Blog
Recent
- October 21, 2013 July 30, 2013
October 21, 2013 10:00

Sweet Orange Exploit Kit was the new king of the hill, until it went away.

Here in the VRT, we keep a pretty close eye on Exploit Kits, their trends, their pattern shifts, and how we can protect our customers against these exploit kits in the real world. Recent headlines from various news agencies stated that the author of the Blackhole and Cool exploi

By Joel Esler
October 8, 2013 16:49

IE Zero Day CVE-2013-3897 -- You've been protected for more than a week.

A little over a week ago the VRT discovered a very interesting bit of javascript on a popular JS unpacker site. Several things immediately piqued our interest in this sample. First of all, we found multiple calls to Math.atan2() with curious parameters: This is a popular techniq

By Brandon Stultz
October 8, 2013 16:49

Microsoft Update Tuesday October 2013: Another IE 0-day release

This month's Microsoft Tuesday Update brings us 8 bulletins for a total of 26 CVEs. Four of these bulletins are marked as critical, while the rest are marked as important. First, let's take a look at the 4 critical bulletins: The most important update this month is a cu

By Yves Younan
October 2, 2013 14:00

Android Basic Block Signatures

Writing ClamAV signatures is a bit of an art. When matching bytes in a file, you need to make a selection that most, if not all of the malicious files will have, and hopefully, no clean files will have. Strings are an easy target. Often there are unique typos or a strange user-ag

By Jonathan Munshaw
September 26, 2013 10:00

Delivering an executable without an executable

By Nick Randolph
September 12, 2013 16:05

Inquiring Minds: Exploratory road trips, malware, and cool tools and services

By Jonathan Munshaw
August 22, 2013 14:11

Bytecode - Covering the Android Vulnerabilities Master Key and Extra Field

This post will walk through our coverage for the Master Key and Extra Field vulnerabilities. Both vulnerabilities allow arbitrary files to be added to signed APKs without breaking the digital signature. ClamAV bytecode signatures allow for flexible coverage when a vulnerability o

By Jonathan Munshaw
August 13, 2013 13:26

Microsoft Update Tuesday August 2013: More font issues, some interesting DoSes

It's a pretty standard month for Update Tuesday this time around. There's a total of 8 bulletins, covering 23 CVE issues. This bulletin addresses the final 2 issues reported during CanSecWest's Pwn2Own. As usual, there's the requisite IE bulletin (MS13-059), whic

By Yves Younan
July 30, 2013 10:47

Android Extra Field Vulnerability Spotted in the Wild

It has been 20 days since the Extra Field vulnerability (also known as Chinese Master Keys) was first reported (translated link) by the Android Security Squad. It has now been spotted in the wild. The linked sample (MD5: C9F4C62521C04B8ADD796A1D5CEE08B0), which will be referred t

By Jonathan Munshaw