Introduction to ClamAV's Low Level Virtual Machine (LLVM)
Users of prior versions of ClamAV may have noticed a drastic increase in the size of the tarball with the introduction of 0.96. This is due to the addition of a bytecode interpreter, and a JIT Low Level Virtual Machine (LLVM). It greatly extends ClamAV detection capabilities by b
Malware on Android? Big deal!
Malware and Google's Android OS are two of my favorite things to play with. You would think that when I heard that there was a Trojan in the wild targeting Android devices, I'd be all over it. Indeed, I was. But I was not happy because I just don't like the sound of &
Quick analysis of a webpage leveraging CVE-2010-1885 (aka the help and support center vulnerability)
In a previous blog post I was writing about an increase in attacks against an at the time, un-patched vulnerability. Microsoft patched it on July 13, which doesn't mean that people aren't still trying to own un-patched machines.goodgirlsbadguys.com (213.155.12.144) is a d
Increase in attacks on CVE-2010-1885
Microsoft is warning that there has been an increase of attacks against a zero-day vulnerability in Microsoft Help and Support Center. The vulnerability is due to an error when using invalid hexadecimal characters in the search topic parameter of a URI. It can be used to bypass r
ClamAV for Windows
Recently, we released the only official Windows-specific version of ClamAV, appropriately called ClamAV for Windows (http://www.clamav.net/lang/en/about/win32/). It is designed to use little memory and processing speed because it uses an advanced cloud-based protection mechanism,
What in the name!...
If you are confused by the naming of ClamAV products, here's a quick breakdown: * ClamAV®: open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Available here. * ClamAV® (Win32 binaries): Win32 port of ClamAV. Availa
The Acrobat JavaScript Blocklist Framework
Adobe recently announced and released the Adobe Reader and Acrobat JavaScript Blocklist Framework. I've had a little bit of time to play with it and would just like to share my thoughts. First of all, I am very pleased with this new blocklisting feature. Until now, when we kn
Help us help you
Remember how you've been hearing for years that cybercriminals would start targeting smartphones "soon"? Well, we've seen 2 iPhone worms this month alone. The first worm is "rickrolling" jailbroken iPhones in Austria Australia. The worm uses a simple h
How does malware know the difference between the virtual world and the real world?
It is no secret that the Information Security industry takes advantage of virtualization software in order to research security threats. VMWare, Sandboxie, Virtual PC, Anubis, CWSandbox, JoeBox, VirtualBox, Parallels, QEMU are just just of few of these virtual machines. The cornu