Sometimes we encounter childish messages from the authors in the body of malware. A variant of the TDSS family we got recently is even going a step further by offering a convenient location for a malware signature. The samples include the message “Put your signature here”, which is shown when run inside a debugger.

While in many cases signatures could be still useful for detection, Avira prefer to use other technologies which are more generic and proactive. This is especially the case with malware families like TDSS/Alureon, whose authors continuously adapt their creations so they are able to work around even proactive detection in a short time. This variant is detected as TR/Crypt.XPACK.Gen3.