Carbon Black assert that if an AV company doesn’t detect malware within six days of its being flagged on Virus Total, it probably won’t after a month. Is that as dangerous as it sounds?

The authors of Win32/Qbot (a.k.a. Qakbot) are back with new variants of this infamous malware, and this time the binaries are digitally signed. Qbot is a multifunctional trojan that has had some significant impact in the past. It has also been around a while, with the first variants dating as far back as spring 2007,

I encountered an old acquaintance today. Tip of the hat to Peter Radatti for pointing me towards an article by John Breeden II that proposes a very familiar idea: the Good Virus. (One that also often pops up in the form of the Good Worm, such as the various hues of Code that were proposed

It is generally well-understood that antimalware programs—the software which detects computer viruses, worms, trojan horses and other threats to your system—work by scanning files using signatures they already have. A signature could be as simple as a string[i] (like using the "find" command in your word processor to locate a particular piece of text) or as

I recently received a few questions about heuristics and thought the answers may be of broader interest than just to the person asking. 1- What is the difference between the detection by generic signatures and passive heuristic? Aren't they the same? 2- In this thread: http://www.wilderssecurity.com/showthread.php?t=261904 I can't understand Marcos's replay: 'it's heuristic detection coupled

Some of you may have noticed that I’ve been uncharacteristically quiet the past few days. That’s because I really needed to do catch up with other things. Sad though I am to have missed the opportunity to jeer at Mikeyy the Worm and his new employer (though I may come back to them shortly, just

whitelisting itself is hybrid…And it works best as one layer of a defensive strategy, at any rate in the version of the internet in which we currently find ourselves.