Unknown sample part 1
Browsing some malware repositories I found an interesting one from MDL Blog do Birungueta discuss a lot of software, it is a huge (might be famous) blog that I didn’t know about, are they providing malwares? The malware was hosted in .ru while this blog is Brazilian, are those related? Let’s see. source: unnurhmint.com/_/2/installer_v4.3061.exe date/time: [...]
SecurityShield, a new fake AV
While surfing the net I found a new Fake Antivirus called SecurityShield. By using virustotal, I found that only 11 /43 (25.6%) antivirus software detected the threat, a very low percentage. As many others fake Antivirus or fake Anti-malware, this software try to scares users by pushing out on the monitor some fake alerts. This [...]
FORENSICS’ PICKS: MAC ACQUISITION
The acquisition is one of the most important phase of the digital investigation process: any mistake made during this phase will most of the times lead to the inadmissibility in court of the image acquired, making invalid all the evidences found inside the disk. Therefore we can undoubtedly say that the acquisition is very critical. [...]
FORENSICS’ PICKS: WINDOWS XP SYSTEM RESTORE
While going across some of my digital forensics’ notes for the usual “reordering” that happens every now and then, I thought it would be nice to share some of them. The topic I’m going to talk about is, as you can easily guess from the title, Windows XP System Restore. Some of you may argue [...]
Zozzle (Microsoft’s Javascript-Malware Analysis Tool)
Zozzlein a sentence Zozzle is a static web-page analyzer for detecting ‘Heap-Spray Exploits’ [ literal meaning ] ‘a righteous observance of the law’ [ 3-Things It Is ] + a product of Microsoft Researchers hardwork (by Benjamin Livshits and Benjamin Zorn of Microsoft Research, Christian Seifert of Microsoft and Charles Curtsinger of the University of [...]
The all new KaffeNews
Hello Readers, Thank you for choosing KaffeNews! We have now merged the few different blogs under the various subdomains of KaffeNews into one main blog. We have also made changes on the author listings. We would still list the authors that have contributed in the past, but you would not see their names until the [...]
Google Secuirty Team – Yeah right!
We have been seeing such odd emails lately, to many known people. The following is what you see: Delivered-To: contact.fingers@gmail.com Received: by 10.216.231.225 with SMTP id l75cs370150weq; Mon, 18 Oct 2010 17:32:08 -0700 (PDT) Received: by 10.150.189.4 with SMTP id m4mr1016538ybf.418.1287448326586; Mon, 18 Oct 2010 17:32:06 -0700 (PDT) Return-Path: Received: from ariel.nocdirect.com (ariel.nocdirect.com [69.73.170.16]) by [...]
Antivirus Action
Antivirus Action is a fake security application (Antivirus IS, Security Suite, Antivir Solution Pro, AV Security Suite, AntiSpyware Soft, Antivirus Suite and Antivirus Soft clone) The rogue detects fake infections and prevents legit softwares execution, displaying alert messages to scare users. If your PC is infected with Antivirus Action follow bleepingcomputer’s removal guide.
System Defragmenter
System Defragmenter is a fake Defragmenter tool (rogue). System Defragmenter displays a lot of disturbing disks errors messages, prevent softwares execution pushing users to purchase a license. If your PC is infected with System Defragmenter, follow the Bleepingcomputer removal guide.
Video on SpyDllRemover Detecting HxDef Rootkit
Few days ago, we have released the major version 4.0 of SpyDllRemover which featured significant enhancements over the previous versions. In order to show case all the features we have decided to create a series of video demonstrations which will help user to understand & use the SpyDllRemover to its full potential. . . Here [...]
