JS/RunForrestRun Infector ComeBack! Full Disclosure of Decoding URL, DGA...
Today I will fully disclose the new PseudoRandom Domain / DGA of Infector JS/RunForrestRun we caught just soppted "come-back" in action.It was started by hundreds infection found via spam emails linked...
View ArticleUpdate: The BHEK Users of Trojan Password Stealer BadActors is Shifting Their...
We our past three incident Spam to BlackHole(BHEK) Trojan Cridex (see below url's...
View ArticleClik here to view.
"More" Spam to BHEK to Cridex; How they define, grab, handle & send the...
*)Sorry friends, I wrote and did everything non-stop 12hrs, so please bear -with my bad grammar since my brain looks starting to jam..This post is a wellknown bad actors that I always wrote,I got many...
View ArticleClik here to view.
Getting more "Personal" & Deeper into Cridex with Parfeit Credential Stealer...
I was posting this findings scattered in twitters, VirusTotal, KernelMode (thank's -to @Xylit0l for the invitation), so is time to make it together..And I'm advising you to make documentation is 1,000...
View ArticleClik here to view.
The Crime Still Goes On: Trojan Fareit Credential Stealer - New Server, Same...
As per posted A WEEK AGO here -->>[Prev.Post] that Crime Group STILL infects victims.The infector concepts and binary works is exactly the same as previous,Infection Source Summary & Trojan...
View ArticleAnnounce of Multiple Malware Domains Deactivation Progress - The "Operation...
To all friends in Malware fighting area and all of the supporter and readers to our MalwareMustDie blog. We have a good news. Our fight against malwares leaps into a next brighter stage. Since all of...
View ArticleClik here to view.
What happened if Red Kit Exploit Kit team up with BlackHole EK? = Tripple...
It is the last crusade of the year 2012, crusade was started by the lead of RedKit. We heard that RedKit is going into a heavy customization, so it is good for the new year's adventure as the...
View ArticleClik here to view.
A PBot (PHP + Perl Backdoor IRC Bot + Network Attack Tool) Infection on...
PBot is a remote IRC Protocol Bot for usually used for taking over the infected machine into network malicious tool for PortScanning, DoS + etc acts. It has been a long time for analyzing an active...
View ArticleClik here to view.
Let's say Hello! to Impact Exploit Kit w/ RansomWare Infector
This is an investigation of what we initially thought an unknown exploit kit case, thank's to our friends (@Set_Abominae & @MalwareSigs) for recognizing it & adviced us as Impact Exploit Kit....
View ArticleClik here to view.
A double hit - PC Trojan W32/VBS Bicololo and Mobile Java Android/Trojan SMS...
Wordpress is a very useful blog sites, it has many useful features in its themes & plugins, a world wide popularity and yet also famous of its tons of vulnerabilities in the supported plugins and...
View ArticleClik here to view.
Once upon a time with another Red Kit infection & its Payload
I was eager to see another Exploit Kit infection in action in this Crusade, some efforts was made but I was bumped into some other non-EK infectors in here and there before finally finding the below...
View ArticleClik here to view.
Some De-obfuscation notes on CritXPack Exploit Kit at root(.)kaovo.com
This is a quick memo of a crusade event, our encounter notes with CritXPack Exploit Kit, I think this will help others, so I dare to make documentation of the findings here as a guide. This is actually...
View ArticleDecoding #Guide: Double Obfuscation Blackhole Exploit Kit Landing Page...
Dear MalwareMustDie Friends and Readers,In weekdays we can't make writing in blogs due to daily works.So we use our pastebin instead (see left menu) to post the reports.However, in this findings we...
View ArticleClik here to view.
Flushing, Peeling and Understanding the Cool Exploit Kit infection
It is nice to have another Exploit Kit adventure, really learn a lot of these adventures. After bumping here and there (all of the previous blogs in last weekend crusade was the cases I bumped into) we...
View ArticleClik here to view.
Cridex + Fareit Infection Analysis - "dozakialko.ru:8080" A Credential...
[NEW] Fri Jan 18 13:44:56 JST 2013The New Infector Domain of dfudont.ru:8080 was detected & analyzed-->>[HERE]PS: dfudont.ru:8080 was also using same payload (at this moment)The...
View ArticleClik here to view.
A case of "Buggy Ransomware" with Backdoor, Spyware (is an Andromeda + Botnet...
BackgroundI was contacted by a fellow researcher friend @StopMalvertisin to take a look into an infection of the double trojan downloading a Ransomware which MO of faking Java 7u11 written in the Stop...
View ArticleClik here to view.
When the PWS Stealer try to improve their way to steal... a story of...
The backgroundIt's been while since we didn't take a look into the Cridex infection. Counting the day of we first noticed this group, until the day I write this post, it should have been almost five...
View ArticleClik here to view.
Hulk teams up with the Malware Crusaders to smash The CrimeBoss! (infector...
BackgroundThis post is made 100% by one of our dedicated friend @Hulk_Crusaderas the success story of a collaboration in fighting malware infector CrimeBoss. Thank's for Hulk for the hard work...
View ArticleClik here to view.
Peeking at Anon JDB Exploit Kit infector (212.7.192.100/jdb/inf.php?id=xxx)...
BackgroundThere are good investigations that make you feel good after decoding everything up, and there are also some incompleted ones, like this story. Which is really annoying me in the end, but I...
View ArticleClik here to view.
Peeking at Anon JDB Exploit Kit JAR infectors...
This is the continuation of the previous post of peeling up Anon JDB Exploit Kit.You can read the previous post writtent in here -->>[HERE]We learned a lot from this EK's landing page infection...
View Article