Category Archives: Malware Analysis
Brief analysis of the Adobe vulnerability
We have published the Security Advisory for Adobe Reader and Acrobat informing the users about the vulnerability found in the Adobe Acrobat and Adobe Reader which is currently actively exploited. The vulnerability in the U3D component allows remote attackers to … Continue reading
Fake Certificate in Malware – with Message
The malware authors every now and then send us virus researchers some messages. For example in the compiled binary itself, or as debug output. Now we found a Zbot Trojan variant which tries to evade detection by carrying a digital … Continue reading
Federal Police Scam
During our usual malware analysis we found a malware sample which shows a fake warning passing off as official German “Bundeskriminalamt” (the German Federal Police). The page contains various logos taken from the official Internet sites. It’s easy to discover … Continue reading
Picturesque Brazilian Banker
While analyzing new malware samples, we found a brazilian banking Trojan that caught our interest: It contains plenty of images – all of brazilian banks and insurances. It is quite a multi talent when it comes to the bank logins … Continue reading
Analysis of TR/Spy.SpyEye
SpyEye is a malware family which we are monitoring for some time. Today we are analyzing a sample which is detected as TR/Spy.SpyEye.flh by Avira products. The Trojan is able to inject code in running processes and can perform the … Continue reading
Fake System Optimizer with special messages
When analyzing malware, we often look for strings within the malware samples. Those give some interesting insights about the malware, its creators or the targets, for example. While poking into a fake system optimizer, after some decryption layers we also … Continue reading
Polymorphic Virut Malware
W32/Virut.ce is one of the most widespread pieces of malware which can be found on infected computers. This file infector gets massively spread bundled with illegal software (warez). The virus is infecting executable files using latest techniques which make detecting … Continue reading
Malware signed with fake Avira Certificate
While analyzing new malware samples we stumbled over a sample which contains a digital Avira signature. Something we need to check! Viewing the properties of the digital signature, Microsoft Windows shows a note “A certificate chain processed, but terminated in … Continue reading
Bredolab Malware spammed via fake Facebook Mails
The popularity of the social network Facebook is abused again to spread Malware via Email. The spam mails arrive with the subject “Facebook password has been changed. ID” and contain a ZIP archive as attachment. Inside the ZIP a file … Continue reading
Closer look on TR/Spy.Clickpal.A
We analyzed a Trojan Spy sample because it was interesting how it was spreading through the operating system and the way it sent out stolen information from the user. Right after execution the malware searches for .lnk files existing on … Continue reading