I'm currently doing some work for a bank in The Netherlands, for which we want to do some investigation concerning trojans that influence financial traffic over the internet or steal money or data or such.
We're currently setting up some virtual machines and creating a seperate internet line for these things, but in order to set everything up right I need some trojans that are actively retreiving user information, such as usernames, passwords, accounts and other personal or financial information.
Looking for sample rootkit.
Google redirection ABNOW.com
I've been looking for Nimbda and I cannot find it here or anywhere else. Is it known as something else or super rare or something? I'd appreciate it if someone could upload a sample for me :)
Symantec said it came from Iran.
Anyone have this new driver or its idb at least?
I am looking for stuxnet sample for teaching purpose. Any links? I have the host VM ready to be infected with the right patches and the siemens software.
I am a PhD student from NTU Singapore, working on malware run-time behavior modeling.I want to evaluate the scalability of my approach. For that I need large amount of behavior profiles analyzed using any publicly available sandboxes like, CWSandbox or Anubis. So far I have found around 33K profiles analyzed using CWSandbox from Malheur. But I need some more, I hope to evaluate it on 100K behavioral profiles. Do anyone know where can I get them or publicly available.
Recently, anonymous hackers released symantec 2006 antivirus source code for all platforms .
As symantec released their quick analysis, it appears that the source code leaked from Indian military research and south asian shipping organizations .
the paper is available here :
also source code is available @ piratebay :
how do we find out (during analysis) that this particular malware is exploiting this particular vulnerability.
any links and indications highly appreciated.
thanks in advance
i"m looking for a sample of the rogue known as navashield. i would prefer to have it in a .zip file for security reasons but, any other method would be just fine. I'm pretty sure someone has posted a download link on the forum at some point or other
From a long time for those days (BHO is supported since IE 4.0) malware writers exploit BHO functionality to bully on IE users.
Mostly evil BHO has two functionality ( for sure if we talk about bankers):
- monitoring/logging requests sending by browser
POST dump - password stealing
- HTML page code dynamic modification
HTML code injection - used for e.g - adding additional form fields intended to obtain, more amount of TAN codes or generally some
Read entire post here: BHO Reversing