Get live, hands-on malware analysis training from anywhere, and become a Certified Reverse Engineering Analyst. We are going to start first by taking a look at the Rootkit dropper. In other words, it is the module responsible for loading (dropping) the rootkit. In the case of Avatar, all the "loading" is done in memory. Hence, extra work is needed on the part of the dropper to load DLL modules and
Article written by David Sánchez Lavado This post explains how to analyze the malicious code used in current Exploit Kits. There are many ways to analyze this type of code, and you can find tools that do most of the job automatically. However, as researchers who like to understand how things work, we are going to analyze it with no other tools than a text editor and a Web browser. My goal is to la
In search of things to do this night, i've looked into how data's was recevied and decoded when SpyEye call the 'gate' Finaly i've removed the useless shit for keep this: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; char
This is a new exploit pack that is being offered for free. It also goes by the name, “Pay0C Pack”. The author seemed to have combined exploits and content from various other exploit packs. Here’s a list of the exploits said to be included: * Sun Java Calendar Deserialization Exploit * Sun Java JRE * Java RMIConnectionImpl Deserialization Privilege Escalation Exploit * Sun Java JRE AWT SetDiff ICM
A few days ago, I blogged about a PHP/JS malware targeting the osCommerce platform, which used an interesting new technique to obfuscate the malicious code. It so happens, that today I came across even more advanced sample of a PHP infector, also in the context of a vulnerable e-commerce solution. When I came to work today, my colleague from our Polish office asked me to help him with finding malw
VIRUS BULLETIN www.virusbtn.com 4 FEBRUARY 2011 $$$_+$$+$$__+_$+$$_$+$$$_+$$_$ Peter Ferrie Microsoft, USA Imagine a JavaScript encoding method that produces files that contain no alphanumeric characters, only symbols such as ‘$’, ‘_’, and ‘+’. It would be difficult to imagine how it could possibly work, but unfortunately one such encoder exists. It is called ‘JJEncode’. A demonstration version is
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く