I published the following diary on isc.sans.org: “Maxmind.com (Ab)used As Anti-Analysis Technique“.
A long time ago I wrote a diary about malware samples which use online geolocalization services. Such services are used to target only specific victims. If the malware detects that it is executed from a specific area, it just stops. This has been seen in Russian malware’s which did not infect people located in the same area … [Read more]