Category: Malware Analysis

I-Worm/Nuwar.W + Rustock.E Variant – Analysis

Steve sent me a new interesting malware sample classified as I-Worm/Nuwar.W. When I executed the file, it injected code into a system process named svchost.exe, and I started to receive a lot of traffic from a specified domain that has a random name (aaqarkznvb.com), and during the established connections with the domain, a lot ...
Continue reading...

Serpent BOT (Web Based Malware)

Steve sent me another sample of malware he found, but this time, we found a Web Based Malware with a web-interface: The file that established connections with the website was named load.exe and below there is the report of the scan: Report Generated 22.11.2008 at 23.15.36 (GMT 1) Filename: load.exe File size: 27 KB MD5 […...
Continue reading...

Trojan.Clicker served through beedly.us ADS

Today, while I was searching in beedly.us, I found this ADS: Why I get porn when I search for “free online virus” ? I followed the ADS to analyze it, and I arrived at a fake porn site that contains in the HTML some malicious code that was designed to trick the user into downloading […]
Continue reading...

Rootkit.Siberia2 + Rootkit.Cutwail.A – Analysis

Analysis Content: Rootkit.Siberia2 + Rootkit.Cutwail.A – Analysis Released: 20.11.2008 Author of Analysis: Robert Contact: robert@novirusthanks.org Website: http://novirusthanks.org Steve sent me another rootkit sample and here is the analysis : ) The file I received was named mtnjmcjubjjuyto.exe and below there is the rep...
Continue reading...

Next Generation of Rustock.Rootkit variants ?

Analysis Content: Next Generation of Rustock.Rootkit variants ? Released: 18.11.2008 Author of Analysis: Robert Contact: robert@novirusthanks.org Website: http://novirusthanks.org My friend Steve sent me today a new possible variant of the famous Rustock.Rootkit ! The file I received was named unprotdmp and below there is the re...
Continue reading...

Trojan-Spy.Win32.Zbot – Analysis of Malware

Analysis Content: Trojan-Spy.Win32.Zbot – Analysis of Malware Released: 16.11.2008 Author of Analysis: Robert Contact: robert@novirusthanks.org Website: http://novirusthanks.org My friend Steve sent to me some days ago a Trojan-Spy.Win32.Zbot sample and below there is the analysis: The file I received was named live.exe an...
Continue reading...

Rogue Antispyware 2009 served through beedly.us ADS

Today, when I was browsing the beedly.us website, I saw a suspicious ADS link where there was a link to the malicious website proantispyware2009(dot)com, so I started to analyze the link and, below, there is the result: So after clicking on the ADS I was redirected to a new sub-domain: and if we view the […]
Continue reading...

Website with hidden iframe and Malware Analysis

All began this morning (16/10/2008) at 13:00am, I checked the HTML code of index.php and I saw something suspicious inside. Our index.php and 4 other .php pages were infected with an iframe from 11:00am to 13:00am, and fortunately we analyze the code of our site every 2/3 hours, and immediatly removed the infected code. I [&hell...
Continue reading...