If you’ve performed malware research, you’ve likely observed samples that are very similar in functionality, yet have different hashes, file sizes, etc.
When looking at the same malware at the assembly level, you might have noticed the “differing” malware may have functions and strings that are exactly the same.
Given enough analysis time, researchers can attribute samples to certain malware families. However, in-depth analysis methods (such as reverse engineering) can be a lengthy process, and that’s why tools are developed to streamline the analysis process and assist researchers in rapid identification when possible.
Even still, many of these tools have their own flaws; for example, some malware can bypass a sandbox altogether.
Fortunately, there are other tools we can fine tune to assist researchers in quick and easy identification of malware. One of these tools is known as YARA.
Just last month, antivirus companies discovered a new ransomware known as Cryptolocker.
This ransomware is particularly nasty because infected users are in danger of losing their personal files forever.
Reports are surfacing that antivirus companies AVG and Avira have had their websites hacked, along with the website for WhatsApp messenger.
At the time of this writing it seems that only AVG has recovered.
The group responsible for the alleged defacement is a Palestinian hacker group known as “KDMS” team.
U.S. Federal authorities arrested Ross William Ulbricht–the alleged leader behind the Silk Road criminal marketplace–in San Francisco yesterday, reported multiple news outlets.
Authorities have also seized the Silk Road domain, which is estimated to have done $1.2 billion in illegal sales.
Microsoft disclosed information on a new Internet Explorer zero-day vulnerability yesterday in a security advisory.
Dubbed CVE-2013-3893, the vulnerability exists in SetMouseCapture within mshtml.dll, part of Internet Explorer 6 through 11.
Fortunately, Microsoft released a “Fix it” workaround that will patch mshtml.dll and remove the vulnerability. Internet Explorer users should apply the Fix It immediately.