«
Expand/Collapse
388 items tagged "malware"
Related tags:
tool 2 [+],
security [+],
google [+],
web [+],
stealth [+],
mobile [+],
flashback [+],
execution [+],
darknet [+],
audio [+],
video [+],
report [+],
removal [+],
nicholas j. percoco [+],
botnet [+],
zeus [+],
trojan [+],
tool 1 [+],
targeting [+],
phone [+],
new [+],
malware removal tool [+],
georg wicherski [+],
exploits [+],
detection [+],
com [+],
chan ahn [+],
Software [+],
year [+],
windows [+],
whitepaper [+],
thorsten holz [+],
third party software [+],
the rise [+],
talk [+],
symbian [+],
spyeye [+],
security advisory [+],
searching [+],
search engines [+],
potential security vulnerability [+],
paul judge [+],
part [+],
network [+],
neil daswani [+],
migrating [+],
maynor [+],
joanna rutkowska [+],
jeremiah grossman [+],
javascript [+],
infected [+],
hp procurve [+],
hideout [+],
hacking [+],
hacker [+],
fyodor [+],
freak show [+],
freak [+],
fiasco [+],
fake [+],
facebook [+],
extreme caution [+],
executable file [+],
download [+],
discovered [+],
dave maynor [+],
compact flash card [+],
collection [+],
card [+],
bypass [+],
authors [+],
attackers [+],
asia [+],
apple [+],
antivirus [+],
ahn [+],
23th [+],
black hat [+],
zeus malware [+],
windows pe [+],
windows operation [+],
whys [+],
web server apache [+],
wayne huang [+],
washington [+],
virus scanners [+],
virus infection [+],
variants [+],
tracking tools [+],
tracking [+],
tier ii [+],
technical vulnerability [+],
targets [+],
targeted [+],
tags [+],
stuxnet [+],
static analysis [+],
spreading [+],
spread [+],
skilled developers [+],
simple test [+],
similarity [+],
show [+],
security researchers [+],
security management [+],
security labs [+],
scenes [+],
scanners [+],
scanner [+],
scams [+],
robert [+],
removal tool [+],
removal guide [+],
proof of concept [+],
project alternatives [+],
privacy [+],
predictable behavior [+],
peter ferrie [+],
pe file format [+],
other search engines [+],
os x [+],
norman [+],
nicolas seriot [+],
networked equipment [+],
mod [+],
mobile adapters [+],
mitigation steps [+],
mitigation [+],
miami [+],
market [+],
mainstream press [+],
mac malware [+],
mac computers [+],
love [+],
linux [+],
levels [+],
kindsight [+],
kendall [+],
jose nazario [+],
jose [+],
jonathan voris [+],
jeremy chiu [+],
iphone [+],
ios [+],
intranet websites [+],
infections [+],
implementation [+],
ian amit tags [+],
hp printers [+],
hp firmware [+],
honeynet [+],
home networks [+],
hide [+],
grossman [+],
fundamental techniques [+],
forensics [+],
firmware [+],
file [+],
exploting [+],
dissecting [+],
demystifying [+],
d.c. [+],
china [+],
chad [+],
carsten willems [+],
bruce dang [+],
botnets [+],
botnet detection [+],
blackberry [+],
basics [+],
banking [+],
assembly programming [+],
apple security [+],
apple ios [+],
app [+],
api [+],
andro [+],
andrew walenstein [+],
anatomy [+],
amit [+],
advisory [+],
adult toy store [+],
analyser [+],
android [+],
usa [+],
zeus botmaster [+],
your [+],
years [+],
writers [+],
worms [+],
worm [+],
working [+],
wordpress [+],
weeks [+],
web graph [+],
waves [+],
warns [+],
warning [+],
virus [+],
virtual machines [+],
virtual currency [+],
virtual [+],
variant [+],
using open source tools [+],
used [+],
update [+],
undiscovered [+],
uk police arrest [+],
tsunami [+],
trojans [+],
tricks [+],
track [+],
tool [+],
time analysis [+],
tim mullen [+],
tidal waves [+],
tidal [+],
three men [+],
three [+],
threat [+],
thorsten [+],
the way [+],
texas [+],
tdl [+],
targeting iran [+],
target system [+],
target [+],
takes [+],
system phones [+],
symantec [+],
surge [+],
super [+],
study [+],
strains [+],
strain [+],
stefano zanero [+],
stealth secrets [+],
status [+],
spy [+],
spotify [+],
splattered [+],
spam [+],
source code [+],
source [+],
sophos [+],
sms [+],
smartphone [+],
smartcard [+],
slurps [+],
signs [+],
share [+],
self destruct [+],
self [+],
sees [+],
security firms [+],
scale [+],
sale [+],
ruse [+],
router [+],
rootsmart [+],
rooting [+],
rockets [+],
rocket data [+],
rocket [+],
rise [+],
rfid [+],
review [+],
reverse engineering [+],
researchers [+],
research [+],
removing [+],
reality [+],
real [+],
ransom [+],
quynh nguyen [+],
pulled [+],
profiles [+],
problem scenarios [+],
premium sms [+],
premium rate numbers [+],
preloaded [+],
practical [+],
posing [+],
popularity [+],
polymorphic [+],
police [+],
poisons [+],
point of sale systems [+],
point of sale [+],
point [+],
pirates [+],
picture [+],
photo tag [+],
photo [+],
pdf [+],
pc production [+],
pc components [+],
osama [+],
open target [+],
open source tools [+],
open source [+],
official [+],
now [+],
nintendo wii [+],
nintendo [+],
nimda [+],
night dragon [+],
nick harbour [+],
nguyen anh [+],
new malware [+],
neutralizing [+],
nerve centre [+],
nerve [+],
neat piece [+],
mystery [+],
mysql [+],
murdoch staff [+],
moves [+],
mobile security [+],
mobile market [+],
mobile banking [+],
mobile apps [+],
mints [+],
mind tricks [+],
million [+],
microsoft malware removal tool [+],
microsoft malware removal [+],
microsoft [+],
melanie rieback [+],
measurement results [+],
massive proliferation [+],
mass web [+],
marks [+],
marketplace [+],
man [+],
makes [+],
makers [+],
mafia wars [+],
machine [+],
mac osx [+],
mac menacing [+],
mac linux [+],
mac defender [+],
mac [+],
locks [+],
little bug [+],
linux windows [+],
legit software [+],
laurent oudot [+],
launch [+],
lame [+],
job [+],
jeremiah [+],
java [+],
japanese space agency [+],
