Skip navigation.
WARNING: This site contains samples of live malware. Use at your own risk.

Exploiting human weakness with AntivirusPro 2009

Almost everyday our viewers ask us about Rogue anti-malware software. Out of all of the questions we receive, the most common is “When will these attacks stop?” The sad truth is that we cannot see an end to this problem in near sight. As long as the malicious individuals are able to trick or force users into downloading, installing, and eventually paying for their fake “Rogue” anti-malware products, they will continue to develop and push the envelope.

More information here...


MS08-067 Gimmiv Worm

Here is the Gimmiv worm that was created for the latest Microsoft patch. Kudos to Microsoft for patching the flaw out of band and not sitting on it.


Please comment if you upload other samples and I will update this post.

Thanks to Dobby for these additional samples:


Antivirus 2009 - 2 files added - 5 domains added (Low Detection) 1/36

Today I came across a new Antivirus 2009 binary with a 1 out of 36 detection ratio on VirusTotal. The session starts at and that page is reduced to a pop-up message, as usual. Then we are briefly taken to where the affilliate information for the malware creators is sent and then redirected to the point of download,

more info here...
b0674e8e6c99de286a62b2fde5358110 talk on Rustock.C

On Thursday morning i will give talk on Rustock.C analysis at the in Luxembourg. After the conference is over, i will publish the slides on my site. I hope there will be some interesting speeches and good discussions on security and malware-analysis.

cu @ the conference!


Malware Challenge


Participants should download the malware sample and analyze it. The end result should be a document containing details on the analysis performed. The analysis document can be written in any form, but the questions and statements beow should be answered within it. Participants should note what questions are being answered.

All the rules here:


A new member of the Offensive Computing team - Dante Allegro

| | | | | | | |

Hello everyone!

My name is Dante Allegro , and as the newest member of the team my job is to work with members of the commercial community who wish to purchase products and services from Offensive Computing.

If you or your company would like to utilize the Offensive Computing malware database in your commercial product, or if you have a specific job that you feel the Offensive Computing team can assist you with , please contact me and I will be quite happy to assist you.

As I am on the road quite a bit please contact me directly at dallegro ( at )

The End of Storm?

Dark Reading has posted a scandalous article about the end of the Storm worm.

"It’s been nearly a month now since the Storm botnet sent its last spam run -- significantly long enough that botnet researchers now conclude this could be the end of most infamous botnet once and for all."

Malware rockstars Joe Stewart and Paul Royal have weighed in on this and seem to suggest this is the case. I'm sad to hear about this because I had a lot of fun reversing the storm worm. It was one of the great worms, but it's a good thing that it's no longer spreading.

e-card.exe threat (Braviax + XP AntiSpyware 2009)

A new wave of e-card malspam is going out. The e-mail arrives spoofed as and installs XP Antivirus 2009 once on the computer.


Full details here...

iPhone Users Vulnerable to URL Spoofing Attack

As I was reading my RSS feeds, I just noticed that Aviv Raff disclosed two vulnerabilities found in iPhone on Jewish new year (Oct 2). But, to my surprise the phishing vulnerability isn’t new really ... Further Read

Prevalence of Exploited PDFs


While the threat landscape has changed dramatically over the past years, attackers are becoming increasingly aggressive in exploring ways to get into users’ system.

A spammed email with an EXE attachment no longer penetrates the wider network or users, now that most home users and enterprise networks have a certain level of awareness on information security.

But, how about spamming an exploited file like a PDF?

The incidents of exploited PDF files are not isolated. Instead, there has been a consistent prevalence and recurrence of this threat. Further Reading