A glimpse in the past: Taking a look at a Gimmiv component timeline
October 25th, 2008I decided to take a look at the timeline of Gimmiv trojan component sysmgr.dll. Some of the results were a bit surprising. Read the rest of this entry »
Gimmiv DLL
October 24th, 2008The DLL looks really interesting. Interesting in a sense that even though the code is reaaally easy to read, it’s a rare find since it’s riddled with bad programming. It’s a wonder these guys even managed to make a malware that actually compiles. Read the rest of this entry »
New worm on the loose
October 24th, 2008There’s a new malware on the loose, using the MS08-067 that was released out-of-band yesterday. Surprisingly, the malware isn’t packed. The common detection for this is Trojan:W32/Gimmiv.A, and the initial package is just a dropper. Read the rest of this entry »
antitest.exe is out
October 22nd, 2008As I mentioned in the previous blog post I’ve been working on a binary that contains various anti-debug/tracing/emulation/virtualization tricks. Even though there’d be an eternal list of tricks to be added to it I’m pretty satisfied with the ones it has currently. Read the rest of this entry »
One jailed, several to go
October 18th, 2008I just realized it’s been ages since I’ve last written anything here. I’ve found my hands full of interesting projects and while I didn’t forget teamfurry.com I found too little time to puke my thoughts onto the blog. I’ve been lurking in the shadows though, watching over the forum.
Unpacking the MaskPE packer
June 6th, 2008MaskPE is a packer that seems to have originated from China. It’s not extremely common, but you can stumble to these every once in a while. It’s a pretty basic packer but it does have one nice trick that can crash the packer stub if it detects a debugger. Read the rest of this entry »
Java DDOS bot
May 10th, 2008Just stumbled onto a DDOS bot written in java. Usually there aren’t too many malicious programs for java so I decided to take a closer look. The code quality is about as bad as in the previous entry that depicted the PHP DDoS Bot, but I think the java version has more potential to grow into a problem. Read the rest of this entry »
PHP DDOS Bot
May 10th, 2008Every so often I run into some new evil that interests me enough to take a deeper peek. This time a DDOS bot written in PHP caught my eye. I haven’t seen this in the wild anywhere, but it’s still quite interesting. Read the rest of this entry »
Spammed downloader
March 22nd, 2008Getting spam with attached malware isn’t anything new. Usually I just dispose the junk mails but every now and then I see a spam message that looks interesting enough to dig further. Today’s example is a spam mail that claimed to be a reply to a message I allegedly sent. The body of the message was like this: Read the rest of this entry »
A bunch of trackback spam from the stash
February 12th, 2008Running a blog means that the software is constantly under a barrage of exploit / spam attemps, as is the case with any webservice.
I have a few hooks and traps spread around to sniff out what’s coming in, especially in HTTP POSTs. So, without further ado the following items are from a trap that’s logging trackback spams: