chackraview.net

CVE-2007-0024 is quite old and you might think, there would be no more active exploitation of this vulnerability as it was patched long back. I will say, think again. Today, I analyzed live attack while exploiting above vulnerability. Here is the gist of my analysis. Overview of CVE-2007-0024: An Integer overflow in the Vector Markup [...]

One might think IRC bots have gone but a recent incident made me believe that they have not. Here’s how the story goes… As a part of my job, I was looking for malicious traffic on the network and a binary name msconfig.exe caught my eye. I saw msconfig.exe was getting downloaded through one of [...]

At last the time has come to show some presence again on my blog. After my disappearance for almost half a year, today I got the chance to actually write something… and what motivated me in doing so was a new spyware infection..   Here is the prologue… I was spying on my MATRIX honeypot for new [...]

OK we know from previous post that malware is trying to connect testirc1.sh1xy2bg.NET. To learn more about its intentions, i added fake DNS entry in the XP host configuration file and pointed testirc1.sh1xy2bg.NET to my BackTrack 3 Machine. I then rebooted the live analysis machine and started Wireshark again on BT3 system. As malware has [...]

IRC based malware bots caught enormous attention in 2005-06. Though existence of IRC based Malwares are slowing down, Nailing them down is really interesting task. The sole purpose of Malware is to serve his master and follow his order. There are many ways adopted by Malware authors to achieve this, however controlling Malware from Intener [...]

Today, I was sitting in a dark room  self-evaluating about some things I did in past couple of months. And I realized my JOB is making me a lazy ass. It’s been a long time since I analyzed any malicious binary. So  I decided to  pick up a random old malware sample from my 320 [...]

Here I am for the third and final installment of our 3 installment post: Analyzing IRCBots. In the first post I showed you a static and behavioural analysis while in then second post we saw Code patching and analysis. We also conclude the behavior of the malware and categorized it under IRC bot. Those who [...]

Since Jan20th 2009, a worm named W32.Waledac is a culprit for sending spam emails.  People found reporting spam emails linking to http://store.worldnewsdot.com or http://topwale.com I also went on the site to check what is all this fuss about by pointing my Firefox on the URL.  I was presented with nice picture filled with tempting hearts [...]