MRA Consultants has been trading for over 20 years, during this time I have built up a reputation for service, reliability and value for money. A small sample of local business I serve include  Maryport Bodyworks Centre, ABI Motor body Repairs, Taylors Joinery And Plastics, West Cumbria domestic Violence, Distington Community Centre, Macs Removals Ltd .Engineering Pipework Services Ltd, Distington club for young people, Ewanrigg Community Centre, CMS, Robin Dargavel Ltd, Lake District Coast Aquarium as well as countless numbers of individuals. Over 99% of my business comes from referrals. I was the first in the area to pioneer no fix no fee and no call out charges.

Virus Bulletin news

Call for last-minute papers for VB2014 announced

Seven speaking slots waiting to be filled with presentations on 'hot' security topics.

Earlier this year, we announced the programme for VB2014: three days filled with excellent papers on a wide range of security topics.

last minute programme

Well, not entirely. As usual, one small part of the programme has been set aside for last-minute papers: presentations dealing with up-to-the-minute specialist topics, with the emphasis on current and emerging ('hot') topics.

Of course, many presentations already on the programme remain or have become 'hot'. Two presentations on malware targeting *nix servers tie in seamlessly with the 'Mayhem' analysis we published last week, while malware targeting 'boletos' - banking documents issued by banks and businesses in Brazil - made the news long after a presentation on the subject had been added to the conference programme.

Read more (3 paragraphs)

Paper: Mayhem - a hidden threat for *nix web servers

New kind of malware has the functions of a traditional Windows bot, but can act under restricted privileges in the system.

One of the main trends in malware in recent years is a sudden focus on malware targeting Linux and Unix (web) servers. By targeting these servers, malware authors not only make user of far better network connections and more powerful servers than the average Windows PC has, the servers are also less likely to be updated on a regular basis and they are less likely to run security software.

Earlier this year, we published an article by four researchers from Yandex in Russia on the 'Effusion' malware, that targeted servers running Nginx and only last week researchers from Kaspersky wrote a blog about 'Mayday', a DDoS trojan targeting Linux servers.

Today, we publish a paper by three of the aforementioned Yandex researchers (Andrew Kovalev, Konstantin Otrashkevich and Evgeny Sidorov) in which they analyse 'Mayhem', a new kind of malware that runs on *nix servers and is able to gain maximum benefits, even when running under restricted privileges on the target system.

Read more (5 paragraphs)

Google's Project Zero to hunt for zero-days

Bugs to be reported to the vendor only, and to become public once patched.

Google has created a new team, called Project Zero, whose task is to find vulnerabilities in any kind of widely used software and to report them to the respective vendor.

Few subjects in security are as controversial as the disclosure of zero-day vulnerabilities. Some argue that vulnerabilities should always be reported to the affected vendor, and that a 'bug bounty' is a nice, but not mandatory extra. Others say that without a bug bounty rewarding the researchers for their work, they shouldn't report it - and even if there is a reward, the bug should only be reported if the bounty is deemed reasonable.

Indeed, bug bounties aren't the only way researchers can monetize the vulnerabilities they find: there are various entities that will gladly pay for such vulnerabilities, some of which aren't always seen to have the best interests of the average Internet user at heart. This has led to calls to regulate the sale of zero-days, and in response, strongly voiced opinions that such regulation would be a bad idea, and would violate the researchers' right to free speech.

None of the vulnerabilities found by Google will be reported to third-parties, though: only the affected vendor will be notified, and will be given time to patch. Once the bug has been made public (which, Google says, will typically happen "once a patch is available"), it will be added to a public database. This allows anyone to monitor the time it takes vendors to fix vulnerabilities.

Read more (1 paragraph)

Paper: API-EPO

Raul Alvarez studies the unique EPO methodology used by the W32/Daum file infector.

A few months ago, we published an article by Fortinet's Raul Alvarez on the Expiro file infector, which uses an EPO (entry-point obscuring) technique in an attempt to avoid heuristic detection.

In EPO, a file infector doesn't simply change the entry point of the infected executable - which is something that would be easy to detect. Rather, the malware 'patches', as it were, the executable to add a malicious component.

Today, we publish another paper by Raul Alvarez in which he looks at the W32/Daum file infector. Daum, which some AV vendors refer to as Lafee, is an old and relatively simple file infector. However, its unique EPO technique, in which all API calls are changed, makes it worth studying.

Read more (1 paragraph)

Paper: Not old enough to be forgotten: the new chic of Visual Basic 6

Marion Marschalek looks at two Miuref binaries: one packed with Visual Basic 6 and one with C++.

Two months ago, Microsoft announced it had added 'Miuref' to its Malicious Software Removal Tool. First discovered in December 2013, Miuref is a click-fraud trojan that silently makes a browser 'click' advertisements that are controlled by those running the malware.

As cybercrime goes, click-fraud is a relatively low-level kind of crime. That doesn't mean it's something we shouldn't worry about though. Nor does it mean that those running the malware don't go to great lengths to prevent their malicious applications from being detected or analysed.

Today, we publish a paper by Marion Marschalek, a researcher at Cyphort, in which she analyses two Miuref binaries that were spread via the Fiesta exploit kit through the website of a popular men's lifestyle magazine. One binary was packed using a Visual Basic 6 packer, while the other one was compiled using C++. In the paper, Marion not only takes apart both samples, she also shares her excitement and frustration in doing so, making it an interesting read for anyone involved in malware analysis.

Read more (1 paragraph)

Telephone 01900516363
Visitors to this page : 6,127

Digital Solutions  for Cumbria

 

 

Mobile 07944982166