Virus Bulletin - July 2009

Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editors: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding



Same malware, different code

'The intent is the same, the information displayed to the user is the same, and the extorted money probably ends up in the same pocket.' Pierre-Marc Bureau, Eset.

Pierre-Marc Bureau - Eset


Spam away

VB says goodbye to the Spam Supplement.

Helen Martin - Virus Bulletin, UK

Jobs for the naughty boys

UK's cyber security minister recruits team of former hackers.

Helen Martin - Virus Bulletin, UK

Spammer to serve time

Prolific spammer gets his just desserts.

Helen Martin - Virus Bulletin, UK

Malware prevalence report

May 2009

The Virus Bulletin prevalence table is compiled monthly from virus reports received by Virus Bulletin; both directly, and from other companies who pass on their statistics.

Malware analyses

Can you spare a seg?

Peter Ferrie resumes his series of analyses of viruses contained in the EOF-rRlf-DoomRiderz virus zine.

Peter Ferrie - Microsoft, USA

Kernel mechanics of Rustock

Chandra Prakash provides details of the kernel-mode operations of a recent (March 2009) version of Rustock, concentrating on the changes from its previous version.

Chandra Prakash - Sunbelt Software, USA


Early warning approaches to combat typosquatting

Typosquatting takes advantage of the typographical mistakes often made by users when entering a website address into a web browser. Amit Verma discusses a two-step approach to combatting the problem, prioritizing the registration of domain typos and detecting typos entered into Internet browsers and email clients.

Amit Verma - Symantec, India

The challenges of collecting and monitoring URLs that point to malware

Since 2005, the Malware Patrol Project has been cataloguing URLs used in phishing scams and distributing block lists for the most popular proxies and anti-spam systems. André D. Corrêa describes the challenges of collecting and monitoring malicious URLs.

André D. Corrêa - Malware Patrol, Brazil

Product review

Norman Network Protection Appliance

The security appliance market seems to have become a boom area of late, with just about every security firm worth its salt introducing an appliance solution to provide its services in a single package. This month VB's test team look at a dedicated anti-malware appliance: Norman’s Network Protection Appliance.

John Hawes - Virus Bulletin, UK

Comparative review

Anti-spam comparative review July 2009

In VB’s second round of anti-spam comparative testing and certification the all-important question was whether the high achievers from the first test could maintain the same high standards this month. Martijn Grooten has the results of a test in which more products were tested against a larger spam corpus and with stricter benchmarks.

Martijn Grooten - Virus Bulletin, UK


Anti-malware industry events

Must-attend events in the anti-malware industry - dates, locations and further details.


Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.