Tag: analysis
-
VB2017 preview: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server
Apart from the odd taxi driver loudly making the claim, the idea that “Macs don’t get malware” has become something of the past. Nevertheless, most security researchers focus on Windows (and increasingly Android ) malware, thus making malware that targets macOS still the odd one out. Someone who for years has focused almost exclusively on…
-
VB2017 preview: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server
Apart from the odd taxi driver loudly making the claim, the idea that “Macs don’t get malware” has become something of the past. Nevertheless, most security researchers focus on Windows (and increasingly Android ) malware, thus making malware that targets macOS still the odd one out. Someone who for years has focused almost exclusively on…
-
Paper: Nesting doll: unwrapping Vawtrak
Raul Alvarez unwraps the many layers of an increasingly prevalent banking trojan. Banking trojans remain one of the most prevalent kinds of malware. Among them, trojans based on Zeus have long been the most prevalent, but in recent months a relatively new trojan has been challenging the reign of Zeus: Vawtrak. Also known as Neverquest…
-
Paper: API-EPO
Raul Alvarez studies the unique EPO methodology used by the W32/Daum file infector. A few months ago, we published an article by Fortinet ‘s Raul Alvarez on the Expiro file infector, which uses an EPO (entry-point obscuring) technique in an attempt to avoid heuristic detection. In EPO, a file infector doesn’t simply change the entry…
-
Program turns anti-analysis tools against the malware
Users cautioned to be wary of a false sense of security. Could you defeat VM-aware malware by making your system aware of VM-aware malware? Tricks to frustrate researchers and make automatic analysis more difficult are a common feature of today’s malware. One such trick is to make the malware ‘VM-aware’: it won’t run if it…