The corporate environment is more complicated than home one. There are a number of file servers and many tens to thousands client computers. An antivirus is usually installed on all those machines. In most cases it detects the malware that attacks a company, however there could be cases when malware outsmarts the antivirus , then […]
I recently obtained a PoisonIvy sample which uses a legitimate application in an effort to stay under the radar.In this case, the PoisonIvy variant detected as BKDR_POISON.BTA (named as newdev.dll) took advantage of a technique known as a DLL preloading attack (aka binary planting) instead of exploiting previously known techniques. The malware was located in […]
The Win32/DomaIQ is an adware bundled with legitimate software.Recently discovered one was bundled with Flash Player and .NET Framework.When installing, the bundle allows to uncheck unwanted components, but this actually has no effect. Uninstalling the DomaIQ using Windows uninstall is difficult and not always successful.The file is Nullsoft installer that installs following files: %TempDir%\D??\FLASHPLAYER_???\CONFIG.DLL […]
Latest Comments