Clik here to view.
System doctor 2014
System doctor 2014 is a fake anti-spyware tool. It displays fake alert messages, prevent execution of legit programs and detects inexistent infections to scare users.It is a clone of System Care...
View ArticleClik here to view.
Canal Plus, poker and hacking
The 13 May Canal Plus (a french premium pay television channel) have broadcast a program "Foot, chevaux, poker: des paris sous influence"During this story they interviewed a 'hacker' just before the...
View ArticleClik here to view.
Carding Manager
Carding Manager is a script made by a french to store CC Details, it was at first sell for 50$But seem sales don't work, Peax reduced the price to 20$ Anyway that the first time i see a manager for...
View ArticleClik here to view.
Trojan:Win32/Tobfy.M Affiliate
Came across a Tobfy sample today, things was interesting so here is a post.I will skip the reversing part: i'm a bit bored to take 50 screenshots and go step by step about what's do the 'M' version of...
View ArticleClik here to view.
Trojan.Ransom
This trojan blocker ( MD5: b72a1ffd702f73080c7ab9ff26ba64ce, be1589b12b771ca6ba41b9e4c82ec9aa, d4a0afcc3471878014f4b64780245054 ) prevents all software execution.To remove the Trojan (and unlock...
View ArticleClik here to view.
Citadel lawsuit and explanation of John Doe 25
I was browsing the Zeus tracker in may, and a particular botnet got my attention.https://zeustracker.abuse.ch/monitor.php?host=angelescitypattaya.comThis Citadel botnet was targeting my country...
View ArticleClik here to view.
Who's behind Alina ?
Alina got a strange update this night, a 5.2 sample that i monitor received an update order for a 5.7 version (75F936A2385D2F26336D6F7410FD80DA)Nothing really new on this just..:Of course i don't...
View ArticleClik here to view.
Carberp archive
My first impression on the archive leak was "it's full of crap, where i should start"And i was right about this, Okay Carberp source is leaked but 2Gb... what the final size of a carberp stub 700Mb...
View ArticleClik here to view.
Carberp C&C
And here we go, first Carberp panel i break from the leak, surely a test one, gateway was badly configured like domains.Login:To view the login page sometime you need a special key...
View ArticleClik here to view.
Carberp Remote Code Execution: Carpwned
Everyone are looking at the Carberp source, bootkit and other components but did people investigated the panels source ?I don't know who did the PHP but he deserve a medal, it's more easy to hack than...
View ArticleClik here to view.
Money laundering
Please refer to the following Web site: http://krebsonsecurity.com/2013/06/cashout-service-for-ransomware-scammers/Login:Table check:Дорогие клиенты в связи с падением пробива на эксплойтах вы...
View ArticleClik here to view.
Micro camera for skimmer
Dimensions : 45mm x10mm x3mmVideo compresion : Xvid high compresionMemory : micro SD 32 GBConsumption : 100 mAh / 1 hourSize of the video : 200 Mb / 1 hourResolucion : 352 x 288 (configurable a 640 x...
View ArticleClik here to view.
FeodalCash Affiliate (Trojan:Win32/Tarcloin)
FeodalCash is a malware affiliate who push Bitcoin miners, saw that since a long time but i never really got interested by this until recently.Advert from a parter:FeodalCash:"Free registration" look's...
View ArticleClik here to view.
FakeAV abandoned affiliate
Appeared also recently on vx.vault: http://vxvault.siri-urz.net/ViriList.php?IP=31.184.244.2https://www.virustotal.com/en/ip-address/31.184.244.2/information/...
View ArticleClik here to view.
Point-of-Sale Malware: Infostealer.Dexter
Haven't posted since a while so let's do something... Back on some old material, due to a 'recent' compromission of off-sho.re servers, and the circulation between AVs of Cyberbunker sinkholes logs....
View ArticleClik here to view.
Power Loader 2.0 (Alueron)
Hello, i had to do this post to introduce you the C&C of Power Loader 2.0, due to a futur post about another malware based on it.Advert:English version, translated by Malwageddon (thanks again!)...
View ArticleClik here to view.
Having a look on the KINS Toolkit
I finally got KINS since 2,3 weeks, those who follow me on youtube probably noticed it due to my videos.KINS is the acronyme for Kasper Internet Non-Security, the guys of RSA Security have made an...
View ArticleClik here to view.
Inside a malware campaign: Alina + Dexter + Citadel
I am going to start this article by mentioning that the server i am about to talk was under strong investigations.But now i can talk, and there are some interesting things i want to mention about Alina...
View ArticleClik here to view.
Reversible Rovnix passwords
I got my hands on Rovnix recently.Not the one who got leaked with Carberp but the 'ISFB' package part (Core, Interceptor, ATS, VNC modules, etc...):And the panel..Who ask for mod_rewrite for an unknown...
View ArticleClik here to view.
Citadel targeting Canada
A Citadel domain appeared yesterday on the Zeus tracker:inforick, i thought this domain was done to annoy Rick of MalwareMustDie but seem not related.A friend (Kafeine) have found this binary, it was...
View Article