Facebook malware: How do they work, how to protect yourself against them and what to do if you get infected
Social media’s history precedes the 21th century and ever since then malevolent people have attempted to infiltrate the computers of innocent people using these media in hope of 1) obtaining sensitive information such as bank details and personal information, 2) using the machine as a bridge in major […]
BatchWiper is a very simplistic computer virus, but potentially very dangerous for the availability of the data contained within logical partitions managed by an infected system. It was discovered fairly recently by Iranian CERT and is programmed to erase data on specific dates. As mentioned above, the code is […]
Trojan.Stabuniq was discovered very recently by Symantec.
This type of malware appears to be targeting financial institutions (especially U.S. banks).
Stabuniq is fundamentally an information-stealing Trojan and has already been found in many proxy servers, mail servers, gateway servers, etc. etc. of banking firms and credit unions, in addition to home […]
cmd.exe – Leveraging the command line for windows: malware analysis and forensics. Part I
Abstract : The command prompt for windows is a dark horse of sorts. Long time windows users appreciate it to a certain extent, though linux converts and other OS geeks tend to disregard it, owing to […]
Yara is a tool that helps us identify and classify malware software samples by the use of rules. We can use Yara to classify files or running processes to determine what family the malwares belong to.
To install Yara, we first need to download it and then issue the […]
Windows is the most used operating system worldwide. I have met a lot of IT guys in my country and also other computer elites. My discovery was that 90 percent of them use Windows. I felt maybe that was just in my country, then I decided to contact some […]
Before trying to analyze any kind of malware, we need to have a proper environment set up, so we can be most efficient and collect the most information from the malicious executable without getting ourselves infected. The best thing to do in such cases is have a virtual machine […]
A lot of sniffers, rootkits, botnets, backdoor shells and malwares are still on the wild today, which are used by malicious attackers after successfully pawning a certain server or any live network in order to maintain their access, elevate their access privilege, and spy other users in a network. […]
In the last installment, we examined the PEB Loader Data Structure. We take up the discussion here.
Locate and Isolate the Embedded Decrypted Executable
Once the VAs of the necessary APIs are stored, we are back to the next instruction after the CALL at address 004085CD that we mentioned earlier.
The piece […]
The AV industry is growing every day along with the underground industry that produces all types of malware from simple file infectors to more sophisticated Trojan types that are able to gather and send sensitive information to the bad guys.
The fight between AV companies and malware authors is getting […]
Another excellent publisher has offered up a generous sample of a book we’ve been talking about. This is Chapter 12 from Practical Malware Analysis – The Hands-on Guide to Dissecting Malicious Software. As usual, if you like this, go buy the full book and tell them how much you enjoyed […]
DNS is a naming system which coverts human readable domain names into computer readable IP addresses. Whenever there is a query for a domain which is not in the resolver’s cache, the process happens by traversing through the entire DNS hierarchy from the root servers to the top-level domain […]
I have a pet hate. This is something that really annoys me when I get a new laptop, which if you ask my girlfriend is much too often.
Above is a screenshot of Mantra and FireFox. Notice all of the plugins on the left, in the status bar and in […]
Android’s increasing popularity, combined with the possibility to create alternative markets, makes this platform a fertile ground for malware authors. While most of these applications just exploit the inexperience of the average user that is looking for free software, others are pretty smart and use more sophisticated techniques to […]
Malware comes in different sizes and shapes. Trojans, worms, viruses, downloaders, and others are becoming more common than common cold medicine. These malware are mixed and matched to produce as much damage as possible. Some are originally designed from scratch, and some are recycled from an old malware collection, […]
In this paper we are going to talk about the Anticloud Trojan, also know as the TrojanDropper:Win32/Bohu.A and B variant. This malware originated in China and was designed to target the Cloud-Based Technology of major Chinese AntiVirus Vendors. For this reason, Bohu has also been called AntiCloud Trojan.
This is the first […]
Part One in a multi-part series on holistic, multi-disciplinary analysis and reversing.
This post is based on a presentation I gave at the last Thotcon, but was really prompted by a case from a couple days ago. It’s an interesting example of how the same disciplined methodologies for finding malicious […]
In the two years since the Win32/Olmarik family of malware programs (also known as TDSS, TDL and Alureon) started to evolve, its authors have implemented a notably sophisticated mechanism for bypassing various protective measures and security mechanisms embedded into the operating system.
The fourth version of the TDL rootkit family […]
On a daily basis,we are encountering thousands of new types of malware with unknown content. This malware can come from honeypots, infected websites or even be submitted by users.Analyzing all these binaries will take any malware analyst a long time. That’s why it’s critical to have an automated way […]
(quick plug – to all current & future reverse engineers – check out our Reverse Engineering Training Course. We’d love to publish your work next!)
Part 1: Introduction and De-Obfuscating and Reversing the User-Mode Agent Dropper
Part 2: Reverse Engineering the Kernel-Mode Device Driver Stealth Rootkit
Part 3: Reverse Engineering the Kernel-Mode Device […]