Tag: rootkit

Rustock is back again more active than ever!

Recently Steve received some new .EXE files classified as Rootkit.Rustock and we have analyzed one file to see if the beast Rustock is still active. The bad thing is that the results of this analysis reveal that the spam activity of Rustock is yet highly active… During the analysis we noticed that the malware used [&hellip...
Continue reading...

I-Worm/Nuwar.W + Rustock.E Variant – Analysis

Steve sent me a new interesting malware sample classified as I-Worm/Nuwar.W. When I executed the file, it injected code into a system process named svchost.exe, and I started to receive a lot of traffic from a specified domain that has a random name (aaqarkznvb.com), and during the established connections with the domain, a lot ...
Continue reading...

Serpent BOT (Web Based Malware)

Steve sent me another sample of malware he found, but this time, we found a Web Based Malware with a web-interface: The file that established connections with the website was named load.exe and below there is the report of the scan: Report Generated 22.11.2008 at 23.15.36 (GMT 1) Filename: load.exe File size: 27 KB MD5 […...
Continue reading...

Next Generation of Rustock.Rootkit variants ?

Analysis Content: Next Generation of Rustock.Rootkit variants ? Released: 18.11.2008 Author of Analysis: Robert Contact: robert@novirusthanks.org Website: http://novirusthanks.org My friend Steve sent me today a new possible variant of the famous Rustock.Rootkit ! The file I received was named unprotdmp and below there is the re...
Continue reading...

Website with hidden iframe and Malware Analysis

All began this morning (16/10/2008) at 13:00am, I checked the HTML code of index.php and I saw something suspicious inside. Our index.php and 4 other .php pages were infected with an iframe from 11:00am to 13:00am, and fortunately we analyze the code of our site every 2/3 hours, and immediatly removed the infected code. I [&hell...
Continue reading...