There is no such thing as closed source software…the processor sees every instruction and so does the reverse engineer…
This is a quick post about some of the analysis I did in the start of this week. This is a case of yet another exploit for CVE-2010-0806. I am seeing exploits for this vulnerability floating a lot from past couple of months. As described on mitre.org: “Use-after-free vulnerability in the Peer Objects component (aka [...]
CVE-2007-0024 is quite old and you might think, there would be no more active exploitation of this vulnerability as it was patched long back. I will say, think again. Today, I analyzed live attack while exploiting above vulnerability. Here is the gist of my analysis. Overview of CVE-2007-0024: An Integer overflow in the Vector Markup [...]
In my previous blog post, I talked about FakeAV malware and its new techniques to spread by disguising legitimate software download. In this post I will talk about a very simple technique to clean the FakeAV infection. Before I talk about the infection removal, let me list out all the measures taken by malware to prevent [...]
Last night, a friend sent me an email with a link for analysis. I have seen many such spam emails ever since Microsoft acquired Skype. This was also on the similar front asking your to download latest version of skype from skype-voip-2011-upgrades[dot]com Here is yet another spam email dropping FakeAV malware incident. Few highlights of the analysis: [...]
One might think IRC bots have gone but a recent incident made me believe that they have not. Here’s how the story goes… As a part of my job, I was looking for malicious traffic on the network and a binary name msconfig.exe caught my eye. I saw msconfig.exe was getting downloaded through one of [...]
Ahem…not sure why would anyone want to use .Net framework for DLL injection when it’s a pretty simple job using Win32 APIs. But I am sure there are plenty like me who wish to use managed code for system programming. Just for the fun and practice; I ported my win32 code injection tool in .Net [...]
At last the time has come to show some presence again on my blog. After my disappearance for almost half a year, today I got the chance to actually write something… and what motivated me in doing so was a new spyware infection.. Here is the prologue… I was spying on my MATRIX honeypot for new [...]
On 16th July, 2010 a researchers found out a new shortcut to Pawn Remote System in an unusual way. They crafted a way to exploit windows shortcut files, commonly referred as .lnk file in order to gain unauthorized access to remote computer. Users need not even click the shortcut file, if s/he views it in [...]
Last month a security researcher Didier Stevens published a PoC PDF file which had executable embedded inside it. Though Metasploit framework already has this attack module to embed any executable inside a PDF file, the approached used by Didier Stevens is different and does not involve use of Javascript. As JavaScript is not used, disabling [...]
For past few days, I was getting fraud emails impersonating HDFC and IDBI banks. Emails looked pretty legitimate unless you looked into the email headers or actually visited the link provided in them. Below are some screen shots of the emails that I received. You may also see some superficial investigation I underwent to make [...]
