Archive for the ‘Malware FreakShow’ Category
Saturday, May 10th, 2008
Just stumbled onto a DDOS bot written in java. Usually there aren’t too many malicious programs for java so I decided to take a closer look. The code quality is about as bad as in the previous entry that depicted the PHP DDoS Bot, but I think the java version has more potential to grow into a problem. (more…)
Posted in General InfoSec, Malware FreakShow | No Comments »
Saturday, May 10th, 2008
Every so often I run into some new evil that interests me enough to take a deeper peek. This time a DDOS bot written in PHP caught my eye. I haven’t seen this in the wild anywhere, but it’s still quite interesting. (more…)
Posted in General InfoSec, Malware FreakShow | No Comments »
Saturday, March 22nd, 2008
Getting spam with attached malware isn’t anything new. Usually I just dispose the junk mails but every now and then I see a spam message that looks interesting enough to dig further. Today’s example is a spam mail that claimed to be a reply to a message I allegedly sent. The body of the message was like this: (more…)
Posted in General InfoSec, Malware FreakShow | No Comments »
Tuesday, February 12th, 2008
I was going through my access logs to see what nasties have been thrown at me since the last time.
Amongst the normal enter_your_RFI_exploit_here I saw this script being pushed onto the server:
(more…)
Posted in General InfoSec, Malware FreakShow | No Comments »
Wednesday, January 30th, 2008
I was checking out the various RFI (Remote File Inclusion) exploits thrown at my site when I saw an exploit file that was heavily obfuscated. I meddled with the code a bit and got it to reveal the C&C servers:
(more…)
Posted in General InfoSec, Malware FreakShow | No Comments »
Tuesday, October 16th, 2007
Let’s take a look at yet another bot originating from the Mother Russia. It’s called Illusion, and it has a nice and clear GUI tool for configuration that even an idiot (you could argue that only idiots use malware anyway) can use. (more…)
Posted in Malware FreakShow | No Comments »
Saturday, October 6th, 2007
BlackEnergy is yet another malware coming from Russia. The package is a “for dummies” version, exhibiting a nice GUI you can use to modify the bot. The only purpose for BlackEnergy is to DDOS. It does not spread on it’s own, it just sits and polls a HTTP C&C (Command and Control) to see whether it has been given any targets.
(more…)
Posted in Malware FreakShow | No Comments »
Wednesday, August 29th, 2007
There’s a nifty (or nasty, depends on which side you are on) tool being offered for download. The tool (called zxarps) is a hacking tool mostly used in China.
(more…)
Posted in Tools, Malware FreakShow | No Comments »
Thursday, July 19th, 2007
StormWorm has been spreading for quite a bit for now. Otherwise known as win32.tibs, win32.zhelatin or Trojan.Peacomm, it has been a widespread pesk for a long time.
(more…)
Posted in Tools, Malware FreakShow | 6 Comments »
Thursday, June 21st, 2007
The are enormours amounts of sites in the internet that offer free downloads on shareware/evaluation programs. Some of them screen (or atleast try to) the programs they are going to offer, some don’t. In addition to those, there are a huge bunch of sites that are outright malicious. (more…)
Posted in Malware FreakShow | No Comments »