During the last couple of weeks I’ve come across three malware samples packed using compiled AutoIt scripts, so I decided to explore the connection between AutoIt and the malware world. I took the latest 50 samples marked as AutoIt that were submitted to the free scanning site VirusTotal.Here are the statistics: 11 wrongly classified as malware. Four […]
In previous post, my colleague talked about new way to inject virus codes into other normal processes in order to bypass firewall’s detection. During the continuous research of ZeroAccess, we found there’re some improvements for this series of anti-detection and anti-debug methods. And what’s most interesting is ZeroAccess seems to really like lsass.exe. It often […]
Injecting code to system process is common way malware use to avoid being detected by antivirus engine, but now we found a brand new way of such injection. According to the samples we received, they are based on command lines, so we guess this way still remain in demo stage, but we think it may […]
Latest Comments