Skip navigation.
Home

Malware

Reversing TDSS: The x64 Dollar Question

| |

In the two years since the Win32/Olmarik family of malware programs (also known as TDSS, TDL and Alureon) started to evolve, its authors have implemented a notably sophisticated mechanism for bypassing various protective measures and security mechanisms embedded into the operating system. Read more here Reverse Engineering Malware

The fourth version of the TDL rootkit family (TDL4) is the first reliable and widely spread bootkit to target x64 operating systems (Windows Vista and Windows 7). Since TDL4 started to spread actively in August 2010, several versions of the malware have been released. By comparison with its predecessors, TDL4 is not just characterized by modification of existing code, but to all intents and purposes can be regarded as new malware. Among the many changes that have been applied as it developed, the most radical were those made to its mechanisms for self-embedding into the system and surviving reboot. One of the most striking features of TDL4 is its ability to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and Windows 7) and perform kernel-mode hooks with kernel-mode patch protection policy enabled. This makes TDL4 a powerful weapon in the hands of cybercriminals. In this article, we consider the PPI (Pay Per Install) distribution model used by both TDL3 and TDL4, and the initial installation.

Looking for IEDefender and Files Secure Rogue Samples

|

Does anyone have a sample of the rogues IEDefender and Files Secure?

If anyone can link me to it or upload it, that would be great.

Thank you.

Antivirus processor names!

|

I would need a list of these anti-virus Processor names:

BitDefender Antivirus (2011 or 2010)

Kaspersky Anti-Virus (2011 or 2010)

Norton AntiVirus (2011 or 2010)

ESET Nod32 Antivirus (2011 or 2010)

AVG Anti-Virus (2011 or 2010)

Avira AntiVir (2011 or 2010)

Trend Micro Titanium (2011 or 2010)

Avast! Pro Antivirus (2011 or 2010)

F-Secure Anti-Virus (2011 or 2010)

McAfee AntiVirus (2011 or 2010)

Panda Antivirus (2011 or 2010)

and these anti-malware Processor names:

Malwarebytes' Anti-Malware (2011)

Kenzero ransomware sample anyone?

|

I'm looking for a sample of this one because it doesn't look as if a comprehensive analysis of its content has been done:

http://www.schneier.com/blog/archives/2010/09/kenzero.html

full papers on japanese one-click malware (including Kenzero) found here:

http://www.andrew.cmu.edu/user/nicolasc/publications/TR-CMU-CyLab-10-011.pdf

Any samples left over from late last year, anyone? Thank you and much love.

Malware network activities

|

Hi guys,

I tested a few banking Trojan on my Lab computer, and trying to find out how do they steal people's logins.
I monitored network activities after executed the malware. There are some DNS query to some foreign IP, some of them have http queries to GET some files from other sites, some have POST activity.
It is very good to find these, however, I could not figure out whether all these IP or sites have something to do with the "info chain".

Example here:
DNS query www.xxxx.org.
Outgoing tcp connection to IP: xx3.xx5.xx8.xx1 PORT: 80 (http)

Looking for Files Secure Rogue Sample

|

Files Secure v2.1

Please md5 or link

Thanks

Looking for Files Secure Rogue Sample

Files Secure v2.1

Please md5 or link

Thanks

Anyone Have TDL5?

|

Does anyone have a installer for the TDL-type malware that is infecting drivers volsnap.sys and atapi.sys? This is a new one i have been seeing lately on customer machines. Seems the only way to remove this is replacing these files offline and fixing the other redirects in the browser addons.

If anyone has one please let me know, this is a good one that has taken some time to remove but now i just need a installer for testing.

anyone have "Stars"?

|

Looking for a copy of "Stars" if anyone has it :)

http://www.haaretz.com/news/international/report-iran-computers-targeted-by-second-cyber-virus-stars-1.357997

Byte Frequency

|

Can any one suggest me how to calculate byte frequency for particular malware software. If anyone aware of the Byte Frequency Based Detection Model(BFBDM) ...just elaborate the concept how to find byte frequency with this approach.

Please Respond Immediately.

Thanks

Syndicate content