Virus Bulletin - October 2006

Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editor: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding



DDoS: the rise from obscurity

'The cost of a DDoS attack can be substantial – they can last hours, weeks and even months, and are capable of bringing unprotected organizations to a grinding halt.' Danny McPherson, Arbor Networks.

Danny McPherson - Arbor Networks, UK


News round-up

September's goings on in the AV industry.

Malware prevalence report

August 2006

The Virus Bulletin prevalence table is compiled monthly from virus reports received by Virus Bulletin; both directly, and from other companies who pass on their statistics.


Chamber of horrors

W32/Chamb is the first virus to infect compiled HTML (CHM) files parasitically. Peter Ferrie has the details.

Peter Ferrie - Symantec Security Response, USA


AV Testing SANS virus creation

David Harley writes to the director of research at the SANS Institute to express his concerns about Consumer Reports' AV testing methodology.

David Harley - Independent researcher, author and consultant, UK


Scanning embedded objects in Word XML files

Christoph Alme looks at the embedding of arbitrary objects into Word 2003 XML files and shows why finding them and passing them onto the virus scanner is not such a 'walk in the park' as one might expect.

Christoph Alme - Secure Computing Corporation, Germany

Comparative review

VB Comparative: Windows 2000 Server - October 2006

John Hawes serves up another VB comparative - this month, he puts 26 AV products through their paces on Windows 2000 Server and finds 18 of them worthy of a VB 100%.

John Hawes - Virus Bulletin

Spam Bulletin

Spam Bulletin - October 2006

Anti-spam news; AISK - a different approach (feature)


Latest articles:

VB99 paper: Giving the EICAR test file some teeth

There are situations that warrant the use of live viruses. There are also situations where the use of live viruses is unwarranted. Specifically, live viruses should not be used when safer and equally effective methods can be used to obtain the…

Powering the distribution of Tesla stealer with PowerShell and VBA macros

Since their return more than four years ago, Office macros have been one of the most common ways to spread malware. In this paper, Aditya K Sood and Rohit Bansal analyse a campaign in which VBA macros are used to execute PowerShell code, which in…

VB2017 paper: Android reverse engineering tools: not the usual suspects

In the Android security field, all reverse engineers will probably have used some of the most well-known analysis tools such as apktool, smali, baksmali, dex2jar, etc. These tools are indeed must‑haves for Android application analysis. However, there…

VB2017 paper: Exploring the virtual worlds of advergaming

As adverts in gaming (‘advergaming’) ecosystems continue to become more sophisticated, so the potential complications grow for parents, children and gamers, who just want to play without having to worry about where their data is going (and how it is…

Distinguishing between malicious app collusion and benign app collaboration: a machine-learning approach

Two or more mobile apps, viewed independently, may not appear to be malicious - but in combination, they could become harmful by exchanging information with one another and by performing malicious activities together. In this paper we look at how…