Several security firms recently discovered TOR based malware on android platform. As we received the sample, we make some quick analysis on it. MD5: 58FED8B5B549BE7ECBFBC6C63B84A728 SHA-1: 2E6DBFA85186AF23A598694D2667207A254F8979 The sample has been reported to have C&C capability which is using unusual top level domain name (.onion). This TLD is usually used by TOR. The use of Orbot TOR […]
Analysis on Java Web Start Argument Injection Exploit
The recent discovery of Java Web Start Argument Injection vulnerability (CVE-2010-0886 and CVE-2010-0887) has opened a new opportunity for the bad guy to utilize it in drive-by download attack. Here is a short write up on the example (in the wild) found early today, which exploiting this vulnerability. The exploit was found on http://buckomre.com/ and […]
MySuntikanAPI
MyCERT have been developing a few analysis tools for reversing. MySuntikanAPI is still in alpha version and need more improvement. Every hooked API will capture detail information to make sure we don’t miss any behavior especially in malware sample. API Hooking is same as IAT hooking. One of the tools that we created is called […]
Attention – Mail server upgrade
Attention! On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour. The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run […]
Conficker.C and DNS
We have been working to track conficker’s dns queries in order to identify infected machines/network with conficker.c. Tracking a 50K DNS names and 500++ queries from each conficker is a bit troublesome when u have to record all the DNS queries (200M records/day) and compare it with 50K/day conficker.c domain names.:). The main idea of […]
You must be logged in to post a comment.