Category: Security News

Blackhole Exploit Kit Activity

Infected website: hxxp://somerandomiframedomain. comhxxp://somerandomiframedomain. com Activity: Connection Established - %ProgramFiles%\Internet Explorer\iexplore.exe - TCP - 92.38.232.92 - 80 Web Request - %ProgramFiles%\Internet Explorer\iexplore.exe - GET - somerandomiframedomain.com - /forum.php?tp=9c7447caf251fe78 File Cre...
Continue reading...

NoVirusThanks Automated Malware Analyzer (Preview)

We are working on a free online automated malware analyzer, here there are few example reports generated by the sandbox using malware samples captured in the wild. We capture every URL that is requested by the malware and every new file that is dropped in the disk, we use Driver Radar Pro to block loading […]
Continue reading...

Pay-Per-Install Analysis – Part Three

InstallConverter This is where things get interesting. This company distributes one executable, TDL3. TDL3 is a very advanced piece of stealth malware, with rootkit capabilities. Here you can see Symantec are well aware of this. Backdoor.Tidserv This is how much they per for 1000 installs per country. USA - $170 Canada - $120 Un...
Continue reading...

Pay-Per-Install Analysis – Part Two

WorldPays – Euro-Pays – SummerCash Next on the list we have 3 companies, who are distributing the same executable, so its safe to assume either they are all resellers for a single company, or 2 of them are reselling for the other. From the above images we can extract some dangerous domains used for spreading [&hellip...
Continue reading...

Pay-Per-Install Analysis – Part One

What is Pay-Per-Install(PPI)? Pay-Per-Install is a system where people get paid for installation of software, 9 times out of 10 without the knowledge of the end-user.  The amount the affiliate gets paid depends which country the victim is in, countries like USA normally get the highest rates, while other less-known countries ...
Continue reading...

Whistler Bootkit – a new powerful Windows bootkit

Whistler Bootkit is a new interesting Windows bootkit which attacks all Windows versions from 2000 up to the recent Server 2008 and 7. Whistler Bootkit can be used to start an executable with NT-AUTHORITY\SYSTEM rights on every startup of the OS and secure it from anything and anyone, making “impossible”
Continue reading...

A new DDoS bot named RussKill is in the wild

RussKill is another DDoS bot that is controlled by a web panel, where users can send commands to their bots and start to attack a specified website using two methods of DDoS: HTTP-Flood: Generates threaded queries to the index page of the website and try to make the attacked web page inaccessible from regular users, […]
Continue reading...

A new sophisticated bot named SpyEye is on the market

A new fresh and sophisticated web-based bot named SpyEye is around in the markets and looks like to be the possible successor of the famous Zeus Trojan due to its very interesting features, with the main objective to steal bank accounts, credit cards, ftp accounts and other sensitive data from the victim’s computer. SpyEye...
Continue reading...

0-Day Exploit for all Windows Systems CVE-2010-0232

Recently Tavis Ormandy has published an interesting vulnerability that affects all 32bit x86 versions of Windows NT (x64 systems are not affected) released since 27 Jul 1993 to 2009, including also the latest Windows Seven. The vulnerability lets local users obtain elevated privileges on the target system, by exploiting a flaw i...
Continue reading...

Blackhat SEO Campaign targets Security Software

Recently, while I was searching on google for some security software related keywords, I have noticed a massive attempt of Blackhat SEO strategy used to capture users that search for keywords related to various security software. When clicking on any of these links the user is generally redirected to the malicious links that are...
Continue reading...