Clik here to view.
(more) Wordpress Hack Case: Site's Credential Stealer with New ASCII...
BackgroundYes, it is not a new news to hear about the Wordpress or etc PHP-base CMS got hacked with malicious injected codes. The hacked sites was injected with codes scattered inside of Wordpress PHP...
View ArticleClik here to view.
A Step by Step Decoding Guide for CookieBomb's (as Front-end) Latest Threat,...
BackgroundNow so long ago after during my recovery (had eyes surgery recently), I posted in our paste bin a disclosure of ESD.PHP malware redirector "The Server Side's Evil Code", the link is here...
View ArticleClik here to view.
Tango Down of 44 CryptoLocker CnC Domains
This is the report of the effort in our MalwareMustDie Tango Down OP with action initiated and finished by @essachin (well done!). This all started by the report in twitter from @ax0n as per snipped...
View ArticleClik here to view.
#Tango Down of 2,989 (allowed to release: 311) Malicious domains Related to...
Background:1: We initiated 2,989 Domains tangoed down by Internet Domain Registrar's Suspension Method.2: Belonged to various EKs/Trojans which is having the same ID as Kelihos reseller domain as...
View ArticleClik here to view.
Short Talk in BotConf 2013 - #Kelihos: Payload+Domain Analysis, ID...
The BackgroundOn the 5th December 2013 I am honoured to represent MalwareMustDie, NPO group to do a short talk about Kelihos fast flux botnet. The talk was shared between myself as MalwareMustDie OP...
View ArticleClik here to view.
Let's be more serious about (mitigating) DNS Amp ELF hack attack
BackgroundConsider this as "another" MalwareMustDie's New Year Security Awareness. We detected an increasing in attack in hacking for implementing DNS-Amp specially in implementation on ELF part of...
View ArticleClik here to view.
ARP Spoofing Malware Infection Project Spotted & Source Code is Disclosed to...
One more 2014 New Year Malware Awareness Message from MalwareMustDie: Self spreading malware project to infect other nodes using ARP spoofing based scanner was spotted back in several month, our...
View ArticleClik here to view.
"Shadow Logger" - New .NET's FUD Keylogger on the (MMD) bloG
BackgroundOur team found this threat and we decided to openly raise awareness about it. Is a Keylogger with bragging of being Fully Undetected (FUD), the sad part is, it is.. which causing the...
View ArticleClik here to view.
Threat Intelligence - New Locker: Prison Locker (aka: Power Locker ..or...
BackgroundMalware bad actors just keep on coding and developing new threats with the stupid dream to get rich soon in their stupid heads. It's a serious moral corruption generated by whatever...
View ArticleClik here to view.
..And another "detonating" method (or effort) of today's CookieBomb
My college in local security community visited and dare me to check on an obfuscation he can not judge what malicious category the case is. Since I am in the health treatment for a recovery and he is...
View ArticleClik here to view.
..And another "detonating" method of CookieBomb 2.0 - Part 2
Background On the previous 1st part, I explained the first decoding of the new design in CookieBomb (version 2) threat with the easy decoding (read: "Detonating") for novices to get the quick URL...
View ArticleClik here to view.
One upon the time with American Express Phishing Session..
As you may know, MMD blog is focusing on malware/botnet related threat. But today I want to make an exception, my SMTP Honeypot is full with the American Express phishing scam emails so I dare my self...
View ArticleClik here to view.
Cyber Intelligence: The JackPOS Behind the Screen
The backgroundAs the credit for the current threat's awareness, a lot of you probably noticed the JackPOS malware's posted at: Xylit0l's post in Kernel Mode here -->>[kernelmode], in the...
View ArticleTango Down of Nuclear Pack's 174 Multiple Registered .PW Domains
To "some" fellow researchers: Don't mock for us taking down these bad domains. Think of the victims who get infected in hourly basis! Sorry if we blew your "tracking" objects away. Because of this...
View ArticleLong Talk "AV Tokyo 2013.5" - #Kelihos #CookieBomb #RedKit : Bad Actor's...
Sunday, February 16th 2014, on the presentation on AV Tokyo 2013.5, a prestigious security event in Japan (link), we (read: MalwareMustDie, an NPO of Anti Cyber Crime International Research Group)...
View ArticleClik here to view.
How public services like Amazon AWS, DropBox, Google Project/Code & Google...
Today, I almost went to bed when bumping into this threat. Please kindly bear the sleepy eyes on writing these. I am combining the screenshot and log/details in texts, hopefully there will be no...
View ArticleTango Down: The takedown of 209,306 .IN.NET Nuclear Pack DGA domains
This post is the tribute to the hard working invidivuals and professionals who made the impossible happened.The ReportAs one of the result of a persistent collaboration between security researchers and...
View ArticleClik here to view.
A post to sting Zeus P2P/Gameover crooks :))
The BackgroundThis end of week, Zeus P2P Gameover (in short: GMO) is having a large campaign by utilizing Upatre (with using latest version to download encrypted ZZP file w/many extensions) which are...
View ArticleClik here to view.
Daily analysis note: "Upatre" is back to SSL?
Following the previous blog (link) of Zeus P2P Gameover (GMO) malware delivered by the Upatre trojan downloader from some encrypted form with varied file extension names. Today I found that the threat...
View ArticleClik here to view.
A Disclosure of What's Behind the #w00tw00t Attack
Background..Not so long ago I received this attack came into our web server: #MalwareMustDie! 1st attack attempt came into our new server is by "Romanian AntiSec" from China IP < BIG #FAIL! :-)...
View Article