Flame is different in the sense that it is big in file size and complexity and it has many different possibilities, but none of the possibilities are overwhelming revolutionary or new: we have seen all these functions before. Furthermore, it is very difficult to determine how many computers have been infected and still are infected. […]
Nowadays as more and more people are aware of malware infections, untrusted executable file is less likely to be executed by the user. Except when the executable is trusted, signed by a known company, or from a well-known software vendor for example. But even when the executable file is signed it might not be safe […]
While analyzing the components of Duqu, we discovered an interesting anomaly in the main component that is responsible for its business logics, the Payload DLL. We would like to share our findings and ask for help identifying the code. Code layout At first glance, the Payload DLL looks like a regular Windows PE DLL file […]
Latest Comments