packer

Towering Qbot Certificates

New stolen digital certificates are used by the multi-purpose backdoor Qbot. The criminals behind the Qbot trojan are certainly not inactive. As I mentioned in a blog post earlier this month, after a quiet summer we have seen a batch of new Qbot variants. An interesting fact is that the malicious binaries were digitally signed.

Come along, little doggy, come along

The most common malware technique for avoiding detection is to create loads of “fresh” variants. Actually, the component that changes so frequently is the packer – the outer layer of the malware, used by malware authors to encrypt the malware and make it harder to detect – whilst the functionality of the malicious code inside

Obfuscated JavaScript: Oh What a Tangled Web

My colleague Daniel Novomeský alerted me to a problem he's observed with the way some web-developers use JavaScript: a few of them have the habit of obfuscating JavaScript code on their web sites, presumably in order to compress it so that it takes less disk-space ("packing") or using a "protector" in order to make it

False Positives: A Round of Applause…

The anti-malware industry isn't a suitable environment for the thin-skinned. We get used to receiving "more kicks than ha'pence" (see http://www.virusbtn.com/spambulletin/archive/2006/11/vb200611-OK).. In particular, I've grown accustomed to the fact that many people expect all the following from an AV product: Absolute Protection Absolute Convenience Absolutely no  False Positives Absolutely no charge False positives (FPs) are

(One out of) Ten Ways to Dodge Cyber-Bullets

It’s that time of year when everyone wants a top ten: the top ten most stupid remarks made by celebrities, the ten worst-dressed French poodles, the ten most embarrassing political speeches, and so on. Our research team came up with a few rather more serious ideas, most of which are considered at some length in our about-to-be-published

AV-Comparatives Retrospective Test (and a Word about False Positives)

Retrospective or “frozen” testing involves testing the ability of one or more products to detect threats proactively, using techniques such as advanced heuristics rather than signature detection.

Hybrid Detection: I have seen the future…

whitelisting itself is hybrid…And it works best as one layer of a defensive strategy, at any rate in the version of the internet in which we currently find ourselves.

ESET Virus Radar

Archives

Copyright © 2013 ESET, All Rights Reserved.