For the past few months I have been looking into macro enabled Office documents and during that time I have detected hundreds of malicious documents. This post just highlights what to look out for so it might benefit some of you if deciding to notify or quarantine mail in your environment. I’ve also did a…
Anti-Rootkit scanner tools
Here are some well known anti-rootkit scanners that are a must have in your tools collection. Its always good to have a couple of anti-rootkit scanners as you might find some scanners may not detect all rootkits. The download links are for those versions mentioned in the table at the time of this post so…
Hiding malicious files in Windows folders
The desktop.ini is a standard text file that can be placed in any Windows folder to customize certain aspects of the folders behaviour, i.e. what the folder icon should be, what folder name to display, etc. The desktop.ini file is normally a hidden file so to display existing ones in folders you’ll need to make…
Adobe 0-day vulnerability embedded malware (CVE-2010-1297)
After a week of this 0-day vulnerability being reported a number of posts have been published over the last few days detailing the disassembled malicious flash (swf) file exposing the invalid byte triggering the vulnerability. The vulnerability is caused when handling a “newfunction” instruction by Adobe’s ActionScript Virtual Machine 2 (AVM2). The vulnerability lies in…
Fake Antivirus “Security Tool” terminating new processes
This fake antivirus software calling itself “Security Tool” intercepts binary files at the point of execution terminates it. Weather it be a bat, com or exe extension the fake av terminates them upon execution. This can be very frustrating when trying to remove this malware on a standalone machine. Fortunately not all processes get terminated;…
Fake Antivirus “XP Guardian 2010” exe hijacking
Another fake antivirus software calling itself “XP Guardian 2010” is doing its rounds displaying bogus pop-ups and fake scans enticing you to buy its product. What is interesting about this malware is that this one changes the machine exe associations in the Windows registry. When any executable with an exe extension is manually or automatically…
-
Recent Posts
- Dokany/Google Drive File Stream Kernel Stack-based Buffer Overflow Vulnerability
- Exploiting STOPzilla AntiMalware Arbitrary Write Vulnerability using SeCreateTokenPrivilege
- Exploiting System Shield AntiVirus Arbitrary Write Vulnerability using SeTakeOwnershipPrivilege
- IKARUS anti.virus and its 9 exploitable kernel vulnerabilities
- Exploiting Vir.IT eXplorer Anti-Virus Arbitrary Write Vulnerability
Categories
Tags
Archives
- January 2019 (1)
- September 2018 (1)
- January 2018 (1)
- November 2017 (2)
- September 2016 (1)
- December 2015 (2)
- July 2015 (1)
- January 2015 (1)
- December 2014 (1)
- June 2014 (1)
- January 2014 (1)
- November 2013 (1)
- September 2013 (1)
- February 2013 (1)
- December 2012 (1)
- August 2012 (1)
- June 2012 (1)
- February 2012 (1)
- January 2012 (1)
- December 2011 (1)
- November 2011 (1)
- August 2011 (2)
- July 2011 (1)
- April 2011 (1)
- March 2011 (1)
- October 2010 (3)
- June 2010 (1)
- May 2010 (1)
- March 2010 (2)
- February 2010 (1)
- December 2009 (1)
- September 2009 (1)
- May 2009 (1)
- April 2009 (1)
- September 2008 (1)
- November 2007 (2)
Meta