TechBlog

Security News? Just a few clicks away

Tag Archives: Analysis

Exploit Kits for the masses – Enter Fragus

The Fragus Exploit Kit is presented as a PHP web site featuring an administration/configuration module, the exploit module and a reporting module with MySQL as backend database. The “business” model is based on displaying fake ads and exploit the users … Continue reading

Fake DHL Mail leads to Fake Antivirus

We are seing these kind of emails very frequently and they all look very much the same, even if the senders change the style every now and then. These mails get sent in huge amounts in order to reach as … Continue reading

Closer Look on a PDF Exploit

As there are attacks on vulnerabilities in the most popular PDF Reader from Adobe, we regularly inspect the samples closer in our Avira VirusLab. This time we looked at an older exploit which Avira antimalware solutions detect as EXP/Pdfka.bmq. The … Continue reading

Closer look on Swizzor

We were analysing a recent version of Swizzor – an Adware which Avira detects as TR/Dldr.Swizzor.Gen – and after getting past the first encryption layers of the software, we stumbled over a few interesting strings in the malware. Quite obviously … Continue reading

Security hole in Adobe Reader and Acrobat

Adobe is currently investigating a new security hole in Reader and Acrobat. Cybercriminals are currently spamming emails with prepared documents which lead to an infection of the computer with malware. The PDF document abuses a buffer overflow in a new … Continue reading

FastFlux-Malware leading to FakeAV (Update)

Our researchers found a malicious JavaScript link embedded to the headlines and thread titles in some forums as well as on other web sites after a user notified us about possible issues with a particular forum. The scripts resulted in … Continue reading

Proper Passwords

Every now and then security researchers stumble over a database which holds user data like account names and passwords. Amazingly, each and every time the passwords seem to be the same when analysed. This time Tõnu Samuel found such a … Continue reading

Hindering debugging – by doing nothing

A common technique to make debugging harder and more time-consuming is scrambling the virus code and inserting “random” junk code that doesn’t really do anything useful. One example is the W32/Virut family. Despite already being a couple of years old, … Continue reading

Malware threats in the first half of 2009

As we were predicting upcoming threats for 2009 in the end of last year we now checked whether our guesses were correct. Unfortunately, they were. We predicted that the use of polymorphic file infectors will increase again. This became true: … Continue reading

Malware and Phishing statistics for Germany

According to http://www.internetworldstats.com/eu/de.htm, 61.1% from the Germany’s population in 2007 had Internet access. From these users, 56% are online every day or almost every day. Having such a widespread Internet usage, it is no surprise that there is quite a … Continue reading