Obfuscation | DataProtectionCenter.com

?RunForestRun?, ?gootkit? and random domain name generation

01

Aug

2012

Recently, we came across web malware that – instead of injecting an iframe pointing to a fixed existing address – generates a pseudo-random domain name, depending on the current date. This approach is not new and is widely used by botnets in C&C domain name generation, yet it’s not very common for the web malware we?ve seen […]

Category General Written by Securelist / Blog 0 Comments

More 64-bit obfuscator madness

20

Jul

2012

Just after we published a blog about a 64-bit obfuscator, we very quickly discovered another malware family following the same trend. Claretore is also using two-layer 64-bit obfuscation, although it does it a little differently to Ursnif. The first layer simply decrypts the code of the second layer and passes it control. There’s even a 64-bit […]

Category General Written by Microsoft Malware Protection Center 0 Comments

Obfuscating, bifurcating, escalating and mitigating on 64-bit

13

Jul

2012

With the growth in adoption of 64-bit architectures and associated operating systems, we’re seeing the usual malicious suspects following the trend. We have seen variants of several families, including Alureon, Koobface, Sirefef and Ursnif targeting this platform. These families adopt various techniques to prevent their detection and removal, one of which is obfuscation. Let’s take […]

Category General Written by Microsoft Malware Protection Center 0 Comments

The Latest in IT Security

Posts Tagged ‘Obfuscation’

?RunForestRun?, ?gootkit? and random domain name generation

More 64-bit obfuscator madness

Obfuscating, bifurcating, escalating and mitigating on 64-bit

Categories

Featured

Archives

Latest Comments

About Us

Contact Us