Archive | Malware


16 July 2014 | 2,353 views

FakeNet – Windows Network Simulation Tool For Malware Analysis

FakeNet is a Windows Network Simulation Tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment. The goal of the project is to: Be easy [...]

Continue Reading


02 July 2014 | 1,355 views

Microsoft’s Anti-Malware Action Cripples Dynamic DNS Service No-IP

So it looks like Microsoft has been a little heavy handed in this case, the case of dynamic DNS provider No-IP serving up malware. I would imagine most of us have utilised a dynamic DNS service at some point to map a dynamic IP address to a memorable domain. It seems that malware folks have [...]

Continue Reading


28 May 2014 | 1,723 views

Pirated ‘Watch Dogs’ Game Made A Bitcoin Mining Botnet

Pretty smart idea this one, we wrote about Yahoo! spreading Bitcoin mining malware back in January, but we haven’t really seen any of that type of activity since then. But this, this is a much better target audience – gamers with high powered GPUs! Especially as this is one of most hyped ‘next-gen’ games for [...]

Continue Reading


20 May 2014 | 2,784 views

Hook Analyser 3.1 – Malware Analysis Tool

Hook Analyser is a freeware application which allows an investigator/analyst to perform “static & run-time / dynamic” analysis of suspicious applications, also gather (analyse & co-related) threat intelligence related information (or data) from various open sources on the Internet. Essentially it’s a malware analysis tool that has evolved to add some cyber threat intelligence features [...]

Continue Reading


14 March 2014 | 1,499 views

NSA Large Scale TURBINE Malware Also Target Sysadmins

So more revelations coming out about the NSA from the latest batch of documents leaked by Edward Snowden. This time they detail a huge malware infection system created for widespread infections, it seems fairly advanced with the ability to spit out different types of malware depending on the target. Other than the TURBINE malware engine, [...]

Continue Reading


06 March 2014 | 784 views

Target CIO Beth Jacob Resigns After Huge Breach

So the latest news this week is that the Target CIO Beth Jacob has resigned, it seems to be somewhat linked to the massive heist of credit card details from Target that took place in December last year. To be fair it was a fairly complex, high-level attack and I’m pretty sure most companies would [...]

Continue Reading


14 February 2014 | 1,839 views

Azazel – Userland Anti-debugging & Anti-detection Rootkit

Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more. Features Anti-debugging Avoids unhide, lsof, ps, ldd detection Hides files and directories Hides remote [...]

Continue Reading


12 February 2014 | 914 views

The Mask AKA Careto Espionage Malware

So the latest buzz going around is caused by a hacking group that appears to be Spanish and is called The Mask or Careto. The reason there is a fair amount of buzz is their next level espionage malware that has been targeting government institutions, diplomatic offices and embassies, energy, oil and gas companies, research [...]

Continue Reading


08 January 2014 | 978 views

Yahoo! Spread Bitcoin Mining Botnet Malware Via Ads

Bitcoin and other cryptocurrencies are pretty much headline news every day now, especially with the inflated values (Bitcoin over $1000 recently). We haven’t mentioned them for a long time though, back in 2012 we wrote about Hackers breaking into a Bitcoin Exchange Site called Bitcoinica. There have been plenty of Bitcoin related hacks since then, [...]

Continue Reading


09 December 2013 | 1,292 views

Linux.Darlloz Worm Targets x86 Linux PCs & Embedded Devices

So this is not a particularly technical source article, but it looks fairly interesting and I haven’t heard of this Linux.Darlloz worm before, so it might be new to some of you too. Seems like it’s going after old php-cgi installs, which are very common on embedded systems (routers/pos systems/stbs etc). The vulnerability being used [...]

Continue Reading