Archive for the ‘ Malware analysis ’ Category


Analysis of The Best Antivirus 2011

Read full article | 1 Comment

At last the time has come to show some presence again on my blog. After my disappearance for almost half a year, today I got the chance to actually write something… and what motivated me in doing so was a new spyware infection..   Here is the prologue… I was spying on my MATRIX honeypot for new […]

Lawsuit notice: Social Engineering Attack

Read full article | 1 Comment

Yesterday, I got an email saying some company has filed a lawsuit against me in court with the link to download a word file supposed to be containing copyright law violations. As expected it turned out to be a very sophisticated social engineering attack. When I downloaded the file and scan in virustotal, very few […]

Analyzing IRCBOTS: Part II

Read full article | 3 Comments

OK we know from previous post that malware is trying to connect testirc1.sh1xy2bg.NET. To learn more about its intentions, i added fake DNS entry in the XP host configuration file and pointed testirc1.sh1xy2bg.NET to my BackTrack 3 Machine. I then rebooted the live analysis machine and started Wireshark again on BT3 system. As malware has […]

Decode: eval_gzinflate_base64_decode

Read full article | No Comments

If you follow my posts….sometime back i wrote about the my encounter with web attacks which was amazing experience. I am lazy kinda person and with all this IPL fever these days, I don’t even think of blogging or doing personal research. So what made me sit and write today? The answer is,  my same […]

Whats all fuss about PIFTS.exe?

Read full article | No Comments

March 9 was interesting and chaotic day for the  people using Norton Antivirus as they started getting alerts about some binary named PIFTS.exe is trying to reach Internet. When analyzed, people found its traces in Norton Antivirus. This was weired. How does Norton alerting for its own applications? It looked suspicious and people started asking […]

Analyzing IRCBOTS: Part I

Read full article | 7 Comments

IRC based malware bots caught enormous attention in 2005-06. Though existence of IRC based Malwares are slowing down, Nailing them down is really interesting task. The sole purpose of Malware is to serve his master and follow his order. There are many ways adopted by Malware authors to achieve this, however controlling Malware from Intener […]

My Encounter with Live Web Attack

Read full article | 4 Comments

It will not be an average day, I knew from the dawn, as EOD I will be on my way to Pune. You might think whats so special about visiting pune? Let me tell you, people who have spent at least a year or two in city like Pune or Bangalore will hate to stay […]

Analyzing W32.Imait.As and W32.Virut Malware

Read full article | 4 Comments

Today, I was sitting in a dark room  self-evaluating about some things I did in past couple of months. And I realized my JOB is making me a lazy ass. It’s been a long time since I analyzed any malicious binary. So  I decided to  pick up a random old malware sample from my 320 […]

Analyzing IRCBots III

Read full article | 4 Comments

Here I am for the third and final installment of our 3 installment post: Analyzing IRCBots. In the first post I showed you a static and behavioural analysis while in then second post we saw Code patching and analysis. We also conclude the behavior of the malware and categorized it under IRC bot. Those who […]

Get Adobe Flash player