Articles by Glyn Kennington

Mal/Xpaj-B - how to avoid looking like a virus

Image (1) xpaj-b-jz.png for post 24441

Many midinfecting viruses leave one or more tell-tale signs in their infected files, which can raise suspicion and increase the chances of heuristic detection. These include a writable code section, unusual imports, cross-section jumps and a large block of encrypted Read more…

Style over content - new Mac scareware emerges

Image (1) macswp-b.png for post 21915

Troj/MacSwp-B is a standard piece of scareware, only notable because it is one of the few examples that has been written for Mac OS X. The author has made a little effort with the presentation, to ensure that it looks Read more…

Apocalypse not yet

Default image

The USB worm W32/Zaap-A successfully spreads itself to removable disks, and in some cases to data CDs burned on the infected computer. The writer also intended for it to display the following message if it is run on a specific Read more…

A sandwich virus

Default image

One of the simplest methods of file infection is to put the virus at the start of the file, leaving the host at the end.  A less common way is to put the host first and save the virus at the Read more…

Hidden poetry in the KillAV worm

Image (1) killav-dx.png for post 20992

Today's worm W32/KillAV-DX makes a nuisance of itself in the usual ways - leaving copies all over your hard disk and USB drives, disabling antivirus software and leaving the computer close to unusable - but its payload is a little less formulaic. Read more…