Archive | Malware


27 August 2014 | 1,067 views

Twitter Patents Technique To Detect Mobile Malware

So it was discovered that Twitter has been granted a patent which covers detection of mobile malware on websites to protect its user base. The patent was filed back in 2012, but well – as we know these things take time. The method is something like the technology Google uses in Chrome to warn you [...]

Continue Reading


13 August 2014 | 3,706 views

ParanoiDF – PDF Analysis & Password Cracking Tool

ParanoiDF is a PDF Analysis Suite based on PeePDF by Jose Miguel Esparza. The tools/features that have been added are – Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more. We have posted about a few PDF related tools before, including the one this tool is based on: – peepdf – Analyze & [...]

Continue Reading


04 August 2014 | 3,440 views

Windows Registry Infecting Malware Has NO Files

This is a pretty interesting use of the Windows Registry and reminds me a little of the transient drive-by malware used last year against Internet Explorer that left no files either – Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks. The main difference being, that wasn’t persistent and as it lived [...]

Continue Reading


16 July 2014 | 3,901 views

FakeNet – Windows Network Simulation Tool For Malware Analysis

FakeNet is a Windows Network Simulation Tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment. The goal of the project is to: Be easy [...]

Continue Reading


02 July 2014 | 1,905 views

Microsoft’s Anti-Malware Action Cripples Dynamic DNS Service No-IP

So it looks like Microsoft has been a little heavy handed in this case, the case of dynamic DNS provider No-IP serving up malware. I would imagine most of us have utilised a dynamic DNS service at some point to map a dynamic IP address to a memorable domain. It seems that malware folks have [...]

Continue Reading


28 May 2014 | 2,053 views

Pirated ‘Watch Dogs’ Game Made A Bitcoin Mining Botnet

Pretty smart idea this one, we wrote about Yahoo! spreading Bitcoin mining malware back in January, but we haven’t really seen any of that type of activity since then. But this, this is a much better target audience – gamers with high powered GPUs! Especially as this is one of most hyped ‘next-gen’ games for [...]

Continue Reading


20 May 2014 | 2,895 views

Hook Analyser 3.1 – Malware Analysis Tool

Hook Analyser is a freeware application which allows an investigator/analyst to perform “static & run-time / dynamic” analysis of suspicious applications, also gather (analyse & co-related) threat intelligence related information (or data) from various open sources on the Internet. Essentially it’s a malware analysis tool that has evolved to add some cyber threat intelligence features [...]

Continue Reading


14 March 2014 | 1,517 views

NSA Large Scale TURBINE Malware Also Target Sysadmins

So more revelations coming out about the NSA from the latest batch of documents leaked by Edward Snowden. This time they detail a huge malware infection system created for widespread infections, it seems fairly advanced with the ability to spit out different types of malware depending on the target. Other than the TURBINE malware engine, [...]

Continue Reading


06 March 2014 | 791 views

Target CIO Beth Jacob Resigns After Huge Breach

So the latest news this week is that the Target CIO Beth Jacob has resigned, it seems to be somewhat linked to the massive heist of credit card details from Target that took place in December last year. To be fair it was a fairly complex, high-level attack and I’m pretty sure most companies would [...]

Continue Reading


14 February 2014 | 1,901 views

Azazel – Userland Anti-debugging & Anti-detection Rootkit

Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more. Features Anti-debugging Avoids unhide, lsof, ps, ldd detection Hides files and directories Hides remote [...]

Continue Reading