MyTechFinds.com

  • Increase font size
  • Default font size
  • Decrease font size
Home xBlogs Security
Hyper Security
"Finding your way in the Dark world of Information security.."

  • Uncovering Win32/Momibot communication
    The malware sample i am going to be looking at today is classified as Backdoor:Win32/Momibot by Microsoft and also referred to as Backdoor/IRCNite by some other AV vendors. Packet captures of the sample from my automated sandbox results look something like this - So, basically the Trojan is communicating on TCP ports 8090 as well as 80. Forcing wireshark to decode packets with TCP port 8090

  • Quick look into CVE-2011-1255 Microsoft IE Time Element Memory Corruption vulnerability
    Microsoft patched this vulnerability in June’s Patch Tuesday, but as usual an exploit has emerged for it. The M86 Security team stumbled upon an exploit in the wild and they have already done an excellent job of covering the exploit vector. I fired up Malzilla and decided to dig a little bit deeper to see how the exploit works. This is a use-after-free vulnerability that is exploited using

  • Blocking Ultrasurf
    As part of maintaining Application Recognition signatures, I often get asked by customers if we have support for blocking Ultrasurf – the free proxy based anonymizer tool that is often (miss)used for bypassing content filters in enterprises. Unfortunately, blocking this over Network using IPS signatures is not possible since the traffic is encrypted. There has been good amount of analysis done

  • Google Code hosting Malware components
    Nothing new, It has happened in the recent past as folks at Zscaler had pointed out. But this time its not the malware itself, but part of its configuration and components being hosted on Google code servers. For those who don’t know Google code is a free, Web based platform that provides tools and resources to developers interested in working on Google-related open source software projects or

  • After long time..
    Yeah, Its been a really really long time since I have written something here and I apologize for that. It’s just that I have been a hell lot busy with new stuff at work and a lot of research that I have been doing in building Malware automation Frameworks ! Plus not to mention the ton of 0days that have been piling on recently. Hopefully, I should get some more free time from now on and I will

  • Trojan Heloag Botnet
    Looks like there is a new Botnet on the horizon. Win32/Heloag is treated as Backdoor Trojan by many AV companies but appears to be a new kind of Botnet that uses P2P for communicating with its peers and Bot master. Its been out there for a while now. A recent post by Arbor Networks on the Bot’s analysis actually prompted me to have a closer look at this piece of malware. Either their report is

  • PDF Command execution vulnerability
    Researcher Didier Stevens just managed to discover that he can make PDF reader execute any command without exploiting any vulnerability ! On his blog he demonstrated how the “Launch” action parameter of PDF document can be abused to execute arbitrary command on the victims machine. Though he did not reveal complete details, his partial PoC is good enough to guess how the attack can be made

  • Trying to skip the fish
    Automated Web application security testing tool “skipfish” was released recently which seem to have generated a lot of attention in the “security community”. So,I decided to give it a try and install it in my lab. Unfortunately, I run very old Linux distros in my lab (like RedHat 9 for example) and I am too lazy to upgrade to newer versions. Anyways, during installation I soon realized that it’s

  • CVE-2010-0188 Adobe Reader TIFF vulnerability
    The recent Adobe reader vulnerability (CVE-2010-0188) seems to be doing lot of rounds these days. Thanks to Mila (contagio blog), I got a chance to look at the malicious PDF file. A Quick look at the stats using pdf-parser tool reveals the structure of this file - C:\Analyze>pdf-parser.py -a "2010 March Luncheon Invitation_FINAL.pdf" Comment: 4 XREF: 0 Trailer: 0 StartXref: 2

  • Olympics 2010 news ending up with Malware
    Recently I covered how malware authors use Blackhat SEO poisoning to distribute malware on unsuspecting victims. Since then, I have been closely monitoring the news trends and this time the bad guys are targeting is searches related to Vancouver Olympic games 2010. Tragedy struck at the Olympic games Luge (ice racing) event, when a 21 year old athlete Nodar Kumaritashvili died during a

Browse

Login

Like it? Share it!


Search

Polls

Which of the following are characteristics of testable software?
 

MyTechFinds

Advertisement

Help us
We have 8 guests online