Every so often I run into some new evil that interests me enough to take a deeper peek. This time a DDOS bot written in PHP caught my eye. I haven’t seen this in the wild anywhere, but it’s still quite interesting. (more…)
Getting spam with attached malware isn’t anything new. Usually I just dispose the junk mails but every now and then I see a spam message that looks interesting enough to dig further. Today’s example is a spam mail that claimed to be a reply to a message I allegedly sent. The body of the message was like this: (more…)
I was going through my access logs to see what nasties have been thrown at me since the last time.
Amongst the normal enter_your_RFI_exploit_here I saw this script being pushed onto the server:
I was checking out the various RFI (Remote File Inclusion) exploits thrown at my site when I saw an exploit file that was heavily obfuscated. I meddled with the code a bit and got it to reveal the C&C servers:
Let’s take a look at yet another bot originating from the Mother Russia. It’s called Illusion, and it has a nice and clear GUI tool for configuration that even an idiot (you could argue that only idiots use malware anyway) can use. (more…)
BlackEnergy is yet another malware coming from Russia. The package is a “for dummies” version, exhibiting a nice GUI you can use to modify the bot. The only purpose for BlackEnergy is to DDOS. It does not spread on it’s own, it just sits and polls a HTTP C&C (Command and Control) to see whether it has been given any targets.
There’s a nifty (or nasty, depends on which side you are on) tool being offered for download. The tool (called zxarps) is a hacking tool mostly used in China.
StormWorm has been spreading for quite a bit for now. Otherwise known as win32.tibs, win32.zhelatin or Trojan.Peacomm, it has been a widespread pesk for a long time.
The are enormours amounts of sites in the internet that offer free downloads on shareware/evaluation programs. Some of them screen (or atleast try to) the programs they are going to offer, some don’t. In addition to those, there are a huge bunch of sites that are outright malicious. (more…)
You might have heard of a malware called Nuclear Grabber before. It’s a nasty trojan, written by a russian malware writer called Corpse, that’s designed to be a flexible data stealing platform. Nuclear Grabber is sold on a russian site for a hefty price, and each sold version is unique and private. (more…)