Virus Bulletin - February 2014

Editor: Helen Martin

Technical Consultant: John Hawes

Technical Editor: Morton Swimmer

Consulting Editors: Ian Whalley, Nick FitzGerald, Richard Ford, Edward Wilding



It is time for defenders to go on the offence

‘Challenge [defenders] to take a penetration testing or exploit development class.' Andreas Lindh

Andreas Lindh - ISecure, Sweden


Law minister is former spammer

Indian government minister has a history of spamming, according to researcher.

Helen Martin - Virus Bulletin, UK

Cash for hacks

Hackers stand to gain from bug bounties and contests.

Helen Martin - Virus Bulletin, UK

Malware analyses

Getting one's hands dirty

Cross-platform execution is one of the promises of Java - but cross-platform infection is probably not what the designers had in mind. Nevertheless, it was clearly in the mind of the author of W32/Java.Grimy, a virus for the Windows platform, which infects Java class files. Peter Ferrie has the details.

Peter Ferrie - Microsoft, USA

Salted algorithm - part 2

Sality has been around for many years, yet it is still one of today’s most prevalent pieces of malware. Last month, Raul Alvarez described Sality’s algorithm, showing the strengths of its encryption, how it uses the stack as temporary memory for code manipulation, and some of its system configuration manipulation. In this follow up article, he continues to discuss some of the threads spawned by Sality.

Raul Alvarez - Fortinet, Canada

Inside W32.Xpaj.B’S infection – part 2

Xpaj.B is one of the most complex and sophisticated file infectors in the world. It is difficult to detect, disinfect and analyse. Liang Yuan provides a deep analysis of its infection.

Liang Yuan - Symantec, China


Needle in a haystack

Sometimes what looks like a genuine MP3 encoder library, and even works as a functional encoder, actually hides malicious code deep amongst a pile of clean code. Gabor Szappanos reveals the lengths to which one piece of malware goes to hide its tracks.

Gabor Szappanos - Sophos, Hungary

Book reviews

Don't forget to write

Industry veteran, prolific writer and educator David Harley reviews two recently published eBooks that aim to provide security guidance for consumers: Improve Your Security by Sorin Mustaca, and One Parent to Another by Tony Anscombe.

David Harley - ESET, UK


Greetz from academe: Full frontal

In the latest of his ‘Greetz from Academe’ series, highlighting some of the work going on in academic circles, John Aycock looks at a piece of research that reveals an anti-virus design vulnerability that leaves several of the major anti-virus products open to attack.

John Aycock - University of Calgary, Canada

Comparative review

VB100 comparative review on Ubuntu Server 12.04LTS

For the first time in living memory, this test saw a clean sweep of certification passes, with all products reaching the required standard for a VB100 badge, and most also doing well in terms of stability. John Hawes has all the details.

John Hawes - Virus Bulletin


Anti-malware industry events

Must-attend events in the anti-malware industry - dates, locations and further details.


Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.