nobunkum.ru
Bootkits – a new stage of development
http://www.nobunkum.ru/analytics/en-mbr-infectors
On guns, germs, and steel of the digital age. Exploit.SWF.Agent.br. Bootkits a new stage of development. Senior Researcher, Esage Lab. Technical tools for bootkit analysis. Analysis of new bootkits. Backdoor.Win32.Trup.a (Alipop). Mebratix.b (Ghost Shadow). Are malicious programs that take control of the computer by infecting the hard disk’s main boot record (MBR) before the operating system loads. The article is also available in Russian. Technical tools for bootkit analysis. A bootkit’s code is impossi...
nobunkum.ru
COM Hijacking, or DLL Hijacking come back
http://www.nobunkum.ru/analytics/en-com-hijacking
On guns, germs, and steel of the digital age. Exploit.SWF.Agent.br. COM Hijacking, or DLL Hijacking come back. The essence of the COM-Server Based Binary Planting attack. Conditions of a successful attack. Analysis of the program verclsid.exe and ways to circumvent it. In order to answer that question, let's examine the OLE COM mechanism used in Windows. The article is also available in Russian. 1 Binary Planting - The Official Web Site. Or Component Object Model. Is an instance of a coclass in memory.
nobunkum.ru
Browser attack. Analysis of the malicious Flash objects and PDF documents
http://www.nobunkum.ru/analytics/en-flash
On guns, germs, and steel of the digital age. Exploit.SWF.Agent.br. Browser attack. Analysis of the malicious Flash objects and PDF documents. Analysis of malicious files. Example 1. PDF JavaScript. Example 2. SWF. Example 3. PDF SWF. Currently most of user infections with malicious code happen using the Web technologies. During the last year the number of such attacks increased more than threefold [1]. The article is also available in Russian. We discuss the vulnerabilities in Adobe software just yet, b...
nobunkum.ru
NO BUNKUM
http://www.nobunkum.ru/ru
On guns, germs, and steel of the digital age. Exploit.SWF.Agent.br. COM Hijacking, или DLL Hijacking come back. Кирилл Солдатов, 11.04.2012. Атаки на банковские системы. Алиса Шевченко, 01.08.2010. Андрей Рассохин, Дмитрий Олексюк, 01.08.2010. Буткиты: новый виток развития. Дмитрий Олексюк, 01.08.2010. Анализ и лечение классических вирусов. Андрей Рассохин, 01.08.2010. Некоторые приёмы статического анализа кода из арсенала вирусного аналитика. Дмитрий Андриянков, 01.08.2010.
nobunkum.ru
Demo
http://www.nobunkum.ru/demo
On guns, germs, and steel of the digital age. Exploit.SWF.Agent.br.
nobunkum.ru
Case study: the Ibank trojan
http://www.nobunkum.ru/analytics/en-banker-attacks
On guns, germs, and steel of the digital age. Exploit.SWF.Agent.br. Case study: the Ibank trojan. Typical e-banking fraud schemes. Attack from inside the victim. Installation and general functionality. The article is also available in Russian. Today’s robbery is made in virtual, essentially with the help of malicious programs. Afterwards, victims usually succeed at spotting the trojan which enabled the attack, but the exact technology behind the attack remains obscure. Before proceeding to the Ibank anal...
nobunkum.ru
About
http://www.nobunkum.ru/about
On guns, germs, and steel of the digital age. