MyKotakPasir: Solved major problem during automated analysis.

MyKotakPasir 2 is a malware sandbox developed by Malware Research Center at MyCERT. A lot of  improvements have been introduced since the first version. For instance, in the previous version, 2 different programming languages, namely Python and VB, were used to handle analysis work. Due to some teething problems with Python,  I have changed everything to […]

Attention – Mail server upgrade

Attention! On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour. The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run […]

Mass SQL Injection And Asprox Bot

Asprox is one of the botnet that implements mass sql injection to inject malicious *.js script into MSSQL database server. Normally Asprox bot will search for any vulnerable (sql injection, of course) *.asp script to inject the malicious *.js script and iframe into database. Typical sql injection is similar to log below:

It’s a […]

Conficker.C and DNS

We have been working to track conficker’s dns queries in order to  identify infected machines/network with conficker.c. Tracking a 50K DNS names and 500++ queries from each conficker is a bit troublesome when u have to record all the DNS queries (200M records/day) and compare it with 50K/day conficker.c domain names.:). The main idea of […]

Automated Unpacking Conficker Worm Variant B

The infamous worm, Conficker, which surfaces in 21 November 2009 and is set to time-bomb on 1 April 2009, was literally over the media. Although studying its malware source code is the best way to fully understanding its features and impacts, unfortunately getting the source code to study sometimes are impossible. There is still has […]

Conficker: The other not so famous Variant A

There are lot more discussions are going on for Conficker variant C (ConfickerC) due to 1st April. Why 1st april?. The 1st april is the day ConfickerC should call home for updates. The domain name generator  algorithm  used by ConfickerC is making blocking or detecting live ConfickerC update servers is becoming harder when it will […]