Skip navigation.
Home

katsumi's blog

ZLOB sexy codec & Co

|

i think you know, sexycodec and fake AVs were propagated using e.g.
blog spamming
search engines
fake pronsites
hacked bbs and blogs

if case 'hacked', they use obfuscated javascript to do a 'document.write'.
both, sexycodec and fakeAV, are using the same "obfuscating engine".
play with their parameters and you are able to generate your "malware threat of the day"
by using their own cgi script.

sample:
hxyp://lineacount.info/cgi-bin/search?id=802
will send something like this:

easy detection of honeytrap

|

if you'r runnig honeytrap,
you should have a look at the way i try to detect it.
Again it's based on NetCat dump and again it is a module for a simple rbot,
just to demonstrate how easy it is to find the honeys,
even if you are a noob.

using for illegal things is prohibited

http://grospolina.org/C/htrap/htrap.cpp

awaiting your comments

Syndicate content