SEARCH RESULTS
 
Showing 1-10 of 44 records
 
Expand article

Web Based Malware Emphasizes on Anti-Debugging Features

The Article has images
2008-10-07 02:42:00 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Following the ongoing development of a particular web based malware, always comes handy in terms of assessing the commoditization of anti-debugging features within modern malware. With plain simple, "managed binary crypting and firewall bypassing verification" on demand in February, to August's overall anti antivirus software mentality as a key...
 
Tags: malware, web based malware, binary file, binary, simple, plain simple, anti, simple junk data, firewall
 
 
 
 
Expand article

Spreading Malware Around the Christmas Tree

The Article has images
2007-12-24 18:33:57 by HASH0x896b164 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Stormy Wormy is back in the game on the top of Xmas eve, enticing the end users with a special Xmas strip show for those who dare to download the binary. The domain merrychristmasdude.com is logically in a fast-flux, here are some more details Administrative, Technical Contact Contact Name: John A Cortas Contact Organization: John A Cortas...
 
Tags: contact, contact postal code, technical contact, server, contact organization, contact city, contact country, contact street1, contact phone
 
 
 
 
Expand article

BlackEnergy DDoS Bot Web Based C&Cs

The Article has images
2008-02-12 18:46:35 by HASH0x8b1c6c4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Remember the Google Hacking for MPacks, Zunkers and WebAttackers experiment, proving that malicious parties don't even take the basic precautions to camouflage their ongoing migration to the web for the purpose of botnet and malware kits C&Cs ? Let's experiment wi the BlackEnergy DDoS bot , and prove it's the same situation. What's the...
 
Tags: ddos, bot, blackenergy ddos bot, blackenergy, ddos extortion, ddos attacks, traditional irc bot, irc, botnet master
 
 
 
 
Expand article

Crimeware in the Middle - Zeus

The Article has images
2008-04-24 04:37:46 by HASH0x8ae4648 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Virtual greed, or response rate optimization? The idea of converging phishing emails with embedded exploits and banking malware is nothing new, in fact phishers realizing that combining attack approaches can increase the chance of achieving their objective which in this case is either logging the authentication process or hijacking it, often...
 
Tags: zeus, file, remote file, zeus trojan, binary file, file system32 drivers, kit, metaphisher kit, configuration file
 
 
 
 
Expand article

Auditing open source software

2007-10-08 16:13:00 by Panayiotis Mavrommatis in Google Online Security Blog
 
Written by Chris Evans, Security Team Google encourages its employees to contribute back to the open source community, and there is no exception in Google's Security Team. Let's look at some interesting open source vulnerabilities that were located and fixed by members of Google's Security team. It is interesting to classify and aggregate the...
 
Tags: image, malicious image file, libtiff image, values, jpeg image, tiff header values, source, evil tiff file, evil
 
 
 
 
Expand article

Exaggerating Timing Attack Results Via GET Flooding

2007-12-10 04:04:33 by RSnake in ha.ckers.org web application security lab
 
A post by Super-Friez got me thinking of an actual useful application for GET request flooding this evening. Normally we only think of GET requests as a binary thing - one at a time or flooding. But what if we only launched enough GET requests with the intention of impacting server load, not bandwidth latency. So picking the right URL would be...
 
Tags: server load, server, requests, practical applications, time, bandwidth latency, url, times versus, difference
 
 
 
 
Expand article

Have Your Malware In a Timely Fashion

The Article has images
2007-12-15 08:35:11 by HASH0x89f6724 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
Keep your allies close, the human right violators closer. French officials have been receiving lots of criticism by human rights groups regarding Moammar Gadhafi's visit in France, in fact Human Rights Watch issued a press release entitled Al-Qadhafi in France . Despite the logical response in the form of criticism, it's lacking the long-term...
 
Tags: malware, attack, malware attack, malware downloaders, media malware gang, loads, web site, site, php
 
 
 
 
Expand article

Fuzz Testing at Microsoft and the Triage Process

2007-09-20 18:52:00 by sdl in The Security Development Lifecycle
 
Scott Lambert here. I work on the Security Engineering Tools team where we're responsible for researching, developing and publishing tools to internal product and service teams. These include fuzzing, binary analysis and attack surface analysis tools Previously, James Whittaker posted a blog entry on Testing in the SDL in which he mentioned that...
 
Tags: chance exceptions, exceptions, exception handler, exception, divide-by-zero exception, exception code, triage process, process, first-chance exceptions
 
 
 
 
Expand article

Malware Serving Exploits Embedded Sites as Usual

The Article has images
2008-01-09 18:04:58 by HASH0x8957398 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
The combination of the recent RealPlayer exploit and MDAC is a fad, but the very same is getting embraced in the short-term by malicious parties in China that have also started combining the Internet Explorer VML Download and Execute Exploit (MS07-004), thanks to recent localized forum postings on modifying the third exploit. Let's assess...
 
Tags: htm, load uc147, uc147, loads 8v8, 8v8, load 8v8, iframes, recent realplayer exploit, secondary iframes