Spyware Remover Help Spyware removal ebook Free download

Taking a look at McAfee's Blog, I've seen a post talking about an old "friend" of us: the virus Virutas, and I have realized that I hadn't linked the latest articles we published in the Virus Bulletin Magazine.

The first one, Beyond Virtu(e) and Evil, written by Mario and Victor, analyses the virus Virutas in depth. It was published in the May edition of the Virus Bulletin. 

The second one, The Life Cycle of Bots, was published in the number of September 2007. This article, which was written by me, goes through the whole life cycle of bots, where we can see how some bots have almost a life of their own.

Enjoy them!

Posted under Malware Alerts

Last year we posted an article
about graphic
representations of malware, in which we commented that it's possible
to automatically
identify and classify malware into a family based on
their graphical structure
representation. This representation is based on the relationship between
function calls in the executable.
These relationships create a graph of the internal structure of the
executable. These graphs are very similar among samples of the same
family or among samples which share the same
source code. There are several publications about this technique (Ero Carrera &
Gergely Erdély [VB2004]) and all of us have heard about Sabre
Security VxClass
Project, which is a system to automatically unpack and classify a binary into
a family.

PandaLabs is 'two or three steps ahead' too and we
have developed our own system to automatically identify and classify the samples
we receive daily. Of course, this system
works with unpacked samples, that's why we use it with our
generic unpacker engine. We have made a flash video [14 MB] (to show you how this system works. Basically the steps are:

• Unpack the sample
  (the system only works with unpacked binaries)
• Drag&Drop it into the client
  application
• The client
  application sends it to the graph
  server
• The server analyzes it with IDA and uses several python
  scripts to extract:
• Graph of
  function calls
• Control Flow Graph (cfg) of
  functions
• Entropy
• CRC32 and custom CRC of
  functions
• Preselect samples from the database, applying several filters: entropy,
  compiler, filesize,… Then, the resulting ones will be compared with our sample.

This data will be used to compare the
sample with our entire graph database (Actually, we have already analyzed and stored in the graph database 185.000 samples).

Posted under Malware Alerts

This month, there have been no changes in the first positions of the ranking, so the list remains the same as last month’s:

 

1.- Application/MyWebSearch

2.- Adware/Gator

3.- Adware/Lop

4.- Spyware/Virtumonde

5.- Adware/Savenow

6.- Adware/ActiveSearch

 

In the 9th position, we find Adware/SystemDoctor, which goes up from the 13th position. 

It is an adware that promotes the fake error repairing program Application/SystemDoctor2006. 

Adware/NaviPromo goes up from 19th to 15th position.

It is an adware that promotes dialers and uses rootkit techniques in order to go unnoticed. It usually comes with other programs such as MailSkinner, WebMediaplayer or InternetGameBox.

Finally, we highlight Adware/WinAntivirus2007, which goes up from 58th to 25th position. It is an adware that promotes the rogue antispyware program Application/WinAntivirus2007.

Posted under Malware Alerts