Posted by
admin on Saturday, March 20th, 2010 |
8,459 views
We have noticed new waves of spam messages, this time in Italian language only, that promote the message “Happy Easter” and contain malicious links that redirect the users to download a file named BuonaPasqua.gif.exe, detected as Backdoor.IRC.Zapchast and it looks like to be an ircbot. Email headers: Sender: Cartolin...
Continue reading...
Posted by
admin on Wednesday, February 10th, 2010 |
10,550 views
RussKill is another DDoS bot that is controlled by a web panel, where users can send commands to their bots and start to attack a specified website using two methods of DDoS: HTTP-Flood: Generates threaded queries to the index page of the website and try to make the attacked web page inaccessible from regular users, [...]
Continue reading...
Posted by
admin on Wednesday, January 27th, 2010 |
31,817 views
This second part of our part 1 analysis, will show you what the files we collected did once live. From the main loader we can extract the following useful strings: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 msxslt3.exe MsXSLT SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ntdll.dll wininet.dll Content-Type: application/x-www-form-ur...
Continue reading...
Posted by
admin on Tuesday, January 26th, 2010 |
6,644 views
Today we will analyze a sample of a rogue security software that is packed by an unknown packer named Mystic Compressor, and that has been identified to be used mostly to pack rogue security software executables. Steve has successfully unpacked the sample and this is his analysis: Call to VirtualProtect to make the data in [...]
Continue reading...
Posted by
admin on Friday, December 4th, 2009 |
10,764 views
Users have reported to us another case of a massive blackhat SEO strategy used to redirect traffic to infected websites with the objective to infect users with the popular and very dangerous TDSS Trojan. Blackhat SEO strategy targeted most popular video streaming websites such as youtube, metacafe, etc. and the malicious files t...
Continue reading...
Posted by
admin on Friday, June 5th, 2009 |
2,493 views
In the last few days, while browsing the Internet I was redirected to a file named VideoCodec.exe, and another file named PluginCodec.exe. Both files are false video codecs, and are actually infected with Trojan.DNSChanger! Trojan DNSChanger is a trojan that will modify the DNS settings on the compromised computer to point to a ...
Continue reading...
Posted by
admin on Friday, April 17th, 2009 |
5,828 views
A user sent us another false video codec downloaded from a false movie website, that was using fake flash movies to push the user to download the false codec. Once executed the program, it generates the following Internet traffic: 1 2 3 4 5 6 7 8 9 10 11 12 POST /achcheck.php HTTP/1.1 Host: [...]
Continue reading...
Posted by
admin on Saturday, April 4th, 2009 |
3,033 views
I wrote this small PDF to make a small overview of the famous worm named Conficker (aka Downadup). The “history” starts when was discovered the vulnerability in Microsoft Windows Operating Systems named as MS08-067. Italian Version Size: 100 kb English Version Size: 99 kb
Continue reading...
Posted by
admin on Tuesday, March 31st, 2009 |
6,323 views
Worm.IM.Sohanad is a worm that spreads itself via Yahoo Messenger and can infect all the contacts present in your Yahoo Messenger Contacts List, by sending them a text message that can contain a malicious HTTP link pushing the users to download the worm. Its also possible for the worm to send a HTTP link that [...]
Continue reading...
Posted by
admin on Sunday, March 29th, 2009 |
337,240 views
A user submitted a suspicious link that was present in his website as a hidden iframe. Malicious hidden iframes are mainly inserted into HTML pages of legitimate websites, by hackers that want to spread their malware with the objective of infecting all the users that visit the compromised website and in most of the cases, [...]
Continue reading...