japanese market [+],
japanese man [+],
jailed [+],
jacksbot [+],
iran [+],
international [+],
internal statistics [+],
inspired [+],
inserted [+],
infects [+],
ika [+],
idea what kind [+],
ice [+],
hp switches [+],
host [+],
honeypots [+],
hits [+],
hire [+],
hijacks [+],
hide android [+],
hidden [+],
harder [+],
handed [+],
halloween [+],
half a million [+],
hacks [+],
hackers [+],
hack [+],
growth [+],
grows [+],
gregory conti [+],
gpu [+],
gordon brown claims [+],
gordon brown [+],
getting [+],
gets [+],
gaming sites [+],
gaming [+],
game spy [+],
freebie [+],
fraud [+],
found [+],
forensic [+],
flog [+],
flash card [+],
flash [+],
fishy [+],
financial [+],
fbi [+],
false sense of security [+],
extension [+],
explosive growth [+],
exploit [+],
executable files [+],
evasion [+],
europe [+],
engineering [+],
empirical measurement [+],
embrace [+],
email [+],
electronic payment [+],
earns [+],
e mail address [+],
e mail [+],
duqu [+],
drone [+],
droidkungfu [+],
downloads [+],
don [+],
doj [+],
doing the rounds [+],
distributor [+],
digital underground [+],
digital [+],
dexter malware [+],
devs [+],
development [+],
detecting [+],
detect [+],
demystified [+],
debugger [+],
death threats [+],
ddos tool [+],
ddos [+],
day [+],
database [+],
cyberheist [+],
cyber criminals [+],
current architecture [+],
crisis [+],
corporate customers [+],
control servers [+],
control [+],
conti [+],
compromised [+],
command [+],
code [+],
classic sandbox [+],
cinema [+],
china mobile [+],
charlie sheen [+],
chaos communication camp [+],
chancers [+],
centre [+],
cell phone [+],
carberp [+],
canada [+],
call [+],
bugtraq [+],
bug [+],
botmaster [+],
bot [+],
bird [+],
banking security [+],
bank information [+],
bank [+],
badness [+],
aurora [+],
attack [+],
arrest [+],
apps [+],
application binaries [+],
application [+],
apple ships [+],
apple opens [+],
anti malware [+],
anti [+],
anonymous [+],
angry [+],
analysis tool [+],
amnesty international uk [+],
amnesty [+],
ambulance system [+],
aka alureon [+],
afterdark [+],
advertisers [+],
account passwords [+],
abu dhabi [+],
NON [+],
ExploitsVulnerabilities [+],
Countermeasures [+],
64 bit windows [+],
30m [+],
norman sandbox [+],
malicious software [+],
hook tool [+],
hook [+],
analysing [+],
slides [+],
dynamic analysis [+],
program behavior [+],
malheur [+],
behavior [+],
paper [+],
freeware [+],
read [+],
chaos communication congress [+],
analysis [+],
zip,
yuriy bulygin,
wombat,
will,
wes brown tags,
wes brown,
web history,
web authors,
web attacks,
wapi,
want,
vulnerable,
virus vendors,
virus activity,
virus 7,
virtualization,
viral threats,
video protocols,
val smith,
uses,
uranium centrifuges,
unprecedented wave,
unprecedented losses,
unprecedented,
undead,
trojan threat,
trendmicro,
tor,
tom stracener,
time,
than iloveyou,
texas man,
technological development,
technical improvements,
tax,
tar gz,
suzaki,
summer breeze,
subdomains,
storm botnet,
storm,
stopping,
staff,
sql injection,
sql,
specification languages,
spam mail,
source address,
software techniques,
social networks,
social engineering,
snort,
sized families,
similarity analysis,
silvio cesare,
silvio,
silberman,
siddharth tags,
shopping,
security report,
security company,
sean paul correll,
sean paul,
seamless manner,
safe bet,
sabotaged,
ryan sherstobitoff,
rootkits,
rootkit,
resilient,
requirements,
repository,
reports,
remnux,
regional,
rabbit hole,
rabbit,
quist,
python script,
pushers,
puremessage,
publishes,
protocols,
protection,
proof,
post,
play,
piotr oleszkiewicz,
pinhead,
peter silberman,
paul vixie,
paul royal,
paolo milani,
original source,
open environment,
office documents,
office,
nsdecoder,
ninga,
nicolas falliere,
next generation,
next,
new trend,
network flow analysis,
nasty piece,
nancy france,
nancy,
microscope,
michael ligh,
metamorphic,
messagelabs,
memory,
medicine,
matthew richard tags,
matthew richard,
massive web,
malicious files,
malaysia,
major defenses,
mail source,
mac os x,
mac os,
lurking,
luis corrons,
low,
lorie,
linux distribution,
ligh,
liam o murchu,
lenny zeltser,
legal,
laboratory environment,
krakow,
koobface,
justin clarke tags,
justin clarke,
jonathan rom,
jonathan,
joe stewart tags,
joe stewart,
jinx,
jibran,
jesse burns,
jerusalem post,
jerusalem,
jason ross tags,
jason ross,
internet,
insane,
injection,
infection,
industry authors,
industry,
ilyas,
housecall,
horsemen,
hole,
hijacked,
herder,
hentai,
hack in the box,
google maps,
geographic distribution,
geographic,
garry pejski,
gadgets,
fun,
freakshow,
france,
four horsemen,
fore,
force,
flow,
firefox,
feed,
faq,
family ties,
fabrice jaubert,
exchange,
evolution,
evilness,
eric chien,
epidemic proportions,
endpoint security,
ekimono,
dwarfs,
dubai,
domain registrars,
dna,
dlls,
distribution,
dino covotsos,
desktop antivirus,
dennis brown tags,
dennis brown,
dell blames,
dell,
ddos attacks,
david dagon,
david anthony edwards,
danny quist,
daniel raygoza,
dang,
dagon,
creating,
correll,
copyright,
control flow graphs,
confidence,
conficker,
conference,
computer,
collections,
colin ames,
china reports,
chet hosmer,
check tool,
check,
catch,
bypasses,
business users,
busine,
burns,
building,
bruce potter,
blame,
bit,
big rise,
backdoor,
b trojan,
automatic classification,
automated,
attacks,
approach,
apple ipad,
anthony edwards,
ante,
andrew fried,
analyzing,
analyze,
alternative medicine,
alternative,
alarming rise,
aim,
ads,
add,
activity monitor,
accused,
Issues,
General
-
-
19:09
»
Packet Storm Security Recent Files
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
19:09
»
Packet Storm Security Tools
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
19:09
»
Packet Storm Security Tools
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
19:09
»
Packet Storm Security Misc. Files
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
-
16:06
»
Packet Storm Security Recent Files
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
16:06
»
Packet Storm Security Tools
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
16:06
»
Packet Storm Security Tools
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
16:06
»
Packet Storm Security Misc. Files
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
-
19:07
»
Packet Storm Security Recent Files
This archive holds twelves PDFs that hold presentations for Reversing and Malware Analysis Training. The Topics covered are Lab Setup Guide, Introduction to Windows Internals, Windows PE File Format Basics, Assembly Programming Basics, Reverse Engineering Tools Basics, Practical Reversing (I), Unpacking UPX, Malware Memory Forensics, Advanced Malware Analysis, Exploit Development Basics, Exploit Development Advanced, and Rootkit Analysis.
-
19:07
»
Packet Storm Security Misc. Files
This archive holds twelves PDFs that hold presentations for Reversing and Malware Analysis Training. The Topics covered are Lab Setup Guide, Introduction to Windows Internals, Windows PE File Format Basics, Assembly Programming Basics, Reverse Engineering Tools Basics, Practical Reversing (I), Unpacking UPX, Malware Memory Forensics, Advanced Malware Analysis, Exploit Development Basics, Exploit Development Advanced, and Rootkit Analysis.
-
12:13
»
Packet Storm Security Recent Files
The Kindsight Security Labs Q3 2012 Malware Report examines general trends for malware infections in home networks or infections in mobile devices and computers connected through mobile adapters. The data in this report is aggregated across the networks where Kindsight solutions are deployed.
-
12:13
»
Packet Storm Security Misc. Files
The Kindsight Security Labs Q3 2012 Malware Report examines general trends for malware infections in home networks or infections in mobile devices and computers connected through mobile adapters. The data in this report is aggregated across the networks where Kindsight solutions are deployed.
-
-
16:22
»
Packet Storm Security Recent Files
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
16:22
»
Packet Storm Security Tools
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
16:22
»
Packet Storm Security Misc. Files
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
-
9:26
»
Packet Storm Security Recent Files
This archive contains web malware recovered from honeypots and other places. It includes various backdoors, bots, exploits, and more. Please note that many of the files ARE backdoored so you should exercise extreme caution and analyze them before any execution.
-
9:26
»
Packet Storm Security Tools
This archive contains web malware recovered from honeypots and other places. It includes various backdoors, bots, exploits, and more. Please note that many of the files ARE backdoored so you should exercise extreme caution and analyze them before any execution.
-
9:26
»
Packet Storm Security Misc. Files
This archive contains web malware recovered from honeypots and other places. It includes various backdoors, bots, exploits, and more. Please note that many of the files ARE backdoored so you should exercise extreme caution and analyze them before any execution.
-
5:11
»
Packet Storm Security Recent Files
A simple test to see is a host infected with earlier versions of "SpyEye" malware, which dropped a file at the same location every time. Good "proof of concept" showing that malware can be easily detected based on predictable behavior. later versions of SpyEye randomly chose their "drop file" location.
-
5:11
»
Packet Storm Security Misc. Files
A simple test to see is a host infected with earlier versions of "SpyEye" malware, which dropped a file at the same location every time. Good "proof of concept" showing that malware can be easily detected based on predictable behavior. later versions of SpyEye randomly chose their "drop file" location.
-
-
9:12
»
SecDocs
Authors:
Dong-Joo Ha Ki-Chan Ahn Tags:
Nintendo Event:
AVTokyo 2010 Abstract: A large portion of people who possess a Gaming Console or a Smartphone are downloading paid software illegally from the web or p2p. Most of those people do not even give a second thought before installing the downloaded software, and merely just check that the application works. The sense of security here comes from the application's popularity and the fact that the application is working as advertised with no noticeable problems. The reason why people have this kind of false sense of security for Console Gaming systems or Mobile Devices is because they are not fully aware that malware can potentially bring the same devastating effects as that of a PC malware, and no one has published a reliable way to inject a malware to a legit software. However, the boundry of these devices and the PC is getting very thin due to the evolution of hardware, which makes these devices capable of bringing the same negative effects of PC malware. In this presentation, we will show how to inject code into binary for Nintendo Wii, and show a demo live action.
-
-
21:49
»
SecDocs
Authors:
Toralv Dirro Tags:
malware trojan Event:
Chaos Communication Camp 2007 Abstract: This talk focuses on the various trojans the we actually see being used against companies and individuals in the world. It will show the real threats, how they work, what the real impact is. The talk will include screenshots from dropzones and practical demos, possibly as video clips. Today there is a lot of hype around some new proof-of-concept technology or around politically motivated trojans, etc. This talk will deliver a reality check, give an idea what kind of malware the McAfee Research organisation is actually seeing to be used in the real world and show how the diffent trojans work, what the impact is. The material used are internal statistics of the various threats sent to oder discovered by us, some more detailed analysis to make functionality more transparent and some demo's screenshots, etc. This talk will not advertise any products from us or anyone else. Instead of that short examples of various technologies will be used to discuss of that may help or why it fails.
-
-
21:46
»
SecDocs
Authors:
Georg Wicherski Tags:
malware botnet Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Botnets are one of the most buzzy buzzwords out there today in the computer security world. The presented approach allows us to take reliably care of these, such that managers hopefully will not react on ``botnet'' in 2008 any more. This technology allows for automated catching of malware with the now somewhat known nepenthes daemon, automated analysis with CWSandbox and other sandboxes, automated botnet snooping with the botsnoopd daemon and finally (semi-)automated mitigation using various weapons. Hopefully, our autonomous approach will never turn against the human race and begin the final war... This presentation explains the various components of our approach to botnet detection and mitigation from the beginning to the end in detail. First, we will have a look at nepenthes; see how it has evolved, works and also point out some weaknesses. nepenthes is a versatile tool for malware collection and available under the GPL license at . Although, people have presented on it on various conferences, this tool is still not known by a lot of malware researchers. Additionally, most presentation focus on the results you can achive with nepenthes, whereas this presentation will show you how it really works. The next step in botnet mitigation then is to sandbox the malware to gather information about the botnet itself, e.g. server hostname, channel names or for other types of botnet, the other relevant information for connecting to it. Our current approach is based on the CWSandbox developed by Carsten Willems at the RWTH Aachen, not available to the public. We however also work with the Chinese Honeynet Project's work (MWSniffer), experiment with Norman's work (Norman Sandbox) and plan to include Emsi's work in the future (CodeKnigge). After sandboxing the malware, we automatically connect into the botnet and snoop all relevant commands, traffic and generate statistics (some fancy charts that is). This allows us to generate statistics about DDoS attacks carried out throug monitored botnets, gather intelligences about identity theft and provide LEOs with relevant information (the most reliable way to mitigate botnets). We closely cooperate with the ShadowServer crew for botnet monitoring. Once a botnet has been identified as a severe threat to the Internet, it can be shut down (semi-) automatically. Since we wanted to stay away from a solely automated atomar weapon, which might be fooled to be autonomously fired at Washington, D.C., we still have to confirm the mitigation process. Mitigation involves notification of involved ASNs, botnet sinkholing and DNS poisoning. Additionally, cooperation with some German ISPs will hopefully enable us to cut off infected clients from the Internet in the future.
-
21:46
»
SecDocs
Authors:
Georg Wicherski Tags:
malware botnet Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Botnets are one of the most buzzy buzzwords out there today in the computer security world. The presented approach allows us to take reliably care of these, such that managers hopefully will not react on ``botnet'' in 2008 any more. This technology allows for automated catching of malware with the now somewhat known nepenthes daemon, automated analysis with CWSandbox and other sandboxes, automated botnet snooping with the botsnoopd daemon and finally (semi-)automated mitigation using various weapons. Hopefully, our autonomous approach will never turn against the human race and begin the final war... This presentation explains the various components of our approach to botnet detection and mitigation from the beginning to the end in detail. First, we will have a look at nepenthes; see how it has evolved, works and also point out some weaknesses. nepenthes is a versatile tool for malware collection and available under the GPL license at . Although, people have presented on it on various conferences, this tool is still not known by a lot of malware researchers. Additionally, most presentation focus on the results you can achive with nepenthes, whereas this presentation will show you how it really works. The next step in botnet mitigation then is to sandbox the malware to gather information about the botnet itself, e.g. server hostname, channel names or for other types of botnet, the other relevant information for connecting to it. Our current approach is based on the CWSandbox developed by Carsten Willems at the RWTH Aachen, not available to the public. We however also work with the Chinese Honeynet Project's work (MWSniffer), experiment with Norman's work (Norman Sandbox) and plan to include Emsi's work in the future (CodeKnigge). After sandboxing the malware, we automatically connect into the botnet and snoop all relevant commands, traffic and generate statistics (some fancy charts that is). This allows us to generate statistics about DDoS attacks carried out throug monitored botnets, gather intelligences about identity theft and provide LEOs with relevant information (the most reliable way to mitigate botnets). We closely cooperate with the ShadowServer crew for botnet monitoring. Once a botnet has been identified as a severe threat to the Internet, it can be shut down (semi-) automatically. Since we wanted to stay away from a solely automated atomar weapon, which might be fooled to be autonomously fired at Washington, D.C., we still have to confirm the mitigation process. Mitigation involves notification of involved ASNs, botnet sinkholing and DNS poisoning. Additionally, cooperation with some German ISPs will hopefully enable us to cut off infected clients from the Internet in the future.
-
-
15:21
»
SecDocs
Authors:
Joanna Rutkowska Tags:
malware Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The presentation will try to present current challenges in detecting advanced forms of stealth malware and explain why current detection approaches, as used in commercial A/V or IDS products, are insufficient. The author will try to convince the audience that *detection* is no less important then *prevention* and that we need a *systematic* approach to implement a good compromise detector, instead of a bunch of "hacks" as we have today.
-
15:13
»
SecDocs
Authors:
Joanna Rutkowska Tags:
malware Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The presentation will try to present current challenges in detecting advanced forms of stealth malware and explain why current detection approaches, as used in commercial A/V or IDS products, are insufficient. The author will try to convince the audience that *detection* is no less important then *prevention* and that we need a *systematic* approach to implement a good compromise detector, instead of a bunch of "hacks" as we have today.
-
15:07
»
SecDocs
Authors:
Joanna Rutkowska Tags:
malware Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The presentation will try to present current challenges in detecting advanced forms of stealth malware and explain why current detection approaches, as used in commercial A/V or IDS products, are insufficient. The author will try to convince the audience that *detection* is no less important then *prevention* and that we need a *systematic* approach to implement a good compromise detector, instead of a bunch of "hacks" as we have today.
-
-
20:49
»
Packet Storm Security Recent Files
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
20:49
»
Packet Storm Security Misc. Files
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
-
21:54
»
SecDocs
Authors:
Thorsten Holz Tags:
malware bank Event:
Chaos Communication Congress 25th (25C3) 2008 Abstract: In the recent years, we observed a growing sophistication how credentials are stolen from compromised machines: the attackers use sophisticated keyloggers to control the victim's machine and use different techniques to steal the actual credentials. In this talk, we present an overview of this threat and empirical measurement results.
-
-
15:14
»
Packet Storm Security Advisories
Apple Security Advisory 2012-05-14-1 - This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.
-
15:14
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-05-14-1 - This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.
-
15:14
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-05-14-1 - This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.
-
-
13:33
»
Packet Storm Security Advisories
HP Security Bulletin HPSBPV02754 SSRT100803 2 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. The ProCurve switch operating system is not infected with the malware and the content on the compact flash card has no impact on the operation of the switch. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity. Revision 2 of this advisory.
-
13:33
»
Packet Storm Security Recent Files
HP Security Bulletin HPSBPV02754 SSRT100803 2 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. The ProCurve switch operating system is not infected with the malware and the content on the compact flash card has no impact on the operation of the switch. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity. Revision 2 of this advisory.
-
13:33
»
Packet Storm Security Misc. Files
HP Security Bulletin HPSBPV02754 SSRT100803 2 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. The ProCurve switch operating system is not infected with the malware and the content on the compact flash card has no impact on the operation of the switch. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity. Revision 2 of this advisory.
-
-
21:27
»
SecDocs
Authors:
Bruce Dang Peter Ferrie Tags:
malware malware analysis Stuxnet Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: There has been many publications on the topic of Stuxnet and its "sophistication" in the mainstream press. However, there is not a complete publication which explains all of the technical vulnerability details and how they were discovered. In this talk, you will get a first-hand account of the entire story. We will discuss various techniques used in analyzing Stuxnet. First, we will share several tricks that were used to quickly identify the vulnerabilities. Second, we describe the thought processes that went into debugging and triaging the vulnerabilities themselves. Finally, we show some tips that you can use if you feel like decompiling stuff for fun :).
-
21:27
»
SecDocs
Authors:
Bruce Dang Peter Ferrie Tags:
malware malware analysis Stuxnet Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: There has been many publications on the topic of Stuxnet and its "sophistication" in the mainstream press. However, there is not a complete publication which explains all of the technical vulnerability details and how they were discovered. In this talk, you will get a first-hand account of the entire story. We will discuss various techniques used in analyzing Stuxnet. First, we will share several tricks that were used to quickly identify the vulnerabilities. Second, we describe the thought processes that went into debugging and triaging the vulnerabilities themselves. Finally, we show some tips that you can use if you feel like decompiling stuff for fun :).
-
-
7:32
»
Packet Storm Security Misc. Files
Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
-
15:22
»
SecDocs
Authors:
Ang Cui Jonathan Voris Tags:
hardware hacking Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Network printers are ubiquitous fixtures within the modern IT infrastructure. Residing within sensitive networks and lacking in security, these devices represent high-value targets that can theoretically be used not only to manipulate and exfiltrate the sensitive information such as network credentials and sensitive documents, but also as fully functional general-purpose bot-nodes which give attackers a stealthy, persistent foothold inside the victim network for further recognizance, exploitation and exfiltration. We first present several generic firmware modification attacks against HP printers. Weaknesses within the firmware update process allows the attacker to make arbitrary modifications to the NVRAM contents of the device. The attacks we present exploit a functional vulnerability common to all HP printers, and do not depend on any specific code vulnerability. These attacks cannot be prevented by any authentication mechanism on the printer, and can be delivered over the network, either directly or through a print server (active attack) and as hidden payloads within documents (reflexive attack). In order to demonstrate these firmware modification attacks, we present a detailed description of several common HP firmware RFU (remote firmware update) formats, including the general file format, along with the compression and checksum algorithms used. Furthermore, we will release a tool (HPacker), which can unpack existing RFUs and create/pack arbitrary RFUs. This information was obtained by analysis of publicly available RFUs as well as reverse engineering the SPI BootRom contents of several printers. Next, we describe the design and operation a sophisticated piece of malware for HP (P2050) printers. Essentially a VxWorks rootkit, this malware is equipped with: port scanner, covert reverse-IP proxy, print-job snooper that can monitor, intercept, manipulate and exfiltrate incoming print-jobs, a live code update mechanism, and more (see presentation outline below). Lastly, we will demonstrate a self-propagation mechanism, turning this malware into a full-blown printer worm. Using HPacker, we demonstrate the injection of our malware into arbitrary P2050 RFUs, and show how similar malware can be created for other popular HP printer types. Next, we demonstrate the delivery of this modified firmware update over the network to a fully locked-down printer. Lastly, we present an accurate distribution of all HP printers vulnerable to our attack, as determined by our global embedded device vulnerability scanner (see [1]). Our scan is still incomplete, but extrapolating from available data, we estimate that there exist at least 100,000 HP printers that can be compromised through an active attack, and several million devices that can be compromised through reflexive attacks. We will present a detailed breakdown of the geographical and organizational distribution of observable vulnerable printers in the world. *We have also unpacked several engine-control processor firmwares (different from the main SoC) and are currently attempting to locate code related to tracking dots. Perhaps we will have some results by December. In any case, HPacker will help the community to do further research in this direction, possibly allowing us to spoof / disable these yellow dots of burden.
