TDL3 and ZeroAccess: More of the Same?

August 8, 2011 – 4:54 pm

By Marco Giuliani In our previous technical analysis of the ZeroAccess rootkit, we highlighted how it acts as a framework by infecting the machine — setting up its own private space in the disk, first through a dedicated file system on the disk, and more recently by using a hidden and locked directory. This is [...]

By Marco Giuliani | Posted in Botnet activity, Deep Knowledge, Destructive behavior, rootkit, Smart Malware Tricks, Threat Research, Uncategorized | Tags: , , , | Comments (3)

Removing Popureb Doesn’t Require a Windows Reinstall

June 30, 2011 – 7:26 am

By Marco Giuliani Last Wednesday, Microsoft published a blog post detailing a significant update to a piece of malware named Popureb. The malware adds code to the Master Boot Record, or MBR, a region of the hard disk that’s read by the PC during bootup, long before the operating system has had a chance to [...]

By Marco Giuliani | Posted in Advanced Malware Removal, Backdoors, Destructive behavior, malware, Ransomware, Stupid malware tricks, Threat Research, Trojans | Tags: , , , , , , , , , , , , , , , , , | Comments (9)

Spammed Trojan Won’t Run Under Windows XP

June 14, 2010 – 2:07 pm

By Andrew Brandt While it is far from the first Trojan ever to simply fail to execute under Windows XP, it definitely caught our eye that a variant of Trojan-Downloader-Tacticlol distributed last week in a spam campaign only fully executed under Windows Vista or newer operating systems. It may have been just a fluke, but [...]

By mguthrie09 | Posted in social engineering, spam, Stupid malware tricks, Threat Research | Tags: , , , , , , , , , , , , , | Comments (3)
Follow

Get every new post delivered to your Inbox.

Join 545 other followers