MW-Blog

I was looking through a repository of malware source codes the other day when I noticed a pretty small rar package, only 11kb in size and decided to take a closer look. The package was called l0lw0rm.rar. (more…)

Finally, something new :) An IRC capable bot has been making the rounds. Now, instead of infecting PC’s or servers this baby goes after DSL modems. (more…)

I ran into an interesting Zbot sample today. I haven’t peeked at them often and I was surprised to see a big bunch of various poker sites in the configuration as stealing targets. That prompted me to do a quick search on zbots seen in the last few days and I ended up downloading the encrypted configuration files from the C&C servers that I saw were online. 22 of them active :) (more…)

Yup, took this long for someone to start properly abusing the MS08-067 vulnerability. There’s a worm now on the loose that uses the exploit. The worm component comes coupled with a kernel mode DDOS bot that’s been doing the rounds for a while now.
(more…)

I ran into an interesting piece of malware. It basically comes in an .exe wrapper and drops a .bat file that’s about 25kb large. It’s really heavily obfuscated and it can be considered destructive since it deletes document files and does other evil things. (more…)

Just took a close look at the winbase.dll variants I have. 5 of them with the following compilation timestamps: (more…)

I decided to take a look at the timeline of Gimmiv trojan component sysmgr.dll. Some of the results were a bit surprising. (more…)

The DLL looks really interesting. Interesting in a sense that even though the code is reaaally easy to read, it’s a rare find since it’s riddled with bad programming. It’s a wonder these guys even managed to make a malware that actually compiles. (more…)

There’s a new malware on the loose, using the MS08-067 that was released out-of-band yesterday. Surprisingly, the malware isn’t packed. The common detection for this is Trojan:W32/Gimmiv.A, and the initial package is just a dropper. (more…)

Just stumbled onto a DDOS bot written in java. Usually there aren’t too many malicious programs for java so I decided to take a closer look. The code quality is about as bad as in the previous entry that depicted the PHP DDoS Bot, but I think the java version has more potential to grow into a problem. (more…)