Tag: raul alvarez
-
Paper: Bird’s nest
Raul Alvarez studies the Neshta prepending file infector. File infectors can be categorized by how they attach themselves to the host file. A cavity virus attaches itself to the available spaces in the host file; an appending virus attaches its code at the end of a file; and a prepending virus does so at the…
-
Paper: API-EPO
Raul Alvarez studies the unique EPO methodology used by the W32/Daum file infector. A few months ago, we published an article by Fortinet ‘s Raul Alvarez on the Expiro file infector, which uses an EPO (entry-point obscuring) technique in an attempt to avoid heuristic detection. In EPO, a file infector doesn’t simply change the entry…