Didier Stevens

Professional

I work for Contraste Europe.

My Microsoft Certified Professional Transcript.
Use Transcript ID 677470 and Access Code didierstevens

Check my CISSP status: click here and type my last name: Stevens

Check my GSSP-C status: click here and look for my name Didier Stevens

Check my RHCT status: click here

View Didier Stevens's profile on LinkedIn

Publications

3 Comments »

  1. Thought this might be of intrest to you, and I didn’t know where else to post this.

    The world’s most sophisticated Trojan uncovered!

    Security experts have discovered new spambot software that installs its own
    anti-virus scanner to eliminate competition, alongside a number of other
    sophisticated features.

    SecureWorks has described the Trojan, which it calls SpamThru, in detail. Others
    vendors have come up with different names for the software. One of the signs of
    its sophistication though is that few anti-virus scanners are aware of it.
    SpamThru is a money-making operation, and the author takes great care to
    make sure that detection by the major vendors is avoided by frequently updating
    the code.

    SpamThru is a Trojan that turns a system into part of a network of bots designed
    to send out spam, a type of operation that’s been around for several years.
    While the Trojan’s network doesn’t seem especially large so far - at a couple of
    thousand of bots - SpamThru shows that criminals are now able to treat spam
    software development just like any other commercial development endeavour,
    Stewart said.
    “The complexity and scope of the project rivals some commercial software,” he
    wrote. “Clearly the spammers have made quite an investment in infrastructure in
    order to maintain their level of income.” The company has come across previous
    Trojans that attempt to switch off other malware, in order to maximise system
    resources, but SpamThru installs a pirated version of Kaspersky AntiVirus for
    WinGate, customised to skip files known to be part of SpamThru itself, naturally.
    It patches the license signature check in-memory in the Kaspersky DLL in order
    to avoid having Kaspersky refuse to run due to an invalid or expired license,”
    Stewart wrote. It uses a custom peer-to-peer protocol to control communication
    with the network, which makes the bot network harder to kill. “Control is still
    maintained by a central server, but in case the control server is shut down, the
    spammer can update the rest of the peers with the location of a new control
    server, as long as he/she controls at least one peer.

    Each client has its own spam engine, creating spam from a template that’s
    transmitted usiung AES encryption to avoid giving access to competing
    spammers, SecureWorks said.

    Comment by cynik — Saturday 28 October 2006 @ 2:38

  2. Help ME! I can’t get rid of this stupid trojan on my computer. I have done a ton of scans using things like Spyhunter and Norton Spyware scan, and I’ve tried using the Add/Remove programs, but I still have the trojan. Throughout my many scans I deleted all the parasites/viruses and none of them came back except one. The trojan virus called Zlob. The virus/trojan causes my default home page to be replaced with this Internet Security, Windows XP vulnerable, caution page. Also I keep getting this pop-up that says my computer has a W32.Myzor.FK@yf virus. I don’t know what else to do. Can you please email me ASAP and give some kind of useful recommendation. Thank you.

    Comment by Nam Tran — Thursday 8 March 2007 @ 1:10

  3. The best thing you can do is post your problem on a high-volume
    malware removal forum, like http://forums.spywareinfo.com/

    Comment by Didier Stevens — Thursday 8 March 2007 @ 7:59

RSS feed for comments on this post. TrackBack URI

Leave a comment

Blog at WordPress.com.