본문 바로가기

malware

Malicious iFrame Injector Found in Adobe Flash File (.SWF) Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iFrame is used to drop a binary browser exploit with .SWF files, infecting the client machine.This time we saw the opposite, where a binary .SWF file injects an invisible iFrame. This is an example of a malicious hidden iFrame injector written in Flash. This is .. 더보기
CVE-2014-8517″ vulnerability: Remote command execution in FreeBSD “CVE-2014-8517″ vulnerability: Remote command execution in FreeBSDFreeBSD developers have published a notification of elimination of vulnerability in FreeBSD.Operation of vulnerability allows to execute arbitrary commands, provides access to critical information and locks the computer. A malicious HTTP server could cause ftp to execute arbitrary commands.Danger level: High Availability fixes: Ye.. 더보기
justniffer a Packet Analysis Tool Are you looking for another packet sniffer? justniffer is a packet sniffer with some interesting features. According to the author, this packet sniffer can rebuild and save HTTP file content sent over the network. "It uses portions of Linux kernel source code for handling all TCP/IP stuff. Precisely, it uses a slightly modified version of the libnids libraries that already include a modified ver.. 더보기
'CVE-2014-4115' 분석 Microsoft는 2014 년 10 월 정기 보안 업데이트에서 FAT32 디스크 파티션 드라이버에 존재하는 취약점에 대한 보안 업데이트 " MS14-063 "를 공개했습니다. 이 문제의 취약점 ' CVE-2014-4115 '을 이용한 공격은 공격자가 침해 한 PC의 권한을 상승시킬 수 있습니다. 또한,이 취약점은 특수하게 조작 된 USB 드라이브를 통해서만 사용할 수 있습니다.■ 'CVE-2014-4115'의 특이한 점 Trend Micro는 파일 시스템 드라이버에 주목했습니다. 왜냐하면 USB 드라이브를 통해 PC를 공격하는 데 이용 될 가능성이 있기 때문입니다. 예를 들어, " STUXNET (스타 쿠스 넷) '를 이용한 공격으로 먼저 Windows의 바로 가기 파일에 존재하는 취약점을 이용하여 W.. 더보기
Flash Pack Exploit Leads to New Family of Malware We have been continuously monitoring the FlashPack exploit, especially with the recent attack which affected Japanese users. We recently looked at our Smart Protection Network feedback and found in a new development that majority of the infected systems of FlashPack exploit came from the U.S.Figure 1. Top infected countries for the FlashPack exploit (based on feedback from September 24-October 2.. 더보기
An In-Depth Look Into Malicious Browser Extensions Malicious browser extensions bring about security risks as these often lead to system infection and unwanted spamming on Facebook. Based on our data, these attacks have notably affected users in Brazil.We have previously reported that cybercriminals are putting malicious browsers in the official Chrome Web store. We also came across malware that bypasses a Google security feature checks third pa.. 더보기
CVE-2014-4115 Analysis: Malicious USB Disks Allow For Possible Whole System Control One of the bulletins that was part of the October 2014 Patch Tuesday cycle was MS14-063 which fixed a vulnerability in the FAT32 disk partition driver that could allow for an attacker to gain administrator rights on affected systems, with only a USB disk with a specially modified file system. This vulnerability as also designated as CVE-2014-4115.Why is this vulnerability unusual?We pay close at.. 더보기
Unpacking Dexter POS "Memory Dump Parsing" Malware I'm a big fan of Dexter. As I recently mentioned during an impromptu discussion with our first group of memory analysis training attendees, if there are only a few minutes left in an episode and he hasn't killed anyone yet, I start getting nervous. So when I heard there's malware named dexter that has also been "parsing memory dumps" of specific processes on POS (Point of Sale) systems, I was ex.. 더보기
ABUSING STRICT TRANSPORT SECURITY TO PROFILE TAILS This post introduces a simple infoleak in multiple browsers allowing attackers to track whether users have visited websites with a specific HTTP Strict Transport Security (HSTS) configuration. This bug affects a very small portion of websites, but happens to be useful for identifying TAILS users and determining precise versions of the Tor Browser Bundle. The most recent TAILS 1.2 release was the.. 더보기
Abusing Powershell Profiles Working in IT, I see a lot of guys use Powershell profiles to customize their shell so they don’t have to do it each time. I found this interesting and decided to look into it a little further. In a nutshell, you can create any automatic customization you need and save it in profile.ps1 in the $PsHome directory (C:\Windows\System32\WindowsPowershell\v1.0\). If that file exists, it executes the c.. 더보기

티스토리툴바