-
15:07
»
SecDocs
Authors:
Ang Cui Jonathan Voris Tags:
hardware hacking Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Network printers are ubiquitous fixtures within the modern IT infrastructure. Residing within sensitive networks and lacking in security, these devices represent high-value targets that can theoretically be used not only to manipulate and exfiltrate the sensitive information such as network credentials and sensitive documents, but also as fully functional general-purpose bot-nodes which give attackers a stealthy, persistent foothold inside the victim network for further recognizance, exploitation and exfiltration. We first present several generic firmware modification attacks against HP printers. Weaknesses within the firmware update process allows the attacker to make arbitrary modifications to the NVRAM contents of the device. The attacks we present exploit a functional vulnerability common to all HP printers, and do not depend on any specific code vulnerability. These attacks cannot be prevented by any authentication mechanism on the printer, and can be delivered over the network, either directly or through a print server (active attack) and as hidden payloads within documents (reflexive attack). In order to demonstrate these firmware modification attacks, we present a detailed description of several common HP firmware RFU (remote firmware update) formats, including the general file format, along with the compression and checksum algorithms used. Furthermore, we will release a tool (HPacker), which can unpack existing RFUs and create/pack arbitrary RFUs. This information was obtained by analysis of publicly available RFUs as well as reverse engineering the SPI BootRom contents of several printers. Next, we describe the design and operation a sophisticated piece of malware for HP (P2050) printers. Essentially a VxWorks rootkit, this malware is equipped with: port scanner, covert reverse-IP proxy, print-job snooper that can monitor, intercept, manipulate and exfiltrate incoming print-jobs, a live code update mechanism, and more (see presentation outline below). Lastly, we will demonstrate a self-propagation mechanism, turning this malware into a full-blown printer worm. Using HPacker, we demonstrate the injection of our malware into arbitrary P2050 RFUs, and show how similar malware can be created for other popular HP printer types. Next, we demonstrate the delivery of this modified firmware update over the network to a fully locked-down printer. Lastly, we present an accurate distribution of all HP printers vulnerable to our attack, as determined by our global embedded device vulnerability scanner (see [1]). Our scan is still incomplete, but extrapolating from available data, we estimate that there exist at least 100,000 HP printers that can be compromised through an active attack, and several million devices that can be compromised through reflexive attacks. We will present a detailed breakdown of the geographical and organizational distribution of observable vulnerable printers in the world. *We have also unpacked several engine-control processor firmwares (different from the main SoC) and are currently attempting to locate code related to tracking dots. Perhaps we will have some results by December. In any case, HPacker will help the community to do further research in this direction, possibly allowing us to spoof / disable these yellow dots of burden.
-
-
21:41
»
SecDocs
Authors:
Christiaan Beek Tags:
malware intelligence malware analysis Event:
Black Hat Abu Dhabi 2011 Abstract: Over years the use of malware has dramatically changed. Ranging from programmers exploring the malicious possibilities of their programming code, copycats trying to combine code snippets, to organized crime and governments using custom made malware for their purposes. Where financial gratification is the main drive for cybercrime, it seems that the hunger for secrets and intellectual property is taking over. Some examples of cases are: Operation Aurora, Night-Dragon and recently Shady-RAT. These are examples of investigations that started with the detection of unknown customized malware, hiding on corporate networks and ended in large investigations regarding Data Loss. So how is it possible that this malware was undetected? How can you detect hidden malware on your network using open-source tools, what patterns to look for? What countermeasures can you take? How to build a layered malware defense to keep unknown malware out of your network. In my talk I will give some demo's how you can use Wireshark to investigate networkdata for traces of malware, how to filter for suspicious connections.
-
15:54
»
Packet Storm Security Recent Files
This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.
-
15:54
»
Packet Storm Security Misc. Files
This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test.
-
-
7:53
»
Packet Storm Security Recent Files
Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
7:53
»
Packet Storm Security Tools
Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
7:53
»
Packet Storm Security Misc. Files
Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
7:27
»
Packet Storm Security Advisories
Various antivirus software on Windows fails to detect, block and/or move malware if the executable file has only execution permission and no read, write, or other bits set.
-
7:27
»
Packet Storm Security Recent Files
Various antivirus software on Windows fails to detect, block and/or move malware if the executable file has only execution permission and no read, write, or other bits set.
-
7:27
»
Packet Storm Security Misc. Files
Various antivirus software on Windows fails to detect, block and/or move malware if the executable file has only execution permission and no read, write, or other bits set.
-
13:18
»
SecDocs
Authors:
Georg Wicherski Tags:
virtual machine malware malware analysis Event:
Black Hat USA 2010 Abstract: The increasing amount of new malware each day does not only put anti-virus companies up to new limits handling these samples for detection by creating new signatures. But also for network security providers and administrators, getting information on how samples affect the networks they try to protect is an increasing problem. Dynamic analysis of malware by execution in sandboxes has been an approach that has been successfully applied in both of these problem scenarios, however classic sandbox approaches clearly suffer from severe scalability problems. Most of these rely on setting up a real target system  such as the Windows XP operating system  as a virtual machine with additional software that does logging of performed actions. While these are easy to develop and set up, they require a separate virtual machine instance for each malware sample to be analyzed and therefore do not scale up with today's requirements in terms of malware growth. Anti-Virus vendors tried to circumvent performance issues for file analysis by developing custom emulators that can be deployed on a customer end-host for detection and do not require a whole operating system inside a virtual machine. These emulators however often are software interpreters for the x86 instruction set and run therefore into execution speed limitations on their own. Additionally, they suffer from detectability because they try to emulate every single Windows API but suffer from accuracy issues. dirtbox is an attempt to implement a highly scalable x86/Windows emulator that can be both used for simple malware detection and detailed behavior analysis reports. Instead of emulating every single x86 instruction in software, malware instructions are executed directly on the host CPU in a per basic block fashion. A disassembling run on each basic block ensures that no privileged or control flow subverting instructions are executed. The notion of virtual memory that is separated from the emulators memory is employed by special LDT segments and switching segment selectors before executing guest instructions. Since no instrumentation alike instruction rewriting is being done, disassembler results per basic block can be cached and all execution happens in the same process without context-switches, a high grade of performance is achieved. The operating system is emulated at the syscall layer. While this layer is mostly undocumented and implementing it in an accurate fashion is a challenging task on its own, the fact that no register changes are leaked from Ring 0 thwarts a lot of detection techniques. For usage of the high-level APIs, corresponding libraries are directly mapped into the virtual memory as well.
