Showing 34 results for: 2012 ×Malware ×

Putting Out the Flame

There's a lot of buzz going around in the security field about a big piece of malware, code named "Flame" or "Skywiper". Let's make some sense and try to extinguish the flame wars. There is an excellent paper that was...

RedKit Payload - Binary Fun

This blog post focuses on a piece of malware utilized by the recently discovered RedKit exploit kit. Obfuscation techniques are focused on to discover the true purpose of the malware in use.

A Wild Exploit Kit Appears... Meet RedKit

During our research we have recently encountered a new private exploit kit. The developers behind this private kit decided to promote it with a standard banner. After clicking on this banner, you get to a page with a form asking...

Brazilian Banking Malware: Pay Your Bill Slacker!

I recently got wind of an interesting little sample that I believe originated as part of a Brazilian phishing attack. The sample appears to still be quite unknown, as VirusTotal reports currently (VirusTotal Report) reports the sample as being detected...

Pwning a Spammer's Keylogger

Recently, while scrounging around our spam traps, I spotted this ordinary piece of malicious spam. It uses a very simple social engineering trick, speculating about Obama's sexual orientation and a link to a supposed picture to prove it. There was...

A New Neighbor in Town: The Nuclear Pack v2.0 Exploit Kit

In the past few years, cybercriminals have been increasingly using exploit kits to spread malware. Today, several exploit kits, primarily Blackhole and Phoenix, dominate this market but occasionally we do find other rare ones that are being deployed. We would...

Dirty RAT Eats Nate's Banana

I've got a real treat for everyone today, as I received approval to blog about an interesting piece of malware I recently reversed as part of a client engagement. Obviously, due to the sensitive nature of this, I'll have to...

Cuckoo for Cuckoo Box

Cuckoo Sandbox is an automated, open source, malware analysis system that started as a Google Summer of Code project in 2010. Setting it up on Mac OS X isn't strictly supported, but can be done without too much additional effort.

Analyzing PDF Malware - Part 2

Where were we? As the title states, this is the second part of Analyzing PDF Malware. If you haven't read the first part you can find it here. Go ahead and read it now if you haven't already, we'll wait....