SEARCH RESULTS
 
Showing 1-10 of 37 records
 
Expand article

Blackhat SEO Redirects to Malware and Rogue Software

The Article has images
2008-06-05 07:59:47 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Win32/Tibs.gen!lds File size: 119296 bytes MD5...: dc5538af557cb4c311cb86d6574400ba SHA1..: 5cf1602db8c4fdd3c5ac5101e5a6c5daa77f5ff1 Scanners Result: 6/32 (18.75 Trojan-Downloader.Win32.FraudLoad.axa; Trojan.Dldr.FraudLoad.axa File size: 60416 bytes MD5...: 14938bfe35128687e05f7f8ccbd29c7d SHA1..:...
 
Tags: sites, profile sites, multimedia sites, codec sites, zlob variants, zlob, zlob malware variants, rogue codec sites, domains
 
 
 
 
Expand article

Holiday Storm Part 3

2007-12-26 23:43:00 by Russ McRee in HolisticInfoSec.org
 
...Win32:Zhelatin-ASX AVG - Dropper.Generic.TLF BitDefender - DeepScan:Generic.Malware.FMH@mmign.55A134E9 ClamAV - Trojan.Zhelatin DrWeb - Trojan.Spambot.2387 Fortinet - W32/Tibs.G@mm F-Prot - W32/StormWorm.R F-Secure - Email-Worm.Win32.Zhelatin.pl Ikarus - Virus.Win32.Zhelatin.ASX Kaspersky - Email-Worm.Win32.Zhelatin.pl Microsoft -...
 
Tags: kernel31 api log, log, api, zhelatin-asx, sys, asx, rootkit, helios rootkit detector, zhelatin
 
 
 
 
Expand article

Storm keeps coming (4th variant)

2007-12-27 10:43:00 by Russ McRee in HolisticInfoSec.org
 
...Win32:Zhelatin-ASX AVG - Dropper.Generic.TLX BitDefender - Trojan.Peed.IRG ClamAV - Trojan.Peed-66 DrWeb - Trojan.Spambot.2386 Fortinet - W32/Tibs.G@mm F-Prot - W32/Dropper.gen6 F-Secure - Email-Worm.Win32.Zhelatin.pr Kaspersky - Email-Worm.Win32.Zhelatin.pr NOD32v2 - Win32/Nuwar.BA Panda - Suspicious file Prevx1 - Stormy:Worm-All Variants...
 
Tags: trojan, sys, kernel31 api log, api, zhelatin-asx, zhelatin, config, helios rootkit detector, driver file company
 
 
 
 
Expand article

New Years Storm deja vu

2007-12-25 10:36:00 by Russ McRee in HolisticInfoSec.org
 
...Win32/Sintun.AT F-Prot - W32/StormWorm.P F-Secure - Packed.Win32.Tibs.gu Kaspersky - Packed.Win32.Tibs.gu Microsoft - Trojan:Win32/Tibs.gen!ldr Prevx1 - Stormy:Worm-All Variants Symantec - Trojan.Peacomm.D Webwasher-Gateway - Worm.Zhelatin.ob I was further intrigued by the name they chose for the .exe, in particular, disnisa. Appears it was...
 
Tags: trojan, spirits import company, disnisa, suspicious, christmas strip, worm-all variants, worm, exe, suspicious file
 
 
 
 
Expand article

The United Nations Serving Malware

The Article has images
2008-04-23 10:13:00 by HASH0x8b31c98 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Win32/Lineage.WI.dr File size: 24667 bytes MD5...: 4b913be127d648373e511974351ff04e SHA1..: 0ab703c93e3ad7c03d1aae5ea394d7db3b89bfd2 Another internal IFRAME serving exploits is also loading at haoliuliang.net , gg.haoliuliang.net/wmwm/ new.htm where a new piece of malware is served Scanners Result: 26/32 (81.25...
 
Tags: malware, attack, malware attack, anti-malware vendor, media malware gang, htm, nihaorr1, load nihaorr1, attack tactic
 
 
 
 
Expand article

Storm-Bot stripshow analysis

2007-12-23 22:06:00 by Russ McRee in HolisticInfoSec.org
 
...Win32.Zhelatin.pd eTrust-Vet - Win32/Sintun.AT Microsoft - Trojan:Win32/Tibs.gen!ldr Symantec - Trojan.Peacomm.D After a quick time check to Microsoft's time server, this variant switches immediately to very noisy P2P on a variety of ports. In addition to the ISC-recommended HTTP and email blocks for outbound to merrychristmasdude.com, you...
 
Tags: 40d9f1 connect, w32tm config syncfromflags, config, time, quick time check, w32tm config, exe, src78, dst192
 
 
 
 
Expand article

Malware Attack Exploiting Flash Zero Day Vulnerability

The Article has images
2008-05-27 17:33:43 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Win32.Worm.Otwycal.T; a variant of Win32/AutoRun.NAD File size: 25229 bytes MD5...: 6be5a7b11601f8cb06ebba08c063aa09 SHA1..: 95d266e2e04e27a923467f483c23818c38ebe19e The password stealers Scanners result : 19/32 (59.38 Trojan.PWS.OnLineGames.WOM; Win32/TrojanDropper.Agent.NKK File size: 42268 bytes SHA1..:...
 
Tags: flash, malware, macromedia flash content, flash content, sample flash file, adobe flash player, adobe, participation domains, domains
 
 
 
 
Expand article

ImageShack Typosquatted to Serve Malware

The Article has images
2008-06-11 08:47:17 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Win32.SdBot.eiu in this case, the host joins an IRC channel where the botnet masters continue issuing commands for the campaign to spread Scanners Results : 14/32 (43.75 Backdoor.Win32.SdBot.eiu; a variant of Win32/Injector.AV File size: 31040 bytes MD5...: eef33ca4036a5bf709f62098c55fb751 SHA1..: 5e7bdde09c760031c0a29cc0bb2ee2503aff3bf3 ...
 
Tags: imageshack, malware, fake imageshack site, malware authors, real imageshack site, irc channel, channel, botnet masters continue, scanners results
 
 
 
 
Expand article

Malware Serving Exploits Embedded Sites as Usual

The Article has images
2008-01-09 18:04:58 by HASH0x8957398 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Win32.AutoRun.bkx; Win32/Cekar!generic Result: 27/31 (87.10 File size : 19501 bytes MD5 : 7b101f7baeae0ebab9ecc06fdb9542dc SHA1 : 36ffa50ce3873fb04c13c80421c205a7760f47ca The binary is using a default set of known executables of anti malware products, and is installing a default debugger injected upon execution of any of these, and is...
 
Tags: htm, load uc147, uc147, loads 8v8, 8v8, load 8v8, iframes, recent realplayer exploit, secondary iframes