Clik here to view.
The infection of Styx Exploit Kit (Landing page: painterinvoice.ru + Payload:...
Infection route:Infector: h00p://tropold.org/jerk.cgi?6Redirector: h00p://painterinvoice.ru/1yM1hP12juZ0eb1m08qSE0gC6f01z5B0c4Vm12yDo0Xvu50mkZ10gv2o0FwTJ0kT3S0y2Lp0cz4L0JlPp0fzIh0oYGU0XFea/Downloader1:...
View ArticleClik here to view.
Blackhole of "/closest/" version with an infection of Trojan ZeroAccess...
[NEW!] New case infection w/same payload type & infection MO in different domain.Landing page: 3thtyjtyjcc.ns02.us/closest/209tuj2dsljdglsgjwrigslgkjskga.phpPayload: ZeroAccessExploit: Java:...
View ArticleClik here to view.
"Confirmed ITW" CVE-2013-0634 This LadyBoyle is not nice at all.
It was all started from a curiosity, and ending up into a serious analysis, testing and reporting..So we have the SWF exploitation of CVE-2013-0634 and I dare myself to analyze of what we suspect as...
View ArticleClik here to view.
Blackhole NOW served Cridex combo with Ransomware rotated with GeoIP -...
BackgroundThis is more than just a malware analysis blog post. Morelike a threat report or updates of a cyber crime group activity that continuing their malicious operation and distribution method,...
View ArticleClik here to view.
Hulk and Malware Crusaders vs FakeAV scandsk.exe (Win32/Simda Backdoor...
How the adventure started..It's mid-February and we find the scientist David Banner searching for information concerning tax mattters involving charitable giving and fundraising when he clicks through...
View ArticleClik here to view.
Case: "*.RU:8080/*/column.php", Hey Stealer! What do you want to steal today?...
*) This is my last post for this infection, FYI: we went far too long trying to keep things right..Today we detected malware infection campaign created by the same bad actors we always follow. The...
View ArticleClik here to view.
Fake Adobe Flash Updater in 173.246.102.2 - Win32/Fareit downloads...
This story is all started from an EK landing page at:"h00p://17.247nycr.com/news/breaks-harmless.php"in the IP: 173.246.102.2At the below network registration: NetRange: 173.246.96.0 -...
View ArticleClik here to view.
The Evil Came Back: Darkleech's Apache Malware Module: Recent Infection,...
With the help of Malware Researchers, & solid coordination with authorities and admins involvd we successfully stopped the mass attack of current threat which damaged hundreds of Linux Apache web...
View ArticleClik here to view.
Announce of Multiple Malware Domains Deactivation March, 2013 - The...
We are releasing announce of the suspension of 263 malware domains as latest result of Operation Tango Down [What is TangoDown?] as per below details. The current suspension is the work under good...
View ArticleClik here to view.
Mistery of unknown EK using JAR exploit with Hidden Class & XOR-Encoded...
This is the great teamwork, never be a personal work, I thank you the below wonderful team who helped the problem completely solved within 12hrs: @Cephurs @nyxbone @kahusecurity @a..om @essachin...
View ArticleClik here to view.
#Howto - CNC analysis of Citadel Trojan Bot-Agent with Wireshark
We received request to help in investigating latest Citadel bot agent & config dropper C2 sites exist in the internet for the evidence shutdown purpose. The investigation started and we posted some...
View ArticleClik here to view.
#Howto - Analysis infection of RedKit sourced at 91.206.200.199 via OS...
It's been a while since I post report in this blog. Now we are posting a RedKit infection we traced sourced to the Ukrainian hosting server at 91.206.200.199. The report is pointing us to the suspicion...
View ArticleClik here to view.
(Peeling + Exposal) Kelihos via Redkit, mass-infection threat following...
We all know about what had happened in US recently, it is a very sad & unfortunate situation. People died during the accident and the malware scums used this for their opportunity, we just can't...
View ArticleCNC analysis of Citadel Trojan Bot-Agent - Part 2: Understanding its stealer...
Following the previous Citadel Analysis we wrote-->>[HERE], we received so many requests & questions like: What encryption was used?What is actually written in the config?What has been...
View ArticleClik here to view.
A story of a Spam Botnet Cutwail Trojan - Via fake Paypal's spam link...
Infection Summary:Recently we're back into full research, and go straight to all junk mails on campaign that infecting malware. Today I bumped into the malvertisement spam email, which I thought a bit...
View ArticleClik here to view.
Another story of Unix Trojan: Tsunami (IRC/Bot) w/ Flooder, Backdoor at a...
*) I dedicate this writing to fellow UNIX admins who dedicate an hourless hard effort for making sure our internet services up and running. #RESPECT!Snapshot: SummarySadly, some strong waves of malware...
View ArticleClik here to view.
Full disclosure of 309 Bots/Botnet Source Codes Found via Germany Torrent
BackgroundIf you see the post's title well, this post is as per it is. A shocky, and took us a long time to confirm the source code one by one until we are pretty sure that the data is valid. The data...
View ArticleClik here to view.
Case of Pony downloading ZeuS via Passworded Zip Attachment of Malvertisement...
Is a workdays so I can not post much so please bear with the below short analysis. But today I can't get rid of my curiosity when reading Mr. Conrad Longmore's newest post on Dynamoo Blog (nice...
View ArticleClik here to view.
A mistery of Malware URL "cnt.php" Redirection Method with Apache's...
SummaryTo be honest, since knowing that most of linux malware are blocking my IP & and my country's access, I changed my strategy to invite and trap them with the honeypot method for a dummy server...
View ArticleClik here to view.
Advisory & Malware Infection Alert on Plesk/Apache Remote Code Execution...
Summary:This zeroday PoC (thank to KingCope for announcing the zeroday, a great share!) is bringing a huge impact in the worse timing of malware web infection trends, which the botnet via file...
View Article