The current threat landscape is often driven by web-based malware and exploit kits that are regularly updated with newly found vulnerabilities. Recently, we received an interesting malware binary–a JAR package that opens a back door for an attacker to execute commands and acts as a bot after infection. This archive does not exploit any Java […]
Today, let’s get our hands dirty by analyzing an “interesting” sample that I found in-the-wild earlier today. There are multiple interesting parts of this sample; the first one is that they don’t really hide/obfuscate their stuff. They left it in plain text, and exposed the contents of their server. (By accident, I think.)Let’s move to […]
If you've been following the research we've been publishing (spearheaded by my Russian colleagues Aleksandr Matrosov and Eugene Rodionov) you'll be aware that the TDL rootkit family doesn’t make use of OS’s own file system. Instead, it implements its own hidden storage for the payload, configuration files and so on. The hidden storage is located at the end […]
Latest Comments