Tag Archives: Analysis
Exploit Kits for the masses – Enter Fragus
The Fragus Exploit Kit is presented as a PHP web site featuring an administration/configuration module, the exploit module and a reporting module with MySQL as backend database. The “business” model is based on displaying fake ads and exploit the users … Continue reading
Fake DHL Mail leads to Fake Antivirus
We are seing these kind of emails very frequently and they all look very much the same, even if the senders change the style every now and then. These mails get sent in huge amounts in order to reach as … Continue reading
Closer Look on a PDF Exploit
As there are attacks on vulnerabilities in the most popular PDF Reader from Adobe, we regularly inspect the samples closer in our Avira VirusLab. This time we looked at an older exploit which Avira antimalware solutions detect as EXP/Pdfka.bmq. The … Continue reading
Closer look on Swizzor
We were analysing a recent version of Swizzor – an Adware which Avira detects as TR/Dldr.Swizzor.Gen – and after getting past the first encryption layers of the software, we stumbled over a few interesting strings in the malware. Quite obviously … Continue reading
Security hole in Adobe Reader and Acrobat
Adobe is currently investigating a new security hole in Reader and Acrobat. Cybercriminals are currently spamming emails with prepared documents which lead to an infection of the computer with malware. The PDF document abuses a buffer overflow in a new … Continue reading
FastFlux-Malware leading to FakeAV (Update)
Our researchers found a malicious JavaScript link embedded to the headlines and thread titles in some forums as well as on other web sites after a user notified us about possible issues with a particular forum. The scripts resulted in … Continue reading
Proper Passwords
Every now and then security researchers stumble over a database which holds user data like account names and passwords. Amazingly, each and every time the passwords seem to be the same when analysed. This time Tõnu Samuel found such a … Continue reading
Hindering debugging – by doing nothing
A common technique to make debugging harder and more time-consuming is scrambling the virus code and inserting “random” junk code that doesn’t really do anything useful. One example is the W32/Virut family. Despite already being a couple of years old, … Continue reading
Malware and Phishing statistics for Germany
According to http://www.internetworldstats.com/eu/de.htm, 61.1% from the Germany’s population in 2007 had Internet access. From these users, 56% are online every day or almost every day. Having such a widespread Internet usage, it is no surprise that there is quite a … Continue reading
Malware threats in the first half of 2009
As we were predicting upcoming threats for 2009 in the end of last year we now checked whether our guesses were correct. Unfortunately, they were. We predicted that the use of polymorphic file infectors will increase again. This became true: … Continue reading →