malware 썸네일형 리스트형 Shellshock Continues to Make Waves with Active IRC Bot Given the severity of the Bash bug vulnerability, also known as Shellshock, it is no wonder that we’re seeing more attacks leveraging this. Just hours after this vulnerability was reported, malware payload such asELF_BASHLITE.A emerged in the threat landscape. Other payload like PERL_SHELLBOT.WZ and ELF_BASHLET.Awere also spotted in the wild, which have capabilities to execute commands, thus com.. 더보기 진화하는 'Nuclear Exploit Kit "Silverlight에 존재하는 취약점도 이용 익스플로잇 키트는 오랫동안 사이버 범죄자의 무기의 하나가되고 있습니다. 지난 몇 년간 가장 유명한 익스플로잇 킷 중 하나는 ' Blackhole Exploit Kit (BHEK) "입니다. 2013 년 BHEK 작성자가 체포 되었을 때, 익스플로잇 키트에 관한 보도는 가장 과열되었습니다.BHEK는 임종을 맞이한지도 모르지만 사이버 범죄자가 불법 활동에 다른 익스플로잇 키트를 이용하는 것을 방해하지 않았습니다. 실제로 다른 익스플로잇 키트는 여전히 이용되고 있으며, 개선 및 업그레이드도 자주 행해지고 있습니다. "Nuclear Exploit kit"는 그 중 하나입니다.트렌드 마이크로는 2014 년 9 월 "Nuclear Exploit Kit '이 Microsoft의 Web 브라우저 플러그인"Silverl.. 더보기 FinFisher Malware Dropper Analysis As you may have heard, recently Finfisher malware sample leaked online. As I got a little free time today, I decided to take a look at it. Sample I'm going to analyze in this article is finfisher1.exe.bin:MD5: 074919F13D07CD6CE92BB0738971AFC7 SHA: 9F9A18E81E9B39BD2F047004B8E3B4CB0FB505C9So, at first glance, I noticed it's written in C++ and compiled using Visual Studio 2005. No packer/crypter/ob.. 더보기 Strange ICMP traffic seen in destination Reader Ronnie provided us today a packet capture with a very interesting situation:Several packets are arriving, all ICMP echo request from unrelated address: All ICMP packets being sent to the destination address does not have data, leaving the packet with the 20 bytes for the IP header and 8 bytes for the ICMP echo request without data All the unrelated address sent 6 packets: One with normal .. 더보기 신종 악성 코드를 발견. 이름하여 "Linux / GoARM.Bot"했습니다 신종 악성 코드를 발견. 이름하여 "Linux / GoARM.Bot"했습니다.우리는 오늘 신종 악성 코드를 발견했습니다. 이름하여 "Linux / GoARM.Bot"했습니다. 이 악성 코드는 ELF / ARM 계열의 악성 코드이지만, ARM 라우터 제품 감염 전용 악성 코드이다. 악성 코드 샘플을 VirusTotal에 업로드 했으므로 링크는 아래와 같습니다 ↓81c9fcf4f8c8d08c9ad13b5973a039d2e21d73e5e424d94507fb035a4744883427d4a7989b9af86e9ebddb25cbfc9dfcf6800141f476d6a76041a3d8fb437115c665453c6d8dd3723b4f7505e61ee6d02e5100b7de547127e1f5d593b06a894c 각각의.. 더보기 sraeli Security Think Tank Website Compromised And Serving Sweet-Orange Exploit Kit Cyphort Labs recently discovered that a leading Israeli think tank, the Jerusalem Center For Public Affairs (JCPA) on Israeli Security is serving Sweet-Orange exploit kit, a “Drive-by” Trojan with the potential to infect the computer of anyone who visits the site. We believe that bad actors compromised think tank account to inject the site with web exploits. The initial dropper is a version of Q.. 더보기 Exploiting Ammyy Admin – developing an 0day BackgroundFor the past few years, a number of groups of scammers have been cold-calling thousands if not millions of people in what’s been referred to as the “Ammyy Scam” or the “Microsoft Tech Support Scam” among other names. The scammers pretend to be from Microsoft or another official group and claim to have detected errors on the users’ computers. They have the victims pull up internal logs .. 더보기 Archie: Just another Exploit kit We have previously described how Exploit Kits are some of the favorite techniques used by cybercriminals to install malicious software on victims' systems.The number of Exploit Kits available has experienced exponential growth in the last few years. Since Blackhole’s author was arrested in 2013, the number of Exploit Kits has increased - including Neutrino, Magnitude, Nuclear, Rig and Angler. In.. 더보기 Arbitrary File Deletion as Root in Webmin A vulnerability exists in Webmin Scheduled Cron Jobs > Create a new environment variable), in the “user” parameter. Here’s the normal request to create an environment variable:Using directory traversal and null byte injection techniques we’re able to force webmin to delete any file on the filesystem. Modifying our request a bit:..and the response:We get an error, but this request also immediatel.. 더보기 Threat Spotlight: “Kyle and Stan” Malvertising Network Threatens Windows and Mac Users With Mutating Malware Have you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a victim to the “Kyle and Stan” Malvertising Network that distributes sophisticated, mutating malware for Windows and even Macs.Table of contentsAttack in a Nutshell Timeline Technical Breakdown Reversing of the Mac Malware Reversing .. 더보기 이전 1 ··· 45 46 47 48 49 50 51 ··· 57 다음