Skip navigation.
Home
WARNING: This site contains samples of live malware. Use at your own risk.

Exploiting human weakness with AntivirusPro 2009

Almost everyday our viewers ask us about Rogue anti-malware software. Out of all of the questions we receive, the most common is “When will these attacks stop?” The sad truth is that we cannot see an end to this problem in near sight. As long as the malicious individuals are able to trick or force users into downloading, installing, and eventually paying for their fake “Rogue” anti-malware products, they will continue to develop and push the envelope.

More information here...

751f86d2e478387fe0a507a1e6fd7b2d

MS08-067 Gimmiv Worm

Here is the Gimmiv worm that was created for the latest Microsoft patch. Kudos to Microsoft for patching the flaw out of band and not sitting on it.

d65df633dc2700d521ae4dff8c393bff

Please comment if you upload other samples and I will update this post.

Thanks to Dobby for these additional samples:

dc3fdfde66fffb6cfbec946a237787d8
f173007fbd8e2190af3be7837acd70a4
3ee354cc8b63b8849b28e6f376f2b263
6c3e53864541bb13fa7853f7b580b807
24cd978da62cff8370b83c26e134ff4c

Antivirus 2009 - 2 files added - 5 domains added (Low Detection) 1/36

Today I came across a new Antivirus 2009 binary with a 1 out of 36 detection ratio on VirusTotal. The session starts at antivirus-best.com and that page is reduced to a pop-up message, as usual. Then we are briefly taken to voodoorevenue.com where the affilliate information for the malware creators is sent and then redirected to the point of download, protection-overview.com.

more info here...
b0674e8e6c99de286a62b2fde5358110

Hack.lu talk on Rustock.C

On Thursday morning i will give talk on Rustock.C analysis at the Hack.lu in Luxembourg. After the conference is over, i will publish the slides on my site. I hope there will be some interesting speeches and good discussions on security and malware-analysis.

cu @ the conference!

cheers,
frank

Malware Challenge

|

Participants should download the malware sample and analyze it. The end result should be a document containing details on the analysis performed. The analysis document can be written in any form, but the questions and statements beow should be answered within it. Participants should note what questions are being answered.

All the rules here:
http://www.malwarechallenge.info/challenge.html

Prizes:
http://www.malwarechallenge.info/sponsors.html

A new member of the Offensive Computing team - Dante Allegro

| | | | | | | |

Hello everyone!

My name is Dante Allegro , and as the newest member of the team my job is to work with members of the commercial community who wish to purchase products and services from Offensive Computing.

If you or your company would like to utilize the Offensive Computing malware database in your commercial product, or if you have a specific job that you feel the Offensive Computing team can assist you with , please contact me and I will be quite happy to assist you.

As I am on the road quite a bit please contact me directly at dallegro ( at ) offensivecomputing.net.

The End of Storm?

Dark Reading has posted a scandalous article about the end of the Storm worm.

"It’s been nearly a month now since the Storm botnet sent its last spam run -- significantly long enough that botnet researchers now conclude this could be the end of most infamous botnet once and for all."

Malware rockstars Joe Stewart and Paul Royal have weighed in on this and seem to suggest this is the case. I'm sad to hear about this because I had a lot of fun reversing the storm worm. It was one of the great worms, but it's a good thing that it's no longer spreading.

e-card.exe threat (Braviax + XP AntiSpyware 2009)

A new wave of e-card malspam is going out. The e-mail arrives spoofed as 123greetings.com and installs XP Antivirus 2009 once on the computer.

906d95a9d5aa5db06ebb24f7168de0fe

Full details here...

iPhone Users Vulnerable to URL Spoofing Attack

As I was reading my RSS feeds, I just noticed that Aviv Raff disclosed two vulnerabilities found in iPhone on Jewish new year (Oct 2). But, to my surprise the phishing vulnerability isn’t new really ... Further Read

Prevalence of Exploited PDFs

|

While the threat landscape has changed dramatically over the past years, attackers are becoming increasingly aggressive in exploring ways to get into users’ system.

A spammed email with an EXE attachment no longer penetrates the wider network or users, now that most home users and enterprise networks have a certain level of awareness on information security.

But, how about spamming an exploited file like a PDF?

The incidents of exploited PDF files are not isolated. Instead, there has been a consistent prevalence and recurrence of this threat. Further Reading