ThreatExpert Blog

Trojan.Hydraq Exposed

January 14, 2010. The post describes functionality (static analysis) of the trojan that was reported in the recent targeted attacks against some large companies.Trojan.Hydraq trojan is a DLL that runs as a service within the context of the system process svchost.exe.In order to be executed within the process svchost.exe at the system startup, the trojan employs no injection techniques - this is achieved with the

ThreatFire Research Blog

Bredolab UPS_Invoice Blast

January 12, 2010. Over the past 16 hours, we’ve seen a sharp spike in the number of UPS_Invoice themed malware being run and prevented on systems. We’ve seen this invoice scheme many times before, but to many computer users, the scam still is not familiar. The files often are delivered as .zip attachments, containing a malicious Bredolab downloader [...]

ThreatFire Research Blog

2010 and a Fresh Study

January 5, 2010. There is an infinite number of ways to calculate 2010, here is a fairly fun list of some of them. The past year showed massive numbers of malware being run on systems across the globe. Behind the malware was an active malware marketplace, often with forums full of services for hire, advice on distributing and maintaining [...]

ThreatFire Research Blog

Past the Second Half of 2009

January 1, 2010. Just before we pop corks at the arrival of 2010 and the passing of 2009, let’s take a quick look at the second half of 2009. Across the U.S. the ThreatFire community saw huge numbers of FakeAv variants disappointingly being run on systems, the Vundo ad-popping trojan appearing all over desktops, and Koobface worming its way [...]

ThreatFire Research Blog

Black Coal for Koobface this Season

December 29, 2009. Malware often just isn’t pleased to be running on ThreatFire protected systems. To gather data for the intelligence built into ThreatFire and BehaviorGuard for evaluating system events (which proves to be the best at blocking malware), ThreatFire blends into the Windows system itself. Some of the changes it makes may be unappealing to malware, although [...]