Custom Search

Major shift in strategy for ZeroAccess rootkit malware, as it shifts to user-mode

SophosLabs has been monitoring a new strain of the infamous ZeroAccess rootkit that has been hitting the internet over the last few weeks.

ZeroAccess is a sophisticated kernel-mode rootkit that enslaves victim PCs, adding them to a peer-to-peer botnet from which they receive commands to download other malware. The rootkit has undergone several revisions since its …

W32.Xpaj.B is a File Infector with a Vengeance

We have recently come across a new wave of W32.Xpaj.B samples. We first met this complex file infector virus in 2009, and since then the threat has been operating and mounting an ad-clicking scam in order to generate revenue.

After a few months of rest, the threat seems to be back.  

Figure 1. …

64-Bit System Driver Infected and Signed After UAC Bypassed

What was just a theory not so long ago is now being used in-the-wild by threats such as Backdoor.Hackersdoor and its newer variant Backdoor.Conpee.

Back in December we analyzed tdpipe.sys, an infected 64-bit Windows 7 system driver. The infection consisted of an extra import added to the driver’s import table:

The import named DiscPart …

Threat from 16bit executable

Malware writers have got a new way to keep their babies safe. Recently we found a malware in 16bit NE file format and it runs smoothly in modern 32/64bit OS without detection even by the HIPS.

 

Detections

As far as we know, the sample has been in public view for 4 days(since 2012.1.16). But …

LoadDLLViaAppInit 64-bit

Many of my security tools are DLLs. If you want to use these tools inside a 64-bit process, you’re stuck, because you can’t use 32-bit DLLs inside a 64-bit process (and vice versa).

LoadDLLViaAppInit is a tool I released to load DLLs inside selected processes. If you want to use this 32-bit version of LoadDLLViaAppInit on …

TaskManager Runs on 64-bit Excel

I’m releasing a new version of TaskManager.xls that runs on Excel 2010 64-bit too. The previous version ran on 64-bit Windows, provided you used Excel 32-bit. But this new version runs on both implementations of Excel.

TaskManager_V0_1_0.zip (https)MD5: 5ED2AB6036CA94FAC7DEE5352718D07CSHA256: EBCF4832C4DBAB0AFE778E19423EBB56CA4644DA1FDB5B2EB1BB4C27A26DB18C

Embarcadero Finally Release Delphi 64-bit

Delphi XE2 - Embarcadero

Delphi is a cross platform IDE (integrated development environment) used to create user applications, which are compatible with number of platforms such as Microsoft Windows and Apple Macintosh. Delphi was originally designed by Borland but it is now operated by Embarcadero.

Features

The company released a new version of Delphi XE2 and it is also …

Fake anti-viruses for MAC, new 64-bit rootkits, and other “surprises” of May

The emergence of the fake anti-virus best known as MacDefender may be considered the most important cyber-threat event in May. While fake anti-viruses for Windows have become commonplace, counterfeit anti-malware for Mac OS X is still a novelty, especially when on the scale of an epidemic. Yet the discovery of rootkits targeting 64-bit Windows systems …