October issue of VB published

Posted by   Virus Bulletin on   Oct 1, 2011

The October issue of Virus Bulletin is now available for subscribers to download.

The October 2011 issue of Virus Bulletin is now available for subscribers to browse online or download in PDF or PRC (Kindle) format.

Some of the things this month's issue has in store are:

  • A new BIOS rootkit spreads in China: The BIOS rootkit is the most complex type of rootkit researchers have come across so far. It is hardware dependent, and an attacker must have extensive knowledge of the computer - including software and hardware - in order to create one. Until now this type of rootkit has remained in the realm of academic research - but recently things have changed. Zhitao Zhou details TrojanDropper:Win32/Wador.A.
  • Hard disk woes: It is uncommon these days to find malware whose sole purpose is to cause damage, but W32.VRBAT does just that (and only that) - using ATA disk security to render hard disks useless. Jorge Lordos and his colleagues have the details.
  • Asynchronous Harakiri++: The generic retro-malware features of ZeroAccess, combined with its advanced rootkit features, makes it one of the most difficult rootkits to deal with, while newer variants of the malware also support 64-bit Windows systems. Peter Ször and Rachit Mathur take a detailed look at the rootkit.
  • Okay, so you are a Win32 emulator...: There has already been extensive research into the plethora of tricks used by contemporary malware and executable protectors with the purpose of breaking debuggers and emulators. Unfortunately malware authors are aware of such research efforts and the countermeasures introduced by engine developers. They are also pretty much aware of the capabilities of AV emulators, and are ready and prepared to deploy tricks to overcome them. Gabor Szappanos looks at a small cross-section of the threat landscape.

Note: The October 2011 VB100 comparative review on Windows Server 2003 will be published as standalone article in mid-October. As with all new VB100 and VBSpam reviews, the report will be available for non-subscribers to purchase as a standalone item (Virus Bulletin subscribers will be notified by email when the comparative is available to download). Non-subscribers can purchase VB100 reports here and VBSpam reports here.

Subscribers click here to access the issue.

If you are not already a subscriber why not take the chance to subscribe now.

Posted on 30 September 2011 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.