-
-
11:15
»
SecDocs
Authors:
Jibran Ilyas Nicholas J. Percoco Tags:
malware cybercrime malware analysis Event:
Black Hat USA 2010 Abstract: We had a busy year. We investigated over 200 incidents in 24 different countries. We ended up collecting enough malware freaks [samples] to fill up Kunstkammer a few times over. Building upon last year's DEFCON talk, we want to dive deeper and bring you the most interesting samples from around the world - including one that made international headlines and the rest we're positive no one's ever seen before (outside of us and the kids who wrote them). This talk will bring you 4 new freaks and 4 new victims including: a Sports Bar in Miami, Online Adult Toy Store, US Defense Contractor, and an International VoiP Provider. The malware we are going to demo are very advanced pieces of software written by very skilled developers. The complexity in their propagation, control channels, anti-forensic techniques and data exporting properties will be very interesting to anyone interested in this topic.
-
11:15
»
SecDocs
Authors:
Jibran Ilyas Nicholas J. Percoco Tags:
malware cybercrime malware analysis Event:
Black Hat USA 2010 Abstract: We had a busy year. We investigated over 200 incidents in 24 different countries. We ended up collecting enough malware freaks [samples] to fill up Kunstkammer a few times over. Building upon last year's DEFCON talk, we want to dive deeper and bring you the most interesting samples from around the world - including one that made international headlines and the rest we're positive no one's ever seen before (outside of us and the kids who wrote them). This talk will bring you 4 new freaks and 4 new victims including: a Sports Bar in Miami, Online Adult Toy Store, US Defense Contractor, and an International VoiP Provider. The malware we are going to demo are very advanced pieces of software written by very skilled developers. The complexity in their propagation, control channels, anti-forensic techniques and data exporting properties will be very interesting to anyone interested in this topic.
-
-
0:26
»
SecDocs
Authors:
Kevin Mahaffey John Hering Tags:
malware malware analysis phone Event:
Black Hat USA 2010 Abstract: The mobile app revolution is upon us. Applications on your smartphone know more about you than anyone or anything else in the world. Apps know where you are, who you talk to, and what you're doing on the web; they have access to your financial accounts, can trigger charges to your phone bill, and much more. Have you ever wondered what smartphone apps are actually doing under the hood? We built the largest-ever mobile application security dataset to find out. Mobile apps have grown tremendously both in numbers and capabilities over the past few years with hundreds of thousands of apps and billions of downloads. Such a wealth of data and functionality on each phone and a massive proliferation of apps that can access them are driving a new wave of security implications. Over the course of several months, we gathered both application binaries and meta-data about applications on the most popular smartphone platforms and built tools to analyze the data en masse. The results were surprising. Not only do users have very little insight into what happens in their apps, neither do the developers of the applications themselves. In this talk we're going to share the results of our research, demonstrate a new class of mobile application vulnerability, show how we can quickly find out if anyone in the wild is exploiting it, and discuss the future of mobile application security and mobile malware.
-
-
7:29
»
Packet Storm Security Recent Files
Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
7:29
»
Packet Storm Security Misc. Files
Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
-
-
7:17
»
SecDocs
Authors:
Mikko Hypponen Tags:
malware phone Event:
Black Hat USA 2010 Abstract: Computers do not have a built-in billing system. Phones do: it's called the phone bill. We have already seen the first examples of money-making malware that infects various types of smartphones. This talk will go into details of the currently known smartphone trojans that either place calls or send text messages to expensive premium-rate numbers. How does this work technically? Which platforms are at risk? What kind of premium-rate numbers are the criminals using? How do they route the money back to them without getting caught? And what can we do about this before it gets worse?
-
-
10:41
»
SecDocs
Authors:
Neil Daswani Tags:
malware web server Apache Event:
Black Hat USA 2010 Abstract: Drive-by downloads planted on legitimate sites (e.g., via "structural" and other vulnerabilities in web applications) cause web sites to get blacklisted by Google, Yahoo, and other search engines and browsers. In this talk, I describe the technical architecture and implementation of mod_antimalware, a novel, open-source containment technology for web servers that can be used to 1) quarantine web-based malware infections before they impact users, 2) allow web pages to safely be served even while a site is infected, and 3) give webmasters time to recover from an attack before their web sites get blacklisted by popular search engines and browsers.
-
10:41
»
SecDocs
Authors:
Neil Daswani Tags:
malware web server Apache Event:
Black Hat USA 2010 Abstract: Drive-by downloads planted on legitimate sites (e.g., via "structural" and other vulnerabilities in web applications) cause web sites to get blacklisted by Google, Yahoo, and other search engines and browsers. In this talk, I describe the technical architecture and implementation of mod_antimalware, a novel, open-source containment technology for web servers that can be used to 1) quarantine web-based malware infections before they impact users, 2) allow web pages to safely be served even while a site is infected, and 3) give webmasters time to recover from an attack before their web sites get blacklisted by popular search engines and browsers.
-
-
19:23
»
Packet Storm Security Recent Files
This white paper aims to understand the operation of an Android malware named "*DroidKungFu 2 - A*" and investigate the parameters, code and structure which is created or modified by this malware. It also highlights the mitigation steps which requires the user and the developer to be proactive.
-
19:23
»
Packet Storm Security Misc. Files
This white paper aims to understand the operation of an Android malware named "*DroidKungFu 2 - A*" and investigate the parameters, code and structure which is created or modified by this malware. It also highlights the mitigation steps which requires the user and the developer to be proactive.
