Exploits employado por Gumblar
Disculpa, pero esta entrada está disponible sólo en English.
|
|||||
2 comentarios a Exploits employado por GumblarDeje una respuesta |
|||||
|
Copyright © 2010 Andrew Martin - All Rights Reserved |
|||||
These are similar to websites I investigated after seeing a Craigslist ad for help cleaning Websites(blog comment malframes). I ran these through Wepawet on April 24…
litecarfinestsite.cn
liteautomobileinsurance.cn
bigfirststopnonfat.cn
liteupyourride.cn
They dropped swf/pdf files, ran ActiveX PDF attacks, and dropped a windows pe at the end…Anubis found it added digiwet.dll to the system…I believe I saw this same file in the Gumblar analysis.
Thanks for the interesting analysis
Hi Andrew,
I too came across a similar malware, but I am stuck at one point in the wepawet analysis.
In the segment “var Kkbfhqas=” what is the decoded output of the variable. I had read some place that this is the ’shellcode’, but I am not able to figure that out myself . Any inputs on this or how I can better understand this segment ?
Thanks