malware 썸네일형 리스트형 Guest Diary: Xavier Mertens - Analyzing an MS Word document not detected by AV software [Guest Diary: Xavier Mertens] [Analyzing an MS Word document not detected by AV software]Like everybody, I'm receiving a lot of spam everyday but... I like it! All unsolicited received messages are stored in a dedicated folder for two purposes:An automatic processing via my tool mime2vt (http://blog.rootshell.be/2014/12/15/automatic-mime-parts-scanning-with-virustotal/)A manual review at regular.. 더보기 Reverse Engineering Vectored Exception Handlers: Structures (1/3) This series of posts will cover the details of reverse engineering the AddVectoredExceptionHandlerfunction, a Windows API function responsible for registering a special type of exception handler at runtime. The series will be split in to three parts: first identifying key structures that are used, second understanding the implementation, and lastly re-implementing the reverse engineered assembly.. 더보기 Hidden backdoor API to root privileges in Apple OS X The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It’s been there for several years (at least since 2011), I found it in October 2014 and it can be exploited to escalate privileges to root from any user account in the system.The intention was probably to serve the “System Preferences” app and systemsetup (command-line tool), but any user process can use the sam.. 더보기 CRYPVAULT: New Crypto-ransomware Encrypts and “Quarantines” Files We uncovered a new crypto-ransomware variant with new routines that include making encrypted files appear as if they were quarantined files. These files are appended by a *.VAULT file extension, an antivirus software service that keeps any quarantined files for a certain period of time. Antivirus software typically quarantines files that may potentially cause further damage to an infected system.. 더보기 Android Installer Hijacking Bug Used as Lure for Malware Mobile users became alarmed after the discovery of an Android bug that was dubbed as the “Android Installer Hijacking vulnerability.” This flaw can allow cybercriminals to replace or modify legitimate apps with malicious versions that can steal information. Given the high profile nature of this discovery, we decided to search for threats that might exploit this vulnerability.A scanner app was re.. 더보기 NewPosThings Has New PoS Things Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now seeing new developments in this area—namely, versions for 64-bit and higher.The 64-bit version is outSimilar to the previous 32-bit version reported last year, the 64-bit sample is a multifunction Trojan that inc.. 더보기 Crypto-Ransomware Sightings and Trends for 1Q 2015 It seems that cybercriminals have yet to tire of creating crypto-ransomware malware.Since the start of 2015, we have spotted several variants of crypto-ransomware plague the threat landscape. In January, the Australia-New Zealand region was beset by variants of TorrentLocker. But we soon discovered that TorrentLocker infections were not limited to that region; Turkey, Italy, and Francewere also .. 더보기 YARA Rules For Shellcode I had a guest diary entry about my XORSearch tool using shellcode detection rules from Frank Boldewin's OfficeMalScanner. To detect malicious documents, Frank coded rules to detect shellcode and other indicators of executable code inside documents.I also translated Frank's detection rules to YARA rules. You can find them here, the file is maldoc.yara.This is an example:rule maldoc_API_hashing { .. 더보기 CVE-2011-2461 Security researchers Luca Carettoni and Mauro Gentile recently found during their research that even though Adobe has fixed an old vulnerability found in 2011 (CVE-2011-2461), its side effects still linger around the Internet. Your favorite websites might still be affected by this bug.They have shared great details in their blog post. Let’s take a quick look at the issue and how the vulnerabilit.. 더보기 Baidu’s traffic hijacked to DDoS GitHub.com As a Chinese living outside of China, I frequently visit Chinese websites, many of which use advertising and visitor tracking provided by Baidu, the largest search engine available in China. As I was browsing one of the most popular Chinese infosec community in China, zone.wooyun.org, at around 12:00pm GMT+8, my browser suddenly started to pop up JS alerts every 5 seconds.My first thought was so.. 더보기 이전 1 ··· 25 26 27 28 29 30 31 ··· 57 다음