Pitou: the "silent" resurrection of the notorious Srizbi kernel spambot
The recently observed Pitou threat shows similarities with the Srizbi spambot. In this whitepaper, we outline Pitou’s distribution methods, the kernel payload delivered by its droppers, how its bootkit functions and how it communicates with its C&C server.
Lecpetex: Virtual currency mining gets social
Trojan:W32/Lecpetex is a Bitcoin miner that spreads via in zipped files attached to social engineered Facebook messages. Once installed on a machine, the malware silently performs its Bitcoin mining, and contacts a command and control (C&C) server for additional commands.
COSMICDUKE: Cosmu with a twist of MiniDuke
CosmicDuke - the first malware seen to include code from both the notorious MiniDuke APT Trojan and another longstanding threat, the information-stealing Cosmu family. When active on an infected machine, CosmicDuke will search for and harvest login details from a range of programs and forward the data to remote servers, some of which were active at the time of writing.
F-Secure DeepGuard: Proactive on-host protection against new and emerging threats
This whitepaper explains the trends and developments in computing that have made host-based behavioral analysis and exploit interception necessary elements of computer security and provides an overview of the technology and methodology used by DeepGuard, the Host-based Intrusion Prevention System (HIPS) of F-Secure’s security products.
Flashback OS X Malware
This report was originally presented and published at VB2012.
In 2011, we saw OS X come under siege by several malware families. Towards the end of the year, we saw new families or variants appear almost every week, where each was more sophisticated than the last. At the forefront of these developments was the Flashback malware.
It's Signed, therefore it's Clean, right?
This document was originally presented at CARO 2010
This presentation discusses Authenticode signing, its usage by developers (particularly in the antivirus industry) and ways that code signing can be abused in order to spread malware and allow it to install