configuration file | DataProtectionCenter.com

Symbian malware uses a 91-byte XOR key

08

Nov

2011

It’s high time the Crypto Girl talks about Crypto, isn’t it? A few days ago, I analyzed a malicious Opera Updater, named SymbOS/OpFake.A!tr.dial, and was surprised to discover it uses a 91-byte XOR key to conceal one of its configuration file. 91 bytes?! Yes, bytes, so 728 bits. This is quite a lot. AES only […]

Category Security Written by Fortinet Security Blog 0 Comments

Win32/Duqu analysis: the RPC edition

29

Oct

2011

My Russian colleagues Aleksandr Matrosov and Eugene Rodionov have found some time to do some more analysis on Win32/Duqu. (Don’t you guys sleep?) In the previous post (http://blog.eset.com/2011/10/25/win32duqu-it%e2%80%99s-a-date) they concentrated on analyzing the Duqu configuration file format and extracting the exact date on which the system was infected. This time they investigated Duqu’s RPC (Remote […]

Category General Written by ESET ThreatBlog 0 Comments

Trojan:SymbOS/OpFake.A

27

Oct

2011

Here’s the technical analysis related to yesterday’s post on Trojan:SymbOS/OpFake.A. OpFake.A arrives as a supposed Opera Mini updater using file names such as OperaUpdater.sisx and Update6.1.sisx. The malware installer adds an Opera icon to the application menu. When run, it will show a menu and a fake download progress bar. Progress bar displayed… even though […]

Category General Written by F-Secure Antivirus Research Weblog 0 Comments

The Latest in IT Security

Posts Tagged ‘configuration file’

Symbian malware uses a 91-byte XOR key

Win32/Duqu analysis: the RPC edition

Trojan:SymbOS/OpFake.A

Categories

Featured

Archives

Latest Comments

About Us

Contact Us