dollars javascript code – yet another Javascript obfuscation method for cc...
January 25, 2011 – Update: a detailed analysis also where is reported my post: Internet Explorer exSploit Milk codes http://utf-8.jp/public/20101106/avtokyo.pptx October 5, 2010: From MDL forum, I...
View Articledollars javascript code – yet another Javascript obfuscation method for cc...
Trying to find some common factors in the pages included in the compromised sites (as indicated in the previous post (http://extraexploit.blogspot.com/2010/10/dollars-javascript-code-yet-another.html)...
View ArticleSome domains for the LICAT / Murofet / Trojan/ZBOT.B threat
Update (2 November): A deep and very itneresting analysis from Trend Micro:...
View ArticleCVE-2010-3765 - proof of concept - update
October, 29 1010 - UPDATE: the working exploit (in according with BugX blog): http://bugix-security.blogspot.com/2010/10/firefox-exploitcve-2010-3765.html October, 28 2010 For those who still do...
View ArticleCVE-2010-3962 - yet another Internet Explorer RCE
Update - November, 12 2010: Amnesty International Hong Kong Website Injected With Latest Internet Explorer 0-day...
View Articlefull disclosure xpl.pdf Adober Reader 9.4 poc - printSeps() - cve-2010-4091
November 26,2010 – Update: Thank you, Mario, but our printSeps() is in another castle !...
View Articlecve-2010-4091 – printSeps - exploitation attempts
November 26, 2010 – update: This is a very useful presentation (from Immunity Sec) where is possible get some methods for approach the reversing of Java script engine in Adobe Reader context:...
View Articlecve-2010-4091 exploited ?
November 24, 2010 – Update: Looking for other exploiting attempts I found a Malwaretracker sample where the PDF seem spread via URL that contains: filepdf.php@v=zday The following analysis report...
View Articlecve-2010-4091 exploited ? – 0.1
Trying to reversing the shell code contained within the PDF that seem exploit CVE-2010-4091, in according with the sample reported by MalwareTracker, it’s been founded the following URL:...
View Articlecve-2010-4091 exploited ? – 0.2 – Adobe Reader 9.3.0
Starting from the malwaretracker sample (see my previous posts) seem that edx and ecx are set to some interesting values:
View ArticleLOIC 1.1.1.15 - Crafted C&C Channel Topic Could Lead A Crash
Following the trend of these days I played (locally) with one of the latest release of LOIC (Low Orbit Ion Cannon DDOS Tool). Inserting a long (not so) string on the topic of a C&C irc channel,...
View Articlesome considerations on Ettercap source code repository breach
Recently it’s been released a new issue of a zine called “owned and exposed” (http://www.exploit-db.com/papers/15823/). I have to admit I laughed a lot when I saw this picture. I think that the picture...
View Articlethe sourceforge entry point seems still active
February 3, 2011 - Update: A discussion on e107 official web site: http://e107.org/comment.php?comment.news.878 February 2, 2011 - Update: Just another evidence of the sourceforge breach used by a web...
View ArticleEgypt Telecom AS isolation - BGPlay show it ?
January 31, 2011 – Update: An interesting snapshot of Egyptian's malware activity. ASN 20928 appears like still active Egypt's malware activity post internet...
View ArticleEgypt Telecom back online– ASN8452 TE DATA– prefix 81.10.0.0/17
The prefix 81.10.0.0/17 “ALL-Routes” seems announced again to the rest of the world via Telecom Italia Sparkle Autonomous System (ASN 6762). Here the animation made with BGPlay: The time range is...
View Articlemmspicture.ru - mobile malware depot
Following a well known mailing list (clean-mx aka viruswatch) it was been retrieved the following URL: http://mmspicture.ru/mms112/mms112.jar (md5: 33EA90E2029478D47D33409B5F48E4EB) The JAR file is...
View Articlecve-2011-0609 - bugix blog analysis
April 4, 2011 - Update: RSA has release a blog post where is described that in the recently data-breach is been used this issue: http://blogs.rsa.com/rivner/anatomy-of-an-attack/ March 15, 2011: A...
View ArticleFlashUtil10m_Plugin.exe command line crash
Is interesting observing how nowadays some old style bug are still available. I think that this one is not a security bug but a deeper investigation is left to all whose are interested.Anyway is...
View ArticleDroidKungFu - just some piece of code
Following the trend of the moment, I play a bit with the sample of DroidKungFu retrieved from the contagiodump malware sample repository. For obtaining the JAR archive I used dex2jar...
View ArticleTDSS - SRVs list
I just found via pastebin (http://pastebin.com/jWDhEfGB) a domains list related to TDSS. The SRVs , in according with this analysis http://resources.infosecinstitute.com/tdss4-part-2/, are the C&C...
View Article