Malicious attackers are constantly on the lookout for new and advanced attacks, which they use to spread malware around the world. There are a vast number of malware samples spreading around the Internet by using different attacks vectors: malware can spread as email attachments, drive-by download attacks, watering hole […]
If you follow security news, I am sure you have heard of SoakSoak malware. It has been in the news for the past few days because it affects more than 100,000+ WordPress websites, and this number may increase. As I am also a WordPress user, I followed the news […]
This technique is used in scenarios where critical information such as Social Security Number (SSN) or Personal Identification Number (PIN) is otherwise not easily available.
Basically, web injects is a technique of injecting unauthorized web content into incoming HTTP response data.
The web page content manipulation is possible through browser […]
Why are malware authors so interested in banking malware? Simply because this is where the money is! Nowadays, banking malware, specifically banking Trojans, are reaching alarming new levels of sophistication. Each day, new names and new variations are constantly being introduced into the wild to thwart detection by antivirus […]
Cycbot is a malware that spreads using instant messaging and removable drives and contains backdoor functionality that allows unauthorized access to an affected computer.
When Cycbot malware is executed, it drops several malicious files in the Appdata folder of the victim machines, and then it tries to contact a malicious […]
Kuluoz is a known botnet which was released mid 2012 and was known by different names such as weelsof, win32, Dofoil, etc. Kuluoz is usually spread by sending suspicious mail to the target user, and later the traffic leaving the network consists of POST requests encoded in a unique […]
In this tutorial we’ll take a look at a Pafish tool, which performs anti debugger/vm/sandbox tricks to detect whether the malware is being executed in a debugger, in a virtual machine or in a sandbox.
Malware analysis today depends on a great deal of factors, but we’re often using a […]
In my previous article, I told the story of the very first worms and viruses. Interestingly, a groundbreaking mathemetician, John von Neumann, and a science fiction novelist, John Brunner, conceptualized them before anyone ever coded them.
We often see this sort of thing in the world of science and technology. […]
The Dirty decrypter is a crypto ransomware; its intention is to encrypt the compromised user’s pictures, documents, videos etc making them unusable. The malware coerces you to pay large sums of money to decrypt any of these files. Failure to pay this sum will cause the malware to destroy […]
These days, malware is an everyday concern, even among ordinary end users. A countless amount of money is lost every year worldwide due to malware, possibly in the hundreds of billions, but it’s difficult to accurately quantify.
The money lost has causes ranging from lost hours of office productivity, to […]
This article is the second part of a series on NSA BIOS Backdoor internals. This part focuses on BULLDOZER, a hardware implant acting as malware dropper and wireless communication “hub” for NSA covert operations. Despite that BULLDOZER is a hardware, I still use the word “malware” when referring to […]
A sequence of data breaches suffered by principal US retailers Target and Neiman Marcus has put Americans on alert. A total of more than a hundred million people may have been a victim of a cyber attacks against POS systems in the stores of the two giants.
The attackers used […]
In the previous article, “Portable Malware Lab for Beginners,” I spoke about nested virtual machines, i.e., deploying a virtual machine with QEMU and Cuckoo. This acts as a base system for our portable malware analysis lab.
However, malware analysis is not limited to execution of a Windows binary; various other […]
Memory forensic is a skill to find out all the artefacts in the memory that is present in the running computer. It is an interesting method to find out what are the running process, open network connections, registry handles, kernel modules etc. It looks rosy when you hear all […]
Malwares are usually packed with custom packers, which make static and dynamic analysis difficult. Some of the static analysis tools do not work on packed samples because packed is not in its real form, also its defeats anti-virus programs which work based on the kind of static signature detection. […]