Skip navigation.


web malware protection by integrity tools like tripwire


website infection for Malware spreading is hot happening these days but if we look at the protection at client side attack then
1.AV technology at client comes into picture:chances of evasion is still there.
2.Web Application security and server security:chances of evasion is still there.

I have heard lot about integrity monitoring system at server side but do we have evasion incident over them also.i think these are really absolute protection technology.

I was really wondering if security admins would be able to sleep well after putting integrity monitoring systems .

Buffer overflow attack in Microsoft Word targetted at the sensitive organization

| | | |

The malicious doc mail has been sent to the organization.I am analyzing it but it don't contain any malicious VB script but officemalwarescanner does show it as creating
Api-Name GetTempPath
Api-Name CreateFile
Api-Name CloseHandle
Api-name WriteFile

I am trying to find any shell code if any .

i have posted the doc file at h__p://

Siberia Exploit Pack. Another package of explois In-the-Wild


Siberia Exploit Pack is a new package designed to exploit vulnerabilities and recruit zombies original, as is easy to deduce from its name and as is customary in this area crimeware clandestine business in Russia.

RussKill. Application to perform denial of service attacks


Conceptually speaking, a DoS attack (Denial of Service attack) is basically bombarded with requests for a service or computer resource to saturate and the system can not process more data, so those resources and services are inaccessible, "denying" the access to anyone who wants them.

From the standpoint of computer security, Denial of Service attacks are a major problem because many botnets are designed to automate these attacks, especially those of particular purpose, taking advantage of computational power offered by the network of zombies. In this case, the attack is called Distributed Denial of Service (DDoS).

Moreover, under the framework of the concept of cyberwarfare, this type of attack is part of the armament "war" through which virtual scenarios presented conflicts between their requirements as to neutralize a state vital services.

RussKill is a web application that is classified within these activities and that despite being extremely simple, both in functionality and in the way of use, is an attack that could be very effective and difficult to detect.

As is customary in the current crimeware, the web application is of Russian origin and has a number of fields with information about how and against whom to carry out the attack, letting you configure the packet sequence, ie the flow in amount. The option "Hide url" is a self-defensive measure designed to ensure that the server is detected.

Although several methods of DoS attacks, RussKill makes use of the attacks HTTP-flood and SYN-flood. In both cases the servers for flood victims through http requests and packets with fake source IP addresses respectively.

As I said at first, the denial of service attacks are a danger for any information system, regardless of the platform that supports services and applications such, in this case site, demonstrates the ease with which an attack of this type can run.

Jorge Mieres
Pistus Malware Intelligence

Newest PDF Exploit CVE-2009-4324



does anybody have the pdf-exploit that is involved in this malware?


DDoS Botnet. New crimeware particular purpose

| |

An attack by Denial of Service (DoS) consists basically of abuse of a service or resource by successive requests, either intentional or negligent, which eventually break the availability of such service or resource temporarily or completely.

When this type of attack is performed using the processing power of an important set of computers carrying out the abuse of requests synchronously, we are witnessing an attack Distributed Denial of Service (DDoS).

T-IFRAMER. Kit for the injection of malware In-the-Wild

| |

T-IFRAMER is a package that allows you to automate, centralize and manage via http the spread of malicious code via code injection sites violated viral techniques using iframe, and feed a botnet. We then see a screen capture of authentication.

While there is a complex kit allows computer criminals manage the spread of malware via the http protocol type attacks using Drive-by-Download and Drive-by-Injection by inserting iframe tags in web pages violated.

The four key modules: Stats, Manager, Iframes and Injector, and each has the main function to optimize the spread of malware.

The first one (Stats) to manage FTP accounts violated having control over them with the ability to upload files. Thus begins one of the cycles of propagation of malicious code.

ZeuS and power Botnet zombie recruitment

| |

As I have said on several occasions, ZeuS botnets is one of the more "media" (hence one of the best known and popular), more aggressive and criminal activity that has more advanced functions that allow phishing attacks, monitor the zombies in real time and collect all this information through different protocols.

Morfeus F*cking Scanner

| | |

Hello, I am trying to find out what exactly is behind the flurry of "Morfeus Fucking Scanner" web-vulnerability scans going on out there. After some research, a lot of people are reporting seeing it but no-one seems to be reporting or linking to an actual tool responsible.

Does anyone have more information on the tool? Any possibility of getting a copy?


Turbodiff v1.01 Beta Released

| |

Turbodiff is a high-performance IDA plugin designed to detect differences between executable binaries.
It works on architectures supported by IDA 4.9 FREE, IDA 5.0 through 5.5.
Turbodiff was developed by Nicolas A. Economou, from the Exploit Writers Team of Core Security Technologies.

The tool's page is here: Coresecurity's Turbodiff

You can also read the
presentation of Turbodiff at Ekoparty '09

Buenos Aires, Argentina.

Syndicate content