems, Adobe Flash Player 11.3.300.270 and...
View ArticleClik here to view.
Protecting yourself from CVE-2012-4681 Java exploits
As we've discussed in previous posts, we are seeing more malware abusing Java issues, including CVE-2012-4681. Currently this vulnerability is an 0-day, and to date there is no patch available from the...
View ArticleClik here to view.
A technical analysis on CVE-2012-1535 Adobe Flash Player vulnerability: Part 2
Part 1 of this blog described and analyzed the CVE-2012-1535 vulnerability in Adobe Flash Player. Here, we describe the fixes and mitigations that can be employed for this and similar exploits. Fixes...
View ArticleClik here to view.
MSRT September '12 - Medfos, hijacking your daily search
In this month's Microsoft Malicious Software Removal Tool (MSRT) release, we add Win32/Medfos. This is a fairly new family, but it is continuously gaining big detection numbers around the world,...
View ArticleClik here to view.
Microsoft Security Response Center (MSRC) Progress Report 2012
Our partners in Microsoft Security Response Center (MSRC) recently published their MSRC Progress Report 2012. It was recently released at Blackhat USA in Las Vegas, Nevada. This year’s MSRC Progress...
View ArticleClik here to view.
Reversal of fortune: Attempts to disguise file names
Social engineering tactics are vast and varied, and we see all sorts of methods being used on a daily basis by malware authors, in their attempts to compromise your machine. One such method that we see...
View ArticleClik here to view.
What you need to know about CVE-2012-4969
On Monday, we released a Security Advisory on CVE-2012-4969, a vulnerability in Internet Explorer. A Fix it was released on Wednesday, and a cumulative update is also now available as of today, Friday...
View ArticleClik here to view.
Malware signed with the Adobe code signing certificate
Last week, Adobe released an advisory (APSA12-01) announcing the upcoming revocation of an Adobe code signing certificate as it was compromised and used to sign at least two malicious utilities. They...
View ArticleClik here to view.
A Facebook scam, end to end
Just recently, I logged on to my Facebook account and saw that a couple of people on my Friends list had posted something about a free $250 gift card from Costco, similar to this: When you click the...
View ArticleClik here to view.
SIRv13: Be careful where you go looking for software and media files
The Internet is a great place to share; we share information, ideas, experiences, software, and media through many different services over the Internet. The Internet is also a great place to do...
View ArticleClik here to view.
MSRT thwarts rogues with just one scan
Most rogue antivirus software displays an interface that is predominantly in English, with some presenting a few other European languages as well. However, this month one of the families added by MSRT...
View ArticleClik here to view.
ELAM Is Black and White
At the Virus Bulletin conference this year, there was a talk about the limitations and suggested enhancements for the Early Launch Anti-Malware (ELAM) environment. The main observation, complaint if...
View ArticleClik here to view.
MSRT October '12 - Nitol: Counterfeit code isn't such a great deal after all
Just recently, Microsoft shut down the command-and-control infrastructure (C&C) of Win32/Nitol malware - one of the most active DDoS-performing malware families today. The take down, dubbed as...
View ArticleClik here to view.
Know your enemy - protect yourself
Of the many weapons and tricks in an attacker’s arsenal, none is more dangerous or insidious than the ability to hide and continuously compromise a system from within. This is the role of a rootkit....
View ArticleClik here to view.
MSRT October '12 - Nitol by the numbers
As mentioned in our previous post, Microsoft's study [PDF] behind Operation b70 found that PC consumers might be at risk of malware infection even with brand new computers, if the computers come...
View ArticleClik here to view.
Happy Halloween from the MMPC
One of my pet peeves working in computer security has always been the use of emotive language. I have always felt that using highly emotive terms to discuss malware greatly adds to the...
View ArticleClik here to view.
All copy and paste makes Jack a bored boy
We recently came across what appeared to be a new sample, but was actually part of malware discovered in 2010. This new-old sample is built from publicly available source code and, like many of its...
View ArticleClik here to view.
Don't fall for Folstart
We use thumb drives in different ways – usually to transfer files from one computer to another. When we create folders in thumb drives, we have a certain level of confidence that the folder isn't...
View Article
