Virus Information News

 Title   Date   Author   Host 

Complex - PDF hides Malware inside XFA which is inside PNG - not an image
April 6, 2011

We recently received an email supposedly from Puremobile - a supplier of unlocked cellphones. The "order confirmation" included a PDF file as shown below.

Our initial analysis of the file found no Javascript. No JavaScript? This was unexpected since most PDF malware includes JavaScript. The only strange stream data that could possibly hide the exploit was the embedded PNG encoded data. PNG is usually used for image encoding - normally the decoding process would reveal an image - but not in this case. We used a decompression tool to decode the PNG data and found an XFA form.

Advice after the Epsilon breach
by calling us at the toll-free number available on our web site
April 5, 2011

Should I feel left out? I didn't receive an apology letter from my bank, broker or grocery store this week.

In case you are wondering what they should be apologizing about - besides the weak dollar or the price of tomatoes - the online marketer Epsilon was breached this week by hackers, and reports say that millions of US customers' email addresses and names were exposed (as well as the name "Epsilon" which was previously unknown to most consumers).

UPS malware now sent via DHL!
March 31, 2011

For the 3rd day running we are seeing vast quantities of email-attached malware.

Today the spoofed sender was DHL with subjects like "DHL Express Service". The emails included standard test such as...

Huge amounts of UPS and Facebook malware attachments
March 30, 2011

Virus distributors have steadily decreased their usage of email as a means of malware distribution.

The more popular methods nowadays include the use of drive-by downloads as well as "voluntary" downloads of "shockwave updaters" and "movie codec files". But the last day or so has seen very high levels of emails with attached malware. At one point these accounted for over 30% of all email received.

iPad 2 affiliate marketing scams and incompetent spammers
March 29, 2011

It's so hard to find good help these days.

Even in the world of spam you just have to do everything yourself or else take a risk that some inattentive subordinate is going to mess up. Like this Apple iPad 2 marketing scam campaign which should have the recipient name neatly filled in...

An un-epiphany (how to use a GPU to speed up ClamAV)
March 17, 2011

I have always been amused at people talking about the death of the antivirus industry. It has supposedly been dying for decades and it is still around and growing.

What amuses me even more is how people can sound so knowledgeable about how antivirus works and why it is doomed to fail. What is especially amusing is precisely how they get all their facts wrong. I was busy reading about GPU (Graphics Processing Unit) based super-computers and its uses when I came across an interesting paper on how to use a GPU to speed up antivirus software. So I read it and had my un-epiphany.

Has the reported disruption of Rustock affected spam levels?
March 17, 2011

Numerous reports have been circulating about the sudden demise of the Rustock botnet.

If Rustock has been taken down there are several possible explanations for the generally stable spam levels shown above...

How PDF files hide malware - Example - PDF scan from Xerox
February 9, 2011

The body of the email says that the PDF attachment comes from a "Xerox WorkCentre Pro", a very popular copier machine widely used in offices.

We assume that this type of email and the "innocent" looking PDF attachment would convince most office recipients to open the attachment and thus install new malware on their systems. Commtouch's Command Antivirus detects this malicious PDF as PDF/Expl.IQ. Recipients who actually open the file will see nothing - there is no text or image content displayed.

Analysis of an attack targeting Bank of America customers
February 7, 2011

The attack begins with a message that comes from a spoofed "Bank of America" sender (such as:, or

The attached file, BillingVerification.exe, is a self-extracting archive which contains and automatically loads an html page in the recipient's browser. The file saved on the local drive is:

Malware spread via Facebook Chat
January 27, 2011

Facebook chat messages containing malicious links are being sent from compromised Facebook accounts. The messages are typically sent to all of the compromised user's friends.

The Facebook chat messages include text such as "hahahah foto" and the phony Facebook application pages are also photo-related such as "cytepic" and "artephotos".


Help keep this page up-to-date. Submit a Virus Information News link for inclusion on this page.

Shawn K. Hall © 2003-2022 Powered by 12 Point Design
Professional Web Hosting and Design Services: 12 Point DesignAt Summit Chiropractic our mission is to improve your quality of life - We know that health is much more than just not feeling painReliable Answers - developer information, current news, human interest and legislative newsLocal Homeschool provides the most up-to-date support group listings in a geographical and searchable indexTwain Harte, CA - The closest you can get to Heaven on EarthSaferPC dispels security misunderstandings and provides you with a solid understanding of viruses and computer security

AddThis Social Bookmark Button