Author Archives: Marco Giuliani

Threat Research Analyst at Webroot

CloudOnomics

September 21, 2011 – 8:00 pm

By Ian Moyse Moore’s Law back in 1965 predicted silicon power would double every two years. But what its creator, Gordon E. Moore, couldn’t have predicted was the dramatic economies of scale the cloud would eventually bring to all of our lives. For one, it’s helped lead to a drop in price for essentials like [...]

Posted in Uncategorized | Comments (2)

Mebromi: the first BIOS rootkit in the wild

September 13, 2011 – 6:44 am

By Marco Giuliani In the past few weeks a Chinese security company called Qihoo 360 blogged about a new BIOS rootkit hitting Chinese computers. This turned to be a very interesting discovery as it appears to be the first real malware targeting system BIOS since a well-known proof of concept called IceLord in 2007. The malware is called [...]

Posted in Uncategorized | Comments (33)

TDL3 and ZeroAccess: More of the Same?

August 8, 2011 – 4:54 pm

By Marco Giuliani In our previous technical analysis of the ZeroAccess rootkit, we highlighted how it acts as a framework by infecting the machine — setting up its own private space in the disk, first through a dedicated file system on the disk, and more recently by using a hidden and locked directory. This is [...]

Posted in Botnet activity, Deep Knowledge, Destructive behavior, rootkit, Smart Malware Tricks, Threat Research, Uncategorized | Comments (3)

ZeroAccess Rootkit Guards Itself with a Tripwire

July 8, 2011 – 12:40 pm

By Marco Giuliani The latest generation of a rapidly evolving family of kernel-mode rootkits called, variously, ZeroAccess or Max++, seems to get more powerful and effective with each new variant. The rootkit infects a random system driver, overwriting its code with its own, infected driver, and hijacks the storage driver chain in order to hide [...]

Posted in Ad-clickers, Botnet activity, Destructive behavior, Downloaders, Stupid malware tricks, Threat Research, Trojans | Comments (4)

Removing Popureb Doesn’t Require a Windows Reinstall

June 30, 2011 – 7:26 am

By Marco Giuliani Last Wednesday, Microsoft published a blog post detailing a significant update to a piece of malware named Popureb. The malware adds code to the Master Boot Record, or MBR, a region of the hard disk that’s read by the PC during bootup, long before the operating system has had a chance to [...]

Posted in Advanced Malware Removal, Backdoors, Destructive behavior, malware, Ransomware, Stupid malware tricks, Threat Research, Trojans | Comments (9)
Follow

Get every new post delivered to your Inbox.

Join 545 other followers