There is no such thing as closed source software…the processor sees every instruction and so does the reverse engineer…
Just before we say good bye to 2011, Microsoft released a security bulletin for escalation of privileges vulnerability in .Net Framework. NIST describe the vulnerability as – The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access [...]
A friend of mine reported receipt of suspicious email to me. It turned out to be a nice opportunity to analyze one more client side attack from the bag of BlackHole exploit kit. Attacker was not at all funky this time, no fancy stuff in the email, just a plain email with an external link. Below is the email [...]
In this post, I have used one of the encrypted samples found for CVE-2011-2462 vulnerability. After coming back from my vacation, I decided to take a quick look at the new samples shared on contagio blog to understand the exploitation methods of CVE-2011-2462. As many nice articles/blog posts have already written on this vulnerability, I [...]
Yesterday, one of my friend received a legitimate looking email from Internal Revenue Service with subject: Your Federal Tax Payment with a link to tax report.pdf file. He reported it to me and I got a chance to analyze it. Below are some of my findings from the analysis. The link had below obfuscated javascript in [...]
This is a quick post about some of the analysis I did in the start of this week. This is a case of yet another exploit for CVE-2010-0806. I am seeing exploits for this vulnerability floating a lot from past couple of months. As described on mitre.org: “Use-after-free vulnerability in the Peer Objects component (aka [...]
CVE-2007-0024 is quite old and you might think, there would be no more active exploitation of this vulnerability as it was patched long back. I will say, think again. Today, I analyzed live attack while exploiting above vulnerability. Here is the gist of my analysis. Overview of CVE-2007-0024: An Integer overflow in the Vector Markup [...]
In my previous blog post, I talked about FakeAV malware and its new techniques to spread by disguising legitimate software download. In this post I will talk about a very simple technique to clean the FakeAV infection. Before I talk about the infection removal, let me list out all the measures taken by malware to prevent [...]
Last night, a friend sent me an email with a link for analysis. I have seen many such spam emails ever since Microsoft acquired Skype. This was also on the similar front asking your to download latest version of skype from skype-voip-2011-upgrades[dot]com Here is yet another spam email dropping FakeAV malware incident. Few highlights of the analysis: [...]
One might think IRC bots have gone but a recent incident made me believe that they have not. Here’s how the story goes… As a part of my job, I was looking for malicious traffic on the network and a binary name msconfig.exe caught my eye. I saw msconfig.exe was getting downloaded through one of [...]
Ahem…not sure why would anyone want to use .Net framework for DLL injection when it’s a pretty simple job using Win32 APIs. But I am sure there are plenty like me who wish to use managed code for system programming. Just for the fun and practice; I ported my win32 code injection tool in .Net [...]
