SEARCH RESULTS
 
Showing 1-10 of 24 records
 
Expand article

Malware Serving Online Casinos

The Article has images
2007-11-29 16:37:13 by HASH0x8968208 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...obfuscation The first one is poker.gagnantscasino.com (213.186.33.4) with current obfuscation loading statistics-gdf.cn/ad/index.php (116.0.103.133) where another obfuscation loads, deobfuscated attempts to load p423ck.exe (Zlob) at statistics-gdf.cn/ad/load.php , playing around with the host for too long results in zero malicious activity,...
 
Tags: obfuscation, current obfuscation, obfuscation loads, play poker, poker, internal url statistics-gdf, statistics-gdf, average javascript obfuscation, php
 
 
 
 
Expand article

Diminutive XSS Worm Contest Drama and Status Update

2008-01-06 17:34:38 by RSnake in ha.ckers.org web application security lab
 
...obfuscation for filter evasion, which weve already researched to death, payloads, which we have also researched heavily and lastly site specific code, which really is uninteresting to me, unless I were trying to help out that company in particular solve an existing problem. So the goal is to remove those things and focus on the actual XSS...
 
Tags: browser companies, browser, browser security arena, code, people visit, people, worm code, diminutive xss worm, xss worm
 
 
 
 
Expand article

Massive RealPlayer Exploit Embedded Attack

The Article has images
2008-01-07 18:58:52 by HASH0x89c7e1c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...obfuscations, multiple IFRAME redirectors to and from internal pages, and scripts within the domains. Let's assess those that are still active n.uc8010.com/0.js returns " ok ^ ^ " message and loads c.uc8010.com/ip/Cip.aspx (61.188.39.218) which says " Hello ", furthermore, c.uc8010.com/0/w.js loads c.uc8010.com/1.htm ;...
 
Tags: exploit, realplayer exploit, uc8010 domain, domain, uc8010, exact exploit, attack uc8010, malware, malware exploitation kits
 
 
 
 
Expand article

Storm Worm's U.S Invasion of Iran Campaign

The Article has images
2008-07-08 20:07:39 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Obfuscation Storm Worm's Fast Flux Networks Storm Worm's St. Valentine Campaign Storm Worm's DDoS Attitude Riders on the Storm Worm The Storm Worm Malware Back in the Game
 
Tags: storm worm, storm worm malware, storm worm-ers, storm worm domains, iran, campaign, iran occupation, domains, malware
 
 
 
 
Expand article

A Review of Hakin9 IT Security Magazine

The Article has images
2008-05-26 05:12:53 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...obfuscation article, with the practical examples provided. A bit ironic, the issue is also reviewing a commercial source code obfuscator, which just like legitimate anti-piracy tools used by malware authors to make their binaries harder to analyze, can also be abused for malicious purposes Relevance of information The information provided in...
 
Tags: magazine, content, review, hardcode technical content, quality magazine, javascript obfuscation article, article, content quality, issue
 
 
 
 
Expand article

Duke School of Law breach affects 3,200

The Article has images
2007-12-06 11:37:20 by Evan Francen in The Breach Blog
...obfuscation increases the likelihood of increased spam Commentary This has to be one of the best incident disclosure announcements I have ever seen in terms of depth. The explanation of what occurred is clear, Duke's response is clear, and what they plan to do is clear. I am impressed Now, what I am not impressed about is the decision to...
 
Tags: school, duke school, breach, security, comfyllama social security, complete, breach description, complete security scan, security breach
 
 
 
 
Expand article

Diminutive XSS Worm Replication Contest

2008-01-04 16:28:08 by RSnake in ha.ckers.org web application security lab
 
...obfuscation, individual site issues, and the payload itself. Id rather think cleanly about the most efficient method for propagation where every character matters digi7al64 has already posted a sample piece of code, setting the baseline. His code is an impressively small 292 characters. Theres no prize here, however, I will definitely be...
 
Tags: xss worm, propagation, worm propagation issues, code, diminutive, live worm code, xss worm propagation, winners code, diminutive perl contests
 
 
 
 
Expand article

Pushdo - Web Based Malware as Usual

The Article has images
2007-12-19 18:01:44 by HASH0x89b80bc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...obfuscation and complexity to make it hard to assess what does such a URL actually mean The malware to be downloaded by Pushdo depends on the value following the "s-underscore" part of the URL. The Pushdo controller is preloaded with multiple executable files - the one we looked at contained 421 different malware samples ready to be...
 
Tags: malware, web based malware, pushdo, botnet masters circa, botnet masters, nuclear malware kit, botnet, pushdo author, botnet communication platforms
 
 
 
 
Expand article

Have Your Malware In a Timely Fashion

The Article has images
2007-12-15 08:35:11 by HASH0x89f6724 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...obfuscation that's once deobfuscated attempts to load 208.72.168.176/e-notfound1212/load.php Detection rate : Result: 14/32 (43.75 File size: 116244 bytes MD5: 42dacb9f7dd4beeb7a1718a8d843e000 SHA1: d595dd0e4dcf37b69b48b8932dcf08e9f73623d0 Deja vu - 208.72.168.176 is the " New Media Malware Gang " in action, whose ecosystem clearly...
 
Tags: malware, attack, malware attack, malware downloaders, media malware gang, loads, web site, site, php