Tag: raul alvarez

Paper: Bird’s nest

Raul Alvarez studies the Neshta prepending file infector. File infectors can be categorized by how they attach themselves to the host file. A cavity virus attaches itself to the available spaces in the host file; an appending virus attaches its code at the end of a file; and a prepending virus does so at the…

August 21, 2014
Paper: API-EPO

Raul Alvarez studies the unique EPO methodology used by the W32/Daum file infector. A few months ago, we published an article by Fortinet ‘s Raul Alvarez on the Expiro file infector, which uses an EPO (entry-point obscuring) technique in an attempt to avoid heuristic detection. In EPO, a file infector doesn’t simply change the entry…

July 14, 2014

Paper: Bird’s nest