chackraview.net

In my previous blog post, I talked about FakeAV malware and its new techniques to spread by disguising legitimate software download. In this post I will talk about a very simple technique to clean the FakeAV infection. Before I talk about the infection removal, let me list out all the measures taken by malware to prevent [...]

Last night, a friend sent me an email with a link for analysis. I have seen many such spam emails ever since Microsoft acquired Skype. This was also on the similar front asking your to download latest version of skype from skype-voip-2011-upgrades[dot]com Here is yet another spam email dropping FakeAV malware incident. Few highlights of the analysis: [...]

At last the time has come to show some presence again on my blog. After my disappearance for almost half a year, today I got the chance to actually write something… and what motivated me in doing so was a new spyware infection..   Here is the prologue… I was spying on my MATRIX honeypot for new [...]

Last month a security researcher Didier Stevens published a PoC PDF file which had executable embedded inside it. Though Metasploit framework already has this attack module to embed any executable inside a PDF file, the approached used by Didier Stevens is different and does not involve use of Javascript. As JavaScript is not used, disabling [...]

OK we know from previous post that malware is trying to connect testirc1.sh1xy2bg.NET. To learn more about its intentions, i added fake DNS entry in the XP host configuration file and pointed testirc1.sh1xy2bg.NET to my BackTrack 3 Machine. I then rebooted the live analysis machine and started Wireshark again on BT3 system. As malware has [...]

My Last post was related to the ADS technology adopted by viruses and rootkits. These viruses can implement Alternate Data Streams and easily hide themselves behind legitimate files. I also did a small mention of how to get suspicious whenever you see some new entry in Registrys keys used to start program with operating system. [...]

IRC based malware bots caught enormous attention in 2005-06. Though existence of IRC based Malwares are slowing down, Nailing them down is really interesting task. The sole purpose of Malware is to serve his master and follow his order. There are many ways adopted by Malware authors to achieve this, however controlling Malware from Intener [...]

It will not be an average day, I knew from the dawn, as EOD I will be on my way to Pune. You might think whats so special about visiting pune? Let me tell you, people who have spent at least a year or two in city like Pune or Bangalore will hate to stay [...]

With the introduction of NTFS file system in Windows NT, Microsoft introduced new concept of having multiple streams into single file known as Alternate Data Streams (ADS). In this blog i will discuss some advantages and disadvantages of ADS. Whenever we perform any operations on any file like – reading, writing, editing etc, we did [...]

Here I am for the third and final installment of our 3 installment post: Analyzing IRCBots. In the first post I showed you a static and behavioural analysis while in then second post we saw Code patching and analysis. We also conclude the behavior of the malware and categorized it under IRC bot. Those who [...]