We recently discovered a new breed of the bootkit Rovnix that introduces a private TCP/IP stack. It seems this is becoming a new trend for this type of malware.The implementation of the private stack is based on an open-source TCP/IP project and it can be accessed from both kernel and user modes.It works like this: […]
In previous post, my colleague talked about new way to inject virus codes into other normal processes in order to bypass firewall’s detection. During the continuous research of ZeroAccess, we found there’re some improvements for this series of anti-detection and anti-debug methods. And what’s most interesting is ZeroAccess seems to really like lsass.exe. It often […]
This entry has nothing to do with malware. Just so you know.Some people know that I like the demo scene. I’ve been following it for more than 20 years now, but it’s even older than that. I like the size-optimisation competitions best, and I’ve even participated in a few – most recently, smallest downloader on […]
Latest Comments