RFI Attacks

Suspected Attacks 468168

[Details]


Sources of Badness – UATelecom

The next source of badness I’ll cover is UATelecom (AS44997). With a /22, this host is much smaller than LeaseWeb. A Swiss blogger also had a run in with this host which you can read about here (written in German) 91.203.92.0/22 AS44997 netname: BASTION-NET descr: ISP UATelecom country: EU organisation: ORG-TG39-RIPE org-name: UATELECOM LLC. org-type: [...]

Share
December 12th, 2008 | Category: Intelligence, Intrusion Detection, Malware Binaries (exe/dll) | Leave a comment

Sources of Badness – LeaseWeb

**Edit 2** I’d like to thank LeaseWeb for taking the time to respond to this post. It’s great to hear that they take action quickly once informed of abuse. I found it surprising that they would receive reports of malware and other nefarious activity but with no substantiating evidence. The “fire and forget” mentality of [...]

Share
December 11th, 2008 | Tags: , , | Category: Intelligence, Intrusion Detection, Malware Binaries (exe/dll) | 3 comments

Finding the unknown on your network

One of the things I constantly keep in mind is “how do I find what I don’t know about?”. An unknown threat is what will hurt you and your organization. So how does one find something they don’t know about? From an intrusion detection perspective, this can be quite easy. Everyone knows (or should know) [...]

Share
November 26th, 2008 | Tags: , , , | Category: Intelligence, Intrusion Detection, Malware Binaries (exe/dll) | Leave a comment

Analyzing a malicious pdf – Troj/PDFJs-A

I picked up a copy of a malicious pdf a week or so ago that was trying to infected a workstation. Lets crack it open and see what’s inside. Virus Total MD5: bccb814a5bcba72be31cdaf4e8805a7b Filename: pdf.pdf Simply running the file command on the pdf returns the following: pdf.pdf: PDF document, version 1.4 Running strings on pdf.pdf [...]

Share
September 4th, 2008 | Tags: , , , | Category: Malware Binaries (exe/dll), Malware scripts and other formats, Reverse Engineering | Leave a comment

Anti analysis tricks in Trojan-Downloader.Win32.Agent.abti

While perusing some malware for learning purposes I ran across some anti analysis techniques used in Trojan-Downloader.Win32.Agent.abti. I’m keeping this post a little more brief by posting fewer screenshots. MD5: 588573DC336B3695E9FDB890EEFD26DB Virus Total Results Anubis Results Threat Expert Results Sunbelt sandbox results The Anubis scan yielded great results, but we are focusing mainly on the [...]

Share
September 1st, 2008 | Tags: , | Category: Malware Binaries (exe/dll), Reverse Engineering | Leave a comment

Analysis of a dll injector – Trojan.Win32.Inject.dnz

For my first real foray into reverse engineering, I decided to pick something small and easy to analyse.  Even though this level of analysis isn’t needed for such a simple piece of malware, it makes for a great sample to learn on. The file is t.exe (MD5 – E276F2C49D194DEF764A383482ECBD03). Virus total results Anubis report Threat [...]

Share
August 28th, 2008 | Tags: , , | Category: Malware Binaries (exe/dll), Reverse Engineering | 2 comments
« Newer Entries