Clik here to view.
How do Storm, NotFound and other threats infiltrate so many PC’s?
As the trend continues to move away from exploiting system services and more commonly toward exploiting client applications like web browsers and third party plugins, our research has turned towards...
View ArticleClik here to view.
How do Storm and other current threats attack security solutions and silently...
Malware v2.0 writers continue to develop new techniques and write sophisticated code to evade security solutions. We’ve seen a surge in the volume of changing and newly distributed malware that “go...
View ArticleTool for shellcode analysis
Here’s some favorite c that I use to reverse engineer shellcode that I collect from malicious files, malicious web sites and attacking network traffic: unsigned char shellcode[] = ""; void main() {...
View ArticleTool for shellcode analysis
Here’s some favorite c that I use to reverse engineer shellcode that I collect from malicious files, malicious web sites and attacking network traffic: unsigned char shellcode[] = “”; void main() {...
View ArticleClik here to view.
Shellcode analysis — download n’ exec
In a previous post, I mentioned that we could use c code to analyze some shellcode currently being posted in the wild by malicious web site operators. These malicious websites are delivering malware by...
View ArticleClik here to view.
Tracking Coreflood from Shellcode
Sometimes, it can be surprisingly difficult to get malicious code removed from servers. It can be due to a lack of server support by the owners and their support staff, a lack of responsiveness from...
View ArticleClik here to view.
Much Tedroo about Nothing, other than “Viagra Professional”
In an early-2009 literary flourish we condemned spammers to hell, discussed the Tedroo spambot’s increased momentum due to the shutdown of other botnets, posted screenshots of the Tedroo spewed...
View Article