TechBlog

Security News? Just a few clicks away

Tag Archives: Research

Worm instead of Avira Keygen

On a popular Bittorrent site during the last weekend there appeared a package that allegedly contains Avira AntiVir Premium and a so called keygen. A keygen is a tiny piece of software that calculates a license number for a commercial … Continue reading

Avira Risk Level

The Risk Level describes the current phishing- and malware threats that we receive in real time from our sources in Internet. These threats are valid and can be accessed by any user in the Internet. The levels are computed by … Continue reading

Hindering debugging – by doing nothing

A common technique to make debugging harder and more time-consuming is scrambling the virus code and inserting “random” junk code that doesn’t really do anything useful. One example is the W32/Virut family. Despite already being a couple of years old, … Continue reading

Malware and Phishing statistics for Germany

According to http://www.internetworldstats.com/eu/de.htm, 61.1% from the Germany’s population in 2007 had Internet access. From these users, 56% are online every day or almost every day. Having such a widespread Internet usage, it is no surprise that there is quite a … Continue reading

File Patcher W32/Tobin

While refining and improving our detection of the W32/Tobin file patcher malware we analysed its “infection” algorithm closer. Upon execution, it drops a DLL (usually “nikitob.dll”) and modifies executable files on the system so that they load the dropped DLL … Continue reading

Malware writers rig up against Sandboxes

While analysing a recent version of the often adapted Trojan Dropper CeeInject we stumbled over following message in the malware (in plain text): Hi Dear sniffer If you want to find the net You better put some effort in doing … Continue reading

Evil JavaScript: Webpage- and PDF-Threat

Malicious exploitation of older security vulnerabilities target users of Adobe Reader and Acrobat Professional versions before 8.1.2. The vast majority of todays PDF exploit samples still target an old buffer overflow vulnerability which the Common Vulnerabilities and Exposures project lists … Continue reading