chackraview.net

Background: On 31st January 2012, ZScalar and Seculert posted analysis on recently identified RAT malware which is believed to be used in government related targeted attacks. Both of these firms, identified command and control beacon patterns and independently published them on their respective websites. Similar to all the APT attacks, these C&C patterns were built [...]

Short URL is a concept of reducing long and non-human friendly URLs. This is especially useful when it comes to micro blogging sites like Twitter. Twitter has a word limit of only 140 characters for a tweet. Hence posting long URLs along with a descriptive message is somewhat difficult. A link shortening service from twitter [...]

A friend of mine reported receipt of suspicious email to me. It turned out to be a nice opportunity  to analyze one more client side attack from the bag of BlackHole exploit kit. Attacker was not at all funky this time, no fancy stuff in the email, just a plain email with an external link. Below is the email [...]

 In this post, I have used one of the encrypted samples found for CVE-2011-2462 vulnerability. After coming back from my vacation, I decided to take a quick look at the new samples shared on contagio blog to understand the exploitation methods of CVE-2011-2462. As many nice articles/blog posts have already written on this vulnerability, I [...]

Yesterday, one of my friend received a legitimate looking email from Internal Revenue Service with subject: Your Federal Tax Payment with a link to tax report.pdf file. He reported it to me and I got a chance to analyze it. Below are some of my findings from the analysis. The link had below obfuscated javascript in [...]

In my previous blog post, I talked about FakeAV malware and its new techniques to spread by disguising legitimate software download. In this post I will talk about a very simple technique to clean the FakeAV infection. Before I talk about the infection removal, let me list out all the measures taken by malware to prevent [...]

One might think IRC bots have gone but a recent incident made me believe that they have not. Here’s how the story goes… As a part of my job, I was looking for malicious traffic on the network and a binary name msconfig.exe caught my eye. I saw msconfig.exe was getting downloaded through one of [...]

At last the time has come to show some presence again on my blog. After my disappearance for almost half a year, today I got the chance to actually write something… and what motivated me in doing so was a new spyware infection..   Here is the prologue… I was spying on my MATRIX honeypot for new [...]

Yesterday, I got an email saying some company has filed a lawsuit against me in court with the link to download a word file supposed to be containing copyright law violations. As expected it turned out to be a very sophisticated social engineering attack. When I downloaded the file and scan in virustotal, very few [...]

OK we know from previous post that malware is trying to connect testirc1.sh1xy2bg.NET. To learn more about its intentions, i added fake DNS entry in the XP host configuration file and pointed testirc1.sh1xy2bg.NET to my BackTrack 3 Machine. I then rebooted the live analysis machine and started Wireshark again on BT3 system. As malware has [...]