IcePack uncovered
In summer we had already talked about IcePack, which can be considered as the most complete "kit for installing malware through exploits” and one of the most used nowadays. For further details about how it works, you can have a look at the document I have prepared.
Fake Microsoft Update
This morning we have seen an e-mail that was supposed to contain a Windows update for the vulnerability in the Kodak image viewer, which could allow arbitrary code to be remotely executed. The e-mail seems to come from Microsoft Corp, though the domain from which it was created has no relation with this company: The [...]
Automatic classification of malware (II)
PandaLabs, Some months ago we showed you a tool based on graphs in order to classify malware. Today we'll show you another tool that we are currently using in the lab to determine whether a file is malware or goodware. This tool is called VMatchBinary. Basically, what we do is to identify similar byte blocks, obtaining [...]
Microsoft Security Advisory (926043): Vulnerability in Windows Shell Could Allow Remote Code Execution – 10/10/2006
Microsoft Security Advisory (926043): Vulnerability in Windows Shell Could Allow Remote Code Execution – 10/10/2006,Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in supported versions of Microsoft Windows. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their [...]
Microsoft Security Advisory (904420): Win32/Mywife.E@mm – 2/1/2006
Microsoft Security Advisory (904420): Win32/Mywife.E@mm – 2/1/2006,Revision Note: Additional information about the blank password restriction functionality in Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003, and Windows Server 2003 Service Pack 1. Added link to Virus Information Alliance member Sophos. Advisory Summary:Microsoft wants to make customers aware of the Mywife [...]