While investigating some new malware samples this week, we came across a few interesting files that use a new trick with an undocumented instruction. We had to do a bit of digging around the Intel instructions list to solve this little mystery. While it turned out that the trick itself isn’t effective in complicating debugging […]
The story of the mysterious malware detected by ESET as Win32/Rootkit.Avatar began in February 2013 when some adverts for this rootkit leaked from Russian cybercrime forums (http://pastebin.com/maPY7SS8). This information produced some heated discussions in the malware research community, however a sample of the Avatar rootkit was not found and published, until now. In this blog […]
It’s quite common for bootkit malware to modify the Master Boot Record (MBR), Volume Boot Record (VBR) and even BIOS but we were unaware of anything more innovative.Last week however, we found a new bootkit sample in China, which appeared to be a bit different from other bootkits. It behaved abnormally in its MBR’s 512 […]
Latest Comments