MORE ENTRIES
- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
Security Adviser | Roger A. Grimes »
Virus installs and uses Kaspersky AV engine to protect itself, plus more
RATE THIS ARTICLE:
October 21, 2006 | Comments: (0)
Virus installs and uses Kaspersky AV engine to protect itself, plus more
Interesting example of an advanced spambot.
Joe Stewart at SecureWorks analyzed and reported on a spambot that uses Kaspersky antivirus to protect itself. Not only that, but it also:
-Command and control bot with multiple server ports
-Uses AES encryption to protect itself.
-Adds random pixels to the end of the spam gif it uses to fool anti-spam software looking for static images.
-Very modular
-Uses a custom, binary, P2P network.
Thanks to my friend Steve from SecurityAppraisers for the hint.
Posted by Roger Grimes on October 21, 2006 12:27 PM
RATE THIS ARTICLE:
-
- COMMENTS
