Win32/Quervar (a.k.a Dorifel, XDocCrypt) is a virus family that has been in the news recently, especially in the Netherlands. It has been reported to be causing havoc on computers of several notable Dutch institutions. In our analysis, we provide additional technical details about the workings of the virus and compare it to another virus, the […]
It’s quite common for bootkit malware to modify the Master Boot Record (MBR), Volume Boot Record (VBR) and even BIOS but we were unaware of anything more innovative.Last week however, we found a new bootkit sample in China, which appeared to be a bit different from other bootkits. It behaved abnormally in its MBR’s 512 […]
In previous post, my colleague talked about new way to inject virus codes into other normal processes in order to bypass firewall’s detection. During the continuous research of ZeroAccess, we found there’re some improvements for this series of anti-detection and anti-debug methods. And what’s most interesting is ZeroAccess seems to really like lsass.exe. It often […]
Latest Comments