Clik here to view.
Gameboy hacking
Not malware related, but i recently played with my gameboy more specifically the electronic inside. And some people on skype told me to make a post so here we go... :)At first i've just hacked my...
View ArticleClik here to view.
Win32/Spy.POSCardStealer.O and unknown POS Sniffer
Finally some new stuff (hmm, no)Let's talk about Win32/Spy.POSCardStealer.O identified by ESET.It's pretty lame but let's see it anyway.On the first procedure the malware will register a reg key in...
View ArticleClik here to view.
Win32/Atrax.A
Atrax is a TOR botnet, you can read about it on the excellent post of Aleksandr.Someone on kernelmode.info posted recently a fresh sample:MD5: 44a6a7d4a039f7cc2db6e85601f6d8c1Fun things also, the coder...
View ArticleClik here to view.
Win32/BruteForce.WP
DrWeb released a news about this malware in August, they know it as 'Trojan.WPCracker.1'And more recently ~ 1e8cd0f0f1702820c870302520bc0176.This executable communicate with a C&C at...
View ArticleClik here to view.
How the protection of Citadel got cracked
Recently on a forum someone requested cbcs.exe (Citadel Backconnect Server)If you want to read more about the Backconnect on Citadel, the link that g4m372 shared is cool:...
View ArticleClik here to view.
Jolly Roger Stealer
Friend Kafeine have already do a post on it, although someone recently sent me a url on my cybercrime tracker.. i give a f%$k• dns: 1 ›› ip: 178.162.193.24 - adresse: LOADER.ISTMEIN.DEBot statistic:CPU...
View ArticleClik here to view.
Troj/WowSpy-A
Recently a malware who target World of Warcraft got identified.This threat is known as Disker, Mal/DllHook-A or Trojan.Siggen5.64266 and can steal player accounts even if they use a Battle.net...
View ArticleClik here to view.
Decoding Zeus 2.9.6.1 dynamic config
I got a look on the zeus builder who was released by the MMBB guy on exploit.in, finally i'm decided to write something about it, so let's talk about the change in the config encryption.MD5:...
View ArticleClik here to view.
Plasma HTTP
Advert:Login:Online bot:offline bots:Commands:Statistics:Logs:Yeah take this lame article to second degree, i just talk about Plasma because i've promised to write something today on irc.I'm not dead...
View ArticleClik here to view.
Zeus 1.1.3.4
RSA FirstWatch throw me recently a sample of a 'new' Zeus variant.I didn't really check all the changes that were made but seem it's nothing more than just a standard Zeus v2.But wait, it communicates...
View ArticleClik here to view.
Carberp C&C
And here we go, first Carberp panel i break from the leak, surely a test one, gateway was badly configured like domains.Login:To view the login page sometime you need a special key...
View ArticleClik here to view.
Carberp Remote Code Execution: Carpwned
Everyone are looking at the Carberp source, bootkit and other components but did people investigated the panels source ?I don't know who did the PHP but he deserve a medal, it's more easy to hack than...
View ArticleClik here to view.
ZeusVM and steganography
Months ago, researchers observed an evolution of ZeusVM, time to get back on this family.For informations,The first ZeusVM sample i've seen using steganography was the 21 November 2013.The IP of the...
View ArticleClik here to view.
Android/FakeToken.A
OTP forwarder dumped months ago.Login:Statistics:Bots:Bot:Passwords:Send a command:Commands sent:Apps:Apps...
View ArticleClik here to view.
Lame scareware
I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.All the following was so lame that i need...
View ArticleClik here to view.
Android.Trojan.Rubobi.A (SmsPiratBot)
Another Android botnet dumped recently.This malware can send and intercept sms from bots.Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the...
View ArticleClik here to view.
ATSEngine
ATSEngine injects can be found oftenly inside Zeus configs, it makes the webinjects more dynamic because most of the content is located remotely and can be updated much easily instead of sending new...
View ArticleClik here to view.
Install service for Malware affiliates and individuals
This install service was running since a long time but the server recently died.People targeted are from Russia, Ukraine, Belarus, Kazakhstan, and Uzbekistan.Login:Statistics by days:(Date, Unique...
View ArticleClik here to view.
i/o
Wow, it's been a awhile since i haven't written anything new here...So to answer many questions.. no i'm not dead, and will try to get active again a bit next year.I'm not writing this due to...
View ArticleClik here to view.
iBanking
iBanking is an android malware made to intercept voice and text informations.The panel is poorly coded.Login:Projects:Phone list:SMS List:All SMS (Incomming)All SMS (Outgoing):Call list...
View Article