I found a couple of slides from a company internal training session and thought I would share them. It's just to give an example of the kind of work the Lavasoft research team at Malware Labs does.

It describes the binary analysis of a Win32.TrojanDropper.KGen sample, the malware multi-component structure and the payload it implements.


The” average Joe” probably sees the word "virus" as a generic term for all current threats out there in the wild. The reality is much different. There are a lot of categories which must be mentioned in this context.  The word "virus" should not be used as a catchall term for malicious infections. A virus is actually a malicious file which has the ability to infect/add malicious code to other files; we currently see a downward trend of this type of infections.


The 1st of April marked the end of an era - support of the Ad-Aware SE definition file was discontinued.


 

Strasbourg is not only the capital principal city and the capital of the Alsace region in France - it’s also the seat of the European Parliament. Yesterday, March 26, it was the place where the privacy of Internet users and the fundamental freedoms on the Internet was subjected to voting.


If you follow online security news, there’s little chance that you haven’t heard about Conficker – a new worm that has received extensive media coverage in the past weeks, due in part to Microsoft’s offer of a $250,000 bounty in return for information leading to the arrest of the malware’s perpetrators.


Lavasoft Malware Labs recently had a closer look on an IP range full of hoax sites. Reverse IP on 78.129.142.235 will reveal around 200 fraudulent domains which are hosted in United Arab Emirates.  Most of the sites hosted under 78.129.142.235 will use and take advantage of already existing products from the security industry and other popular software. The examples below display their way to make illegal domains look reliable.

hxxp://7zip-2009.info
hxxp://Directx-full.info
hxxp://Icq-full.info
hxxp://Messengerplus-2009.info
hxxp://Safari-full.info
hxxp://Winrar-2009.com
hxxp://Www-kaspersky.info


A U.S. district judge has ordered Google, the Search Engine, to release information about users that use their YouTube service. The major entertainment corporation Viacom won the legal battle against Google, resulting in access for Viacom to information about YouTube users and their "tubing" behavior, i.e. which videos they watch on the YouTube site. The verdict will also give Viacom access to the login-names and IP-addresses of the YouTube users, even though Viacom says that they will not use the information to frame individuals.


The FRA, Swedish National Defense Radio Establishment, that recently was approved to start their extended surveillance activity targeting wire-based Internet traffic and traffic in the mobile networks, may intercept personal e-mails between local Danish vicars and Danish people in their search for a cure of the souls. How is this possible, you ask? The e-mail of the Danish church is handled via servers placed in Sweden, and FRA is allowed to intercept communications as they pass the Swedish border, according to the newly adopted FRA law.