malware - Dave's Blog

Search
My timeline on Mastodon

Retweet of SwiftOnSecurity

2016 Jan 2, 6:04
Adware uses Fiddler libraries to proxy HTTPS traffic and inject ads (cc @ericlaw) http://blog.malwarebytes.org/security-threat/2016/01/websearcher-pup-applies-proxy-lockdown/ …
PermalinkComments

On exploiting security issues in botnet C&C...

2014 Jun 23, 4:26


On exploiting security issues in botnet C&C software:

Hackers “are learning that it’s not so easy to write secure code,” Toro says. “Most of us in the business of securing our applications and systems know that bulletproofing software is an extremely expensive and exhaustive undertaking. Malware creators who have to look to their own defences would have to slow down the production of new attacks.”

FYI, if you want to know what it looks like when you hack a hacker, look no further than the seminal 1995 film Hackers.

PermalinkCommentstechnical security

DSL modem hack used to infect millions with banking fraud malware | Ars Technica

2012 Oct 1, 6:33

According to the links within this article, although the root URI of the router requires authentication, the /password.cgi URI doesn’t and the resulting returned HTML contains (but does not display) the plaintext of the password, as well as an HTML FORM to modify the password that is exploitable by CSRF.

The attack… infected more than 4.5 million DSL modems… The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites.

PermalinkCommentstechnical security html router web dns csrf

Kim Dotcom’s Megabox: Music service or malware? | Ars Technica

2012 Sep 26, 6:40

Megabox is an ad-replacer - replacing ads on the web as you browse with its own. Ignoring security concerns, I hope this doesn’t result in over prescriptive laws that endanger things like Greasemonkey.

To listen to songs through Megabox, users will have two options—purchasing the music through the service, or installing “Megakey” software onto their computer to listen for free. The Megakey software, as Dotcom explained to Torrentfreak, acts like ad-blocking software—except that it isn’t. Megakey allows most advertisements to appear, but replaces about 15 percent of the ads served up by websites with ads hosted by Megabox.

PermalinkCommentstechnical music ad mega megadotcom megabox

Discovery of new "zero-day" exploit links developers of Stuxnet, Flame

2012 Jun 11, 6:41

As you might have guessed, Flame is also US/Israel produced malware.  From the people who brought you Stuxnet, its… Flame!

PermalinkCommentstechnical security malware politics internet microsoft

IAmA a malware coder and botnet operator, AMA (reddit.com)

2012 May 11, 10:19

Very interesting - both technically as well as looking into the moral justifications the botnet operator provides. But equally interesting  is the discussion on Hacker News: http://news.ycombinator.com/item?id=3960034. Especially the discussion on the Verified by Visa (3D Secure) system and how the goal is basically to move liability onto the consumer and off of the merchant or credit card company.

PermalinkCommentstechnical security botnet credit-card

Malware Signed With a Governmental Signing Key - F-Secure Weblog : News from the Lab

2011 Nov 16, 12:19

“It’s not that common to find a signed copy of malware. It’s even rarer that it’s signed with an official key belonging to a government.”

PermalinkCommentstechnical ssl

PDF Most Common File Type in Targeted Attacks - F-Secure Weblog : News from the Lab

2010 Mar 22, 8:40PDF overtakes Word as targeted attack vector of choice.PermalinkCommentssecurity office adobe pdf word powerpoint microsoft technical statistics internet malware

McAfee Security Insights Blog » Blog Archive » Operation “Aurora” Hit Google, Others

2010 Jan 20, 8:26McAfee on the China v Google attack.PermalinkCommentshack hackers security google browser web ie china microsoft malware ie6 technical

philosecurity - Blog Archive - Interview with an Adware Author

2009 Jan 13, 6:20"So we've progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that's encrypted - really more just obfuscated - to an executable that doesn't even run as an executable. It runs merely as a series of threads."PermalinkCommentssecurity privacy adware malware advertising ie browser scheme interview bho via:li

Shoulder Surfing a Malicious PDF Author - Didier Stevens

2008 Nov 13, 10:21"Ever since I read about the incremental updates feature of the PDF file format, I've been patiently waiting for a malicious PDF document with incremental updates to come my way. Thanks to Bojan, that day has finally arrived."PermalinkCommentspdf security javascript exploit malware adobe

IE8 Beta2 Shipped

2008 Aug 27, 11:36

Internet Explorer 8 Beta 2 is now available! Some of the new features from this release that I really enjoy are Tab Grouping, the new address-bar, and InPrivate Subscriptions.

Tab Grouping groups tabs that are opened from the same page. For example, on a Google search results page if you open the first two links the two new tabs will be grouped with the Google search results page. If you close one of the tabs in that group focus goes to another tab in that group. Its small, but I really enjoy this feature and without knowing exactly what I wanted while using IE7 and FF2 I knew I wanted something like this. Plus the colors for the tab groups are pretty!

The new address bar and search box makes life much easier by searching through my browsing history for whatever I'm typing in. Other things are searched besides history but since I ignore favorites and use Delicious I mostly care about history. At any rate its one of the things that makes it impossible for me to go machines running IE7.

InPrivate Subscriptions allows you to subscribe to a feed of URLs from which IE should not download content. This is intended for avoiding sites that track you across websites and could sell or share your personal information, but this feature could be used for anything where the goal is to avoid a set of URLs. For example, phishing, malware sites, ad blocking, etc. etc. I think there's some interesting uses for this feature that we have yet to see.

Anyway, we're another release closer to the final IE8 and I can relax a little more.

PermalinkCommentsmicrosoft browser technical ie8 ie

Mapping the Malweb - Interactive Map

2007 Mar 12, 12:46An interactive map showing where Internet attacks are coming from by top level domain.PermalinkCommentssiteadvisor map malware exploit security visualization
Older Entries Creative Commons License Some rights reserved.