Yet another worm that infects removable drives was discovered. The Win32/SillyAutorun.FTW was recently found in the wild. The worm is written with Microsoft Visual Studio and uses injection engine – worm’s code overwrites the original code in memory. When it runs on infected machine, it firstcopies itself to %ApplicationData%\E-73473-3674-74335\msnrsmsn.exe; where %ApplicationData% is application data folder […]
Recently, I discovered a back door Trojan horse program that does not work on Microsoft Windows XP. I would like to present some of the details of this threat, especially as the malware author encoded a special trick into the functionality of the Trojan. The trick appears to have been designed to allow the threat […]
While analyzing the components of Duqu, we discovered an interesting anomaly in the main component that is responsible for its business logics, the Payload DLL. We would like to share our findings and ask for help identifying the code. Code layout At first glance, the Payload DLL looks like a regular Windows PE DLL file […]
Latest Comments