As promised in our previous blog entry for the recent Adobe Reader PDF zero-day attack, we now offer more technical details on this Reader “sandbox-escape” plan. In order to help readers understand what’s going on there, we first need to provide some background. Adobe Reader’s Sandbox Architecture The Adobe Reader sandbox consists of two processes: Read more…
Recently we experimented with our generic unpacking heuristics. Our goal was to unpack a potentially malicious binary and dump the executable from memory to a file. During our experiments we saw a few unknown packers from which we successfully unpacked the binary; with these, however, we dumped the memory but we missed some code in Read more…
Recently we have seen a spike in a Visual Basic 6-compiled AutoRun worm family. The family is both client- and server-side polymorphic. (For more on this family, refer to our VIL and Advisory entries.) The W32/Autorun.worm.aaeh family usually gets on a victim’s machine through email spam, Blacole drive-by downloads, or downloads by BackDoor-FJW. From a behavioral Read more…
The Lady has just turned 30. But she isn’t ready to leave the limelight yet, for she is still evolving, still acquiring large number of admirers daily. No wonder that over 2.4 billion people across the world are her diehard users today, according to Internet World statistics. Wondering who she is? She is the wonder Read more…
News broke today of a large data breach against Yahoo Voices, resulting in more than 400,000 username/password combinations being posted in clear text. The compromise involved a basic SQL-injection attack against an exposed Yahoo server (dbb1.ac.bf1.yahoo.com). Similar to other recent events, the account data was reportedly stored in an unencrypted state. We see this type of attack Read more…
One of the most prevalent families of recent Trojans is called fake alerts. These Trojans generate fake warning screens that look like they were generated by legitimate security or anti-malware software. The majority of malware within this family attempts to con users by convincing them that their systems are at risk and that they should purchase Read more…