Skip navigation.
Home

Research

Win7av

|

Im looking for a sample of Win7av :)

Help is nice :D

Window 7 64 bits UAC on.. no malware working ?

|

Hi, I'm trying to test security of Windows 7 64bits and limited user account because I'm not convinced that current malware (common one's) can work properly in Windows 7 64 bits environnement (if the user answer UAC question correctly ) Am I wrong or not ?
someone could give me names of malware which bypass UAC and limited account restrictions ?
greetings

Collaborating/co authoring a paper on Quality Control initiatives

|

Looking for help with collaborating/co authoring a paper on Quality Control initiatives in the av business, something along the lines of (but not limited to) using six sigma, quality control multi engine scanner, using principles from Academia such as ) Markov Chains etc. ) to improving Q/A standards.

Also looking at flaws at the current Q/A practise followed.

Sample of W32.TmpHide

| | | |

Hi everyone, I am looking for a sample of a new worm called TempHid or TmpHider which exploits Windows shell vulnerability (CVE-2010-2568) to execute arbitrary code, the worm also contains rootkit-like capabilities to hide its presence

Details:-

www.symantec.com/business/security_response/writeup.jsp?docid=2010-071400-3123-99&tabid=2

www.microsoft.com/technet/security/advisory/2286198.mspx

Paper collabration partner

|

Hi Guys,

Looking for someone to collaborate on a paper focusing on quality control in the anti virus industry (improvements/new approaches/current flaws).

Also would really appreciate any feedback or guidance people have on the subject or inputs on what they feel that are areas where people in the A/V industry should focus on.

Symbian

Finding the TDSS authors and affiliates ---- An Analysis

Although it is a mystery who created TDSS, there are some interesting strings in some of TDSS'es files.

Lets start with this one.

If we open the file in notepad, we see this somewhere:

Comments Thanks to Edin Kadribasic, Marcus Boerger, Johannes Schlueter

FileVersion 5.2.11.11 0
InternalName php.exe |$ LegalCopyright Copyright 1997 - 2007 The PHP Group 0 LegalTrademarks PHP 8 OriginalFilename php.exe PrivateBuild 8 ProductName PHP php.exe 2 ProductVersion 5.2.11 SpecialBuild URL http://www.php.net D VarFileInfo $ Translation Z y D @ M u . ? / $ !

Intelligence and operational level by Siberia Exploit Pack

| |

Siberia Exploit Pack is a crimeware, evolution of Napoleon Exploit Pack, which we've done a brief description on another occasion. However, since the time of that description to this day, the landscape has expanded its developer.

In this regard, and while it ends up being one of the bunch, the interesting thing about this crimeware is information provided by their panel of statistics (intelligence for the attacker), by the way very similar to that provided by Eleonore Exploit Pack, which provide data regarding the success of business which has the exploit  pack for recruitment zombie, discriminating on the basis of these data:

  • Countries affected
  • Most exploited Operating Systems
  • Reference domains with the highest percentage by which vulnerabilities are exploited
  • Browsers exploited
  • Pre-compiled exploits in this version of the package

Let me stress (because it's a minor detail) with this collection of information is nothing more than to intelligence, which allows the attacker to know, at first instance:

In the former case, the population of which country is more vulnerable, perhaps because of their level of piracy, which brings to attention the lack of security updates for operating systems and applications, because as we will see to reach exploits, all these are known and have long been concerned with the patch that fixes the vulnerability.

In this case, the first five countries where this crimeware has higher infection rate include the United States, Britain, Canada, Russia and Germany.

The same approach is being pursued with the data we obtained on operating systems "vulnerable" in quotes because, as I said above, the degree of vulnerability of the OS depends directly on a number of aspects that should be covered by hardening, in which an important factor is the implementation of security patches.

For example, the vulnerability in MDAC (Microsoft Data Access Components) from the year 2006 (four years), described in Microsoft Official Bulletin MS06-014. The impact on operating systems have this version of crimeware, we can see in the picture below.

The list of operating systems is large and attacked the three with the highest vulnerability gap belongs to the family of Microsoft (which is obviously due to the massiveness of use), and other MS also.

However, the crimeware cover other non-Windows operating systems, including PlayStation consoles (GNU / Linux or Black Rhino) and Nintendo Wii (ironically a modified version of a GNU/Linux), in the case of OS used and Workstations high-end mobile phones, including:

  • Mac OS
  • GNU/Linux
  • FreeBSD
  • iPhone
  • Windows Mobile
  • Windows CE
  • Pocket PC
  • Symbian OS

Here we are beginning to recognize that criminals have broadened the scope of coverage, incorporating into its portfolio of options exploitation of vulnerabilities (through the browser) and recruitment of zombies on other operating systems used in other computer technologies.

State of the art in CRiMEPACK Exploit Pack

| |

CRiMEPACK exploit pack is a widespread and accepted in the crime scene in this area came under the slogan "Highest Lowest rates for the price".

He is currently In-the-Wild 3.0 version is being developed as alpha (the first of this version). That's, is in the middle stage of evaluation, perhaps in the next few days will go on sale in underground forums, at which time it will know your actual cost.

Like any pack exploit, it also consists of a set of pre-compiled exploits to take advantage of a number of vulnerabilities in systems with weaknesses in some of its applications, then download and run (Drive-by-Download & Execute) codes malicious and convert that system into a zombie, and therefore part of the apparatus crime.

And I mean ... "criminal" because those behind the development of this type of crimeware do for this purpose. And judging by the pictures (a washcloth, a handgun, a wallet, money and what appears to be cocaine, own scenario of all mafia) observed in the authentication interface your control panel, this definition is very evident.

The first time I found this package was in 2009, when version In-the-Wild was version 2.1 and later expressed his "great leap" to one of the most popular: version 2.8 (still active) which in early 2010 had incorporated into its portfolio of exploits CVE-2010-0188 y CVE-2010-0806; in addition to adding an iframe generator and function "Kaspersky Anti-emulation", at a cost of USD 400.

IPv6 Malware

|

Hi guys,

I'm a newbie here. we all know that these malware will impact the operating system. & in term of propagation, its propagate on IPv4 network normally. Can anybody tell me what type of malware (virus, worm, trojan & etc) which can give impact in IPv6 network or, better still the malware which can propagate in both network. Please provide me where gain the resource.

I'm please to hear any comment or suggestion from you guys.

Zul

PDF Exploit detection system: Joedoc

We are happy to release Joedoc a novel runtime analysis system for detecting exploits in documents like pdf and doc. In its current beta stage it detects pdf exploits in Acrobat Reader 7.0.5, 8.1.2, 9.0 and 9.2. Check out the submission instructions on www.joedoc.org to check malicious pdfs.

Syndicate content