Of Spam & Men

To content | To menu | To search

Tag - antivirus

Entries feed - Comments feed

Monday 28 January 2008

Studying Malware Analysis In College

F-secure is about to start a course called "Malware Analysis and Antivirus Technologies" at the Helsinki University of Technology. I really wish we had that kind of classes when I was attending college!

And since F-secure is full of cool people, they provide the slides from the courses that were already done!

On the menu:

  • General introduction of the course [slides]
  • Fighting Online Crime [slides]
  • Windows operating system: Antivirus perspective.
  • Legal aspects of reverse engineering. Reverse engineering I
  • Reverse engineering II
  • Reverse engineering tools hands on classes
  • Mobile malware.
  • Using debuggers to analyze malware
  • Emulators and disassemblers. Behavioral analysis of malware.
  • Reverse engineering III
  • Unpacking and decrypting malware
  • Antivirus engine design.

from F-secure

Saturday 10 March 2007

virus watch: warezov domains

Warezov, Spamthru... Virus used by spammers. They are pretty easy to detect if you can monitor http connections. Indeed more and more viruses will try to fetch data (spam templates or updates) from dedicaded domains. If you can monitor those domains, you can can detect infected computers on your networks.

Continue reading...

Monday 5 February 2007

Online System Security Scanners

Claus Valca posted a long list of online scanners:

  • Primarily virus/trojan related online scanners
  • Single-File Upload Scanners
  • Malware (spyware/adware/etc.) Online Scanners
  • Online "single-file" Multi-Scan Test Websites
  • Software or System Security Vulnerability Scanners
  • Not Quite "Fully-Online" Based Software or System Security Vulnerability Scanners

Continue reading...

Thursday 7 December 2006

Bypassing Virus Scanners Using MIME Encoding Tricks

Hendrick Weimer talks about how you can fool some virus scanners by unvalidating the base64 encoded data by inserting random characters not in the alphabet:

Base64 encoding for MIME is defined in RFC 2045, which lists such an alphabet and clearly states: All line breaks or other characters not found in the alphabet must be ignored by decoding software. So it shouldn't make any difference if we insert some random characters not in the alphabet into a Base64 encoded version of our good old EICAR string, right? Wrong. Some virus scanners will happily pass viruses once they come in an unusual but still RFC-compliant encoding. This is even more astonishing given such attacks have already been discussed before.

Continue reading...