SEARCH RESULTS
 
Showing 1-6 of 6 records
1
 
Expand article

Holiday Storm Part 3

2007-12-26 23:43:00 by Russ McRee in HolisticInfoSec.org
 
...Zhelatin-ASX AVG - Dropper.Generic.TLF BitDefender - DeepScan:Generic.Malware.FMH@mmign.55A134E9 ClamAV - Trojan.Zhelatin DrWeb - Trojan.Spambot.2387 Fortinet - W32/Tibs.G@mm F-Prot - W32/StormWorm.R F-Secure - Email-Worm.Win32.Zhelatin.pl Ikarus - Virus.Win32.Zhelatin.ASX Kaspersky - Email-Worm.Win32.Zhelatin.pl Microsoft -...
 
Tags: kernel31 api log, log, api, zhelatin-asx, sys, asx, rootkit, helios rootkit detector, zhelatin
 
 
 
 
Expand article

Storm keeps coming (4th variant)

2007-12-27 10:43:00 by Russ McRee in HolisticInfoSec.org
 
...Zhelatin-ASX AVG - Dropper.Generic.TLX BitDefender - Trojan.Peed.IRG ClamAV - Trojan.Peed-66 DrWeb - Trojan.Spambot.2386 Fortinet - W32/Tibs.G@mm F-Prot - W32/Dropper.gen6 F-Secure - Email-Worm.Win32.Zhelatin.pr Kaspersky - Email-Worm.Win32.Zhelatin.pr NOD32v2 - Win32/Nuwar.BA Panda - Suspicious file Prevx1 - Stormy:Worm-All Variants Sophos -...
 
Tags: trojan, sys, kernel31 api log, api, zhelatin-asx, zhelatin, config, helios rootkit detector, driver file company
 
 
 
 
Expand article

New Years Storm deja vu

2007-12-25 10:36:00 by Russ McRee in HolisticInfoSec.org
 
...Zhelatin.ob Authentium - W32/StormWorm.P BitDefender - Trojan.Peed.IRE CAT-QuickHeal - (Suspicious) - DNAScan DrWeb - Trojan.Packed.263 eSafe - Suspicious File eTrust-Vet - Win32/Sintun.AT F-Prot - W32/StormWorm.P F-Secure - Packed.Win32.Tibs.gu Kaspersky - Packed.Win32.Tibs.gu Microsoft - Trojan:Win32/Tibs.gen!ldr Prevx1 - Stormy:Worm-All...
 
Tags: trojan, spirits import company, disnisa, suspicious, christmas strip, worm-all variants, worm, exe, suspicious file
 
 
 
 
Expand article

BlackEnergy DDoS Bot Web Based C&Cs

The Article has images
2008-02-12 18:46:35 by HASH0x8b1c6c4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Zhelatin . A clear indication of a botnet in its startup phrase is also the fact that all the malware binaries that you see in the attached screenshot use one of these hosts as both the C&C and the main binary update/download location
 
Tags: ddos, bot, blackenergy ddos bot, blackenergy, ddos extortion, ddos attacks, traditional irc bot, irc, botnet master
 
 
 
 
Expand article

Storm-Bot stripshow analysis

2007-12-23 22:06:00 by Russ McRee in HolisticInfoSec.org
 
...Zhelatin.pd eTrust-Vet - Win32/Sintun.AT Microsoft - Trojan:Win32/Tibs.gen!ldr Symantec - Trojan.Peacomm.D After a quick time check to Microsoft's time server, this variant switches immediately to very noisy P2P on a variety of ports. In addition to the ISC-recommended HTTP and email blocks for outbound to merrychristmasdude.com, you have to...
 
Tags: 40d9f1 connect, w32tm config syncfromflags, config, time, quick time check, w32tm config, exe, src78, dst192
 
 
 
 
Expand article

The Template-ization of Malware Serving Sites

The Article has images
2008-07-10 16:59:13 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Zhelatin.zb Getting back to the TonsOfPorn ActiveX , it's structure is more static than a Red Army statue in Estonia, making it easy to proactively protect against, no matter the domain, no matter the exploits served. It's detection rate is close to the javascript from the SQL injection attacks - Scanners Result: 9/33 (27.28%) and is...
 
Tags: malicious domains remain, malicious domains, tonsofporn activex remains, tonsofporn activex, domains, generic detection approaches, generic detection, activex, fake activex
 
 
 
 
 
Showing 1-6 of 6 records
1
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia