Malware
Looking for Internet Security 2010
Submitted by mankrik on Mon, 2010-02-08 13:32. Malware | Sample RequestsI'm looking for Internet Security 2010. This is the rogue malware that changes the Winlogon registry entry to winlogon32.exe. I need this infection to test our security software to ensure it does not remove the infection and render our PCs unbootable with userinit.exe missing from the Winlogon reg key. The Winlogo32.exe infected file would suffice.
Internet Security 2010
Submitted by mankrik on Mon, 2010-02-08 12:38. Malware | Sample RequestsI'm looking for Internet Security 2010. I need this for testing purposes of our security software. The winlogon32.exe file would suffice.
Buffer overflow attack in Microsoft Word targetted at the sensitive organization
Submitted by arvindkhatana on Fri, 2010-02-05 00:37. Exploits | Malware | Reversing Challenges | Shellcode | Site DiscussionThe malicious doc mail has been sent to the organization.I am analyzing it but it don't contain any malicious VB script but officemalwarescanner does show it as creating
Api-Name GetTempPath
Api-Name CreateFile
Api-Name CloseHandle
Api-name WriteFile
I am trying to find any shell code if any .
i have posted the doc file at h__p://www.offensivecomputing.net/?q=ocsearch&ocq=aada36da206a13ed56979c1a6838a1e6.
Hack The Malware
Submitted by antivirustaneja on Thu, 2010-02-04 10:46. Analysis and Samples | Malwarehttp://www.av-expert.in/wordpress/?p=104
looking for antivirus2010 malware or similar to demonstrate at a seminar.
Submitted by whitehatzombie on Wed, 2010-02-03 20:29. Malware | Sample RequestsI am looking for this malware in order to demonstrate how it works and proper removal for a seminar I am going to hold.
Revrersing Compiler Infector -Induc
Submitted by palaniyappan on Wed, 2010-01-27 12:00. MalwareLook for detailed analysis of Induc virus with source code:
http://virgentools.blogspot.com/2010/01/tracing-infecting-code-in.html
Trouble Unpacking
Submitted by gnarlysec on Mon, 2010-01-25 09:39. Malware | Unpacking MalwareI recently ran across some malware on a site and am trying to figure out how it works. I've been trying to unpack the original file I downloaded, but haven't been having much success. The original executable deletes itself and creates another executable in C:\WINDOWS\system32. Attempts to disassemble it with IDA, ollydbg, and PE Browse all don't work. I've put what dumpbin has to say at the bottom of the post. I figure it's packed somehow. Any tips? I've uploaded the file, you can find it here:
http://www.offensivecomputing.net/?q=ocsearch&ocq=2d7a7bceac89a0ae7c6edcbf62252bc5
Suggestions requested for seminar on Malware & its trends & techniques.
Submitted by claws on Thu, 2010-01-21 04:05. Malware | ResearchHow to remove .sys trojan
Submitted by rynfua117 on Mon, 2010-01-18 00:55. Analysis and Samples | MalwareCould you tell me about how to remove this malware ?
When I manually edit and delete this file or registry,
the access denial message is displayed.
When I check attribute command for this file,
I cannot change any attribute for this.
trace:
c:\windows\system32\drivers\fzbilwy.sys
registry:
HKLM\System\CurrentControlSet\Service\fzbilwy
regards
-hisaki
'Aurora' anyone?
Submitted by adam1mc on Fri, 2010-01-15 08:16. Malware | Sample RequestsWould love to get my hands on a copy of this. McAfee has it....
http://www.wired.com/threatlevel/2010/01/operation-aurora
