Avatar Rootkit: Dropper Analysis | Infosec
Get live, hands-on malware analysis training from anywhere, and become a Certified Reverse Engineering Analyst. We are going to start first by taking a look at the Rootkit dropper. In other words, it is the module responsible for loading (dropping) the rootkit. In the case of Avatar, all the "loading" is done in memory. Hence, extra work is needed on the part of the dropper to load DLL modules and
Deobfuscating malicious code layer by layer - Panda Security Mediacenter
Article written by David Sánchez Lavado This post explains how to analyze the malicious code used in current Exploit Kits. There are many ways to analyze this type of code, and you can find tools that do most of the job automatically. However, as researchers who like to understand how things work, we are going to analyze it with no other tools than a text editor and a Web browser. My goal is to la
Decode/Encode data send to the gate (SpyEye 1.3.x)
In search of things to do this night, i've looked into how data's was recevied and decoded when SpyEye call the 'gate' Finaly i've removed the useless shit for keep this: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; char
Sava Exploits Pack | Kahu Security
This is a new exploit pack that is being offered for free. It also goes by the name, “Pay0C Pack”. The author seemed to have combined exploits and content from various other exploit packs. Here’s a list of the exploits said to be included: * Sun Java Calendar Deserialization Exploit * Sun Java JRE * Java RMIConnectionImpl Deserialization Privilege Escalation Exploit * Sun Java JRE AWT SetDiff ICM
Dangerous whitespaces
A few days ago, I blogged about a PHP/JS malware targeting the osCommerce platform, which used an interesting new technique to obfuscate the malicious code. It so happens, that today I came across even more advanced sample of a PHP infector, also in the context of a vulnerable e-commerce solution. When I came to work today, my colleague from our Polish office asked me to help him with finding malw
VB-Feb2011.indd
VIRUS BULLETIN www.virusbtn.com 4 FEBRUARY 2011 $$$_+$$+$$__+_$+$$_$+$$$_+$$_$ Peter Ferrie Microsoft, USA Imagine a JavaScript encoding method that produces files that contain no alphanumeric characters, only symbols such as ‘$’, ‘_’, and ‘+’. It would be difficult to imagine how it could possibly work, but unfortunately one such encoder exists. It is called ‘JJEncode’. A demonstration version is
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Nymaim revisited
[PDF] Portable Document Format Malware - Symantec Security Response
JS - Pastebin.com
Blogs
Best Pack | Kahu Security
Blogs
SpiderLabs Blog
Dead code walking - Microsoft Malware Protection Center - Site Home - TechNet Blogs