-
-
13:13
»
SecDocs
Authors:
Christiaan Schade Damiano Bolzoni Tags:
malware malware analysis Event:
Black Hat USA 2010 Abstract: In this presentation we will show a new approach to perform on-the-fly malware analysis (even of previously unknown malware), without the need of deploying any instrumentation at the end host before hand. Our approach leverages the fact that malware quite often comes as a small (in size) "spore", which is then responsible for making the malware persistent on the targeted host and download additional components ("eggs"). Eggs usually come in the shape of executables or DLLs, and extend the capabilities of the spore (password grabbing, URL redirection, etc.) Our system, we call it Avatar, detect failed attempts to download eggs, and ships back to the suspected malware what we call a "red pill". When the malware executes the red pill, this performs some preliminary checks and can send to an instrumented host a copy of the parent process' executable. In this instrumented (i.e., sand-boxed) environment it is possible to perform real-time analysis of the suspicious program. The red pill can be then remotely instrumented to terminate the monitored process, in case it appears to be a real threat. By doing so, it is possible to effectively contain a large infection.
-
-
2:57
»
SecDocs
Authors:
Kuniyasu Suzaki Quynh Nguyen Anh Tags:
malware debugger malware analysis Event:
Black Hat USA 2010 Abstract: Dynamic malware analysis is an important method to analyze malware. The most important tool for dynamic malware analysis is debugger. However, because debuggers are originally built by software developers to debug legitimate software, they have some significant flaws against malware. First of all, malware can easily detect the presence of debugger with various tricks. Another fundamental problem is that because malware run in the same security domain with debugger, they can potentially tamper with the debugger, and prevent it from functioning correctly. Unfortunately, all of the above drawbacks are unfixable in the current architecture. This research presents a new debugger named Virt-ICE, which is designed to address the problems of current malware debuggers. Using virtualization technology, Virt-ICE is totally invisible to malware, thus renders most available anti-debugging techniques useless. Thanks to the isolation provided by virtual machine, Virt-ICE is out of the reach of malware, and cannot be tampered with. Another advantage of Virt-ICE is that unlike many other popular debuggers, it can deal with ring-0 code, therefore it has no issue handling kernel rootkits. Virt-ICE also offers a novel event-based method to intercept malware execution, which can help to improve the debugging efficiency. Finally, Virt-ICE includes some built-in automatic malware analysis facilities to give the analysts more information on malware, so they can reduce the time on the job by focusing their debugging efforts on important points. We conclude the talk with some live demos to show how Virt-ICE can debug some real malware.
-
-
19:03
»
Packet Storm Security Recent Files
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
19:03
»
Packet Storm Security Tools
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
19:03
»
Packet Storm Security Misc. Files
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
-
10:01
»
SecDocs
Authors:
Nicolas Seriot Tags:
malware iPhone rootkit Event:
Hashdays 2010 Abstract: Apple's AppStore moves the burden of security management from the user to the vendor. Apple semi-automatically verifies each of the 200.000 applications and their updates. Moreover, when an application is downloaded on the iPhone, a sandboxing mechanism is supposed to prevent it from reading other applications' data. We showed at Black Hat DC 2010 that such a schema did not prevent malware from reaching the App Store and harvesting personal data. This talk will discuss the current state of iOS 4 privacy and show to what extent iOS 4 fixes the issues raised earlier this year. We will also present some findings about another possible frauds happening inside the App Store eco-system such as "App Farms", which basically consists in artificially boosting applications ratings with stolen accounts.
-
10:01
»
SecDocs
Authors:
Nicolas Seriot Tags:
malware iPhone rootkit Event:
Hashdays 2010 Abstract: Apple's AppStore moves the burden of security management from the user to the vendor. Apple semi-automatically verifies each of the 200.000 applications and their updates. Moreover, when an application is downloaded on the iPhone, a sandboxing mechanism is supposed to prevent it from reading other applications' data. We showed at Black Hat DC 2010 that such a schema did not prevent malware from reaching the App Store and harvesting personal data. This talk will discuss the current state of iOS 4 privacy and show to what extent iOS 4 fixes the issues raised earlier this year. We will also present some findings about another possible frauds happening inside the App Store eco-system such as "App Farms", which basically consists in artificially boosting applications ratings with stolen accounts.
-
-
16:04
»
Packet Storm Security Recent Files
Whitepaper called Demystifying the Android Malware. It dives into various phases to discuss the hows and whys behind malware implementation for Android.
-
16:04
»
Packet Storm Security Misc. Files
Whitepaper called Demystifying the Android Malware. It dives into various phases to discuss the hows and whys behind malware implementation for Android.
-
-
17:39
»
Packet Storm Security Recent Files
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
17:39
»
Packet Storm Security Tools
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
17:39
»
Packet Storm Security Misc. Files
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
-
7:50
»
Packet Storm Security Recent Files
Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.
-
7:50
»
Packet Storm Security Misc. Files
Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process.
-
-
4:01
»
Hack a Day
Looks like the FBI is starting to get pretty serious about fighting malware. Traditionally they have attacked the servers that activate and control botnets made up of infected computers. This time they’re going much further by taking control of and issuing commands to the botnets. In this instance it’s a nasty little bug called Coreflood, [...]
-
-
18:58
»
Packet Storm Security Recent Files
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
18:58
»
Packet Storm Security Tools
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
18:58
»
Packet Storm Security Misc. Files
Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
-
-
13:39
»
SecDocs
Authors:
Neil Daswani Tags:
malware Event:
Black Hat DC 2011 Abstract: The Web 2.0 transformation has in part involved many sites using third-party widgets. We present the "widgetized web graph" showing the structure of high traffic web sites from the standpoint of widgets, show how web-based malware and scareware is propagated via such widgets, and provide data on how a mass web-based malware attack can take place against the Quantcast 1000 web sites via widgets.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution