Actus Sécurité Confirmé 2012 S16

=> Malware Analysis – Follow along reversing the German government’s “Bundestrojaner”. 15/04/2012. «In this article, we will reverse engineer the dropper for a relatively infamous trojan – the Bundestrojaner – developed by the German government to spy on who knows whom. Slate says the trojan “is sent disguised as a legitimate software update and was capable of recording Skype calls, monitoring Internet use, and logging messenger chats and keystrokes. It could also activate computer hardware such as microphones or webcams and secretly take snapshots or record audio before sending it back to the authorities.” In this article, we will show you step by step how to reverse the trojan dropper, in a subsequent article we will reverse the driver and other user-mode components of the trojan (…).» En date du 13/04, attribué au 15/04 par commodité pour la brève.
Source : resources.infosecinstitute.com/german-trojan/

=> The anatomy of Flashfake. Part 1. 19/04/2012. «It is a family of malware for Mac OS X. The first versions of this type of threat were detected in September 2011. In March 2012 around 700,000 computers worldwide were infected by Flashback. The infected computers are combined in a botnet which enables cybercriminals to install additional malicious modules on them at will. One of these modules is known to generate fake search engine results. It is quite possible that, in addition to intercepting search engine traffic, cybercriminals could upload other malicious modules to infected computers – e.g. for data theft or spam distribution (…).»
Source : www.securelist.com/en/analysis/204792227/The_anatomy_of_Flashfake_Part_1
Billets en relation :
16/04/2012. Java OSX CVE-2012-0507, CVE-2011-3544 and Flashback.35/J sample : contagiodump.blogspot.fr/2012/04/java-osx-cve-2012-0507-cve-2011-3544.html
16/04/2012. Is CVE-2012-0507 the best toolkit to exploit Mac OS X? : community.websense.com/blogs/securitylabs/archive/2012/04/16/is-the-cve-2012-0507-the-best-toolkit-to-exploit-mac-os-x.aspx
19/04/2012. OS X Mass Exploitation – Why Now? : www.securelist.com/en/blog/208193490/OS_X_Mass_Exploitation_Why_Now
20/04/2012. Flashback Cleanup Still Underway—Approximately 140,000 Infections : www.symantec.com/connect/blogs/flashback-cleanup-still-underway-approximately-140000-infections

=> Digging Into the Nitol DDoS Botnet. 19/04/2012. «Nitol is a distributed denial of service (DDoS) botnet that seems to be small and not widely known. It mostly operates in China. McAfee Labs recently analyzed a few samples; we offer here the communications protocol and the Trojan’s capabilities (…).»
Source : blogs.mcafee.com/mcafee-labs/digging-into-the-nitol-ddos-botnet

=> Silence Winlocker . 20/04/2012. «I continue to keep an eye on these winlocks, here are some interesting cases (…).»
Source : xylibox.blogspot.fr/2012/04/silence-winlocker.html
Billets en relation :
20/04/2012. Ransomware and Silence Locker Control Panel : www.symantec.com/connect/blogs/ransomware-and-silence-locker-control-panel

=> Analysis of the Eleonore exploit pack shellcode. 20/04/2012. «‘?Eleonore’ is a malware package that contains a collection of exploits used to compromise web pages. When the compromised web pages are viewed via vulnerable systems, the exploit payload is run. Eleonore is purchased by an attacker from an underground website. The attacker then gains access to Internet web servers and installs the exploit by modifying webpages, which are then served to the public. The malware pack also contains functionality for the tracking and management of compromised computers (…).»
Source : blogs.technet.com/b/mmpc/archive/2012/04/20/analysis-of-the-eleonore-exploit-pack-shellcode.aspx

=> Analysis of DarkMegi aka NpcDark . 20/04/2012. «I’ve always been interested in rootkits and their removal. So it was no surprise that after reading the article about DarkMegi I tried to find the rootkit dropper. Two security colleagues were kind enough to forward me a few samples (…).»
Source : stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html
Billets en relation :
16/04/2012. Darkmegi: This Is Not the Rootkit You’re Looking For : blogs.mcafee.com/mcafee-labs/darkmegi-not-the-rootkit-youre-looking-for
18/04/2012. DarkMegi rootkit – sample (distributed via Blackhole) : contagiodump.blogspot.fr/2012/04/this-is-darkmegie-rootkit-sample-kindly.html

=> Latest SpyEye Botnet Active and Cheaper. 20/04/2012. «The source code for SpyEye Version 1.3.45 had already been leaked, and a lot of technical information about this botnet is available on the web. Fortunately, we obtained a live sample (with an active control server) created by the latest release (the version ID is hard-coded in the build and sent to the control server along with other information). We proceeded to reverse engineer the latest version to look for any differences (…).»
Source : blogs.mcafee.com/mcafee-labs/latest-spyeye-botnet-active-and-cheaper
Billets en relation :
16/04/2012. SpyEye 1.3.48 Setups + Working Injects! : pastebin.com/6pzYMHnH

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.

Navigation