Category: av

  • Detecting the Metasploit encryptors in one hour and 49 lines of Python

    I’ve seen a lot of blogpostings lately which proclaim that Metasploit payloads encrypted with one of the available encryptors and written into an executable file are somewhat “magically” capable of bypassing AV software (these posts usually contain a couple of VirusTotal links to demonstrate the point). The main scenario considered (from what I gather) is…

  • Review: Viruses Revealed

    This book should be a must read for anyone thinking about malware and anti-malware (including – or especially – all the people in the media!). It is a hype-free, no-nonsense book, which doesn’t shy away from writing the truth. I found out about this book from the (ISC)2 blog, where Robert Slade (one of the…

  • Update to OVScan

    I finally had a little free time to work on the OVscan script. Here are the updates: updated to the latest changes in VirusTotal updated to the latest changes in Jotti added a new scanner site (NoVirusThanks). Unfortunately they currently seem to be down for maintenance disable Virscan.Org, since they are down since a couple…

  • The fox in the henhouse?

    Some time back I ranted about ParetoLogic which was used to be known as the makers of a rogue security product (XoftSpy). Today I can rant once again about them: They’ve published a blogpost insinuating that Firefox 3.5 has a remote code execution vulnerability. I’ve tried to inquire if they notified Mozilla about the issue,…

  • Panda Challenge

    I know that it is kind of short notice, but I too have only found about it recently: the Panda Challenge (from Panda Security). It begins tomorrow (on the 7th of July) at 10 AM GMT+1 and consists of three rounds. Picture taken from Joachim’s photostream with permission.

  • Old habits die hard

    Last year I complained about ParetoLogic being a sponsor for the 2008 Virus Bulleting conference. It seems that my concerns were at least partially justified: as this post from the ESET blog points it out, they are back to using overhyped and inaccurate text in their advertisements, much like the rogue security products. Picture taken…

  • Getting testing right

    Product testing and review is a very important step in convincing people to buy, not to buy a certain product (it is viewed by customers as more credible than marketing aimed directly at them, because the perception is that they are not “bought”, even though vendors pay for many tests!). If the organization / individual…

  • It’s all in the eye of the beholder

    One key aspect of the of the rogue AV/AS/AM products is the fact that they are using scare tactics to sell their "products". However even legitimate products have tendencies to go in this direction, as the two examples below illustrate. The first example is from a Secunia PSI install. Just to clarify my stance on…

  • How does the Panda USB vaccination work?

    I stumbled on the Panda USB and AutoRun Vaccine on the Panda Research blog and it peaked my interest because autorun-based malware is very wide-spread these days and also because I’ve written extensively about the topic. An other reason is that I don’t like black boxes and it is my opinion that all knowledge should…

  • Updated VTUploader – renamed to OVScan

    I updated the the script I originally published for submitting files to VirusTotal and renamed it OVScan (Online Virus Scan). What has changed: Added support for multiple sites Added support for submitting via SSL (if the site supports it) Added support for a per-file timeout Get it while it’s fresh from the source-code repository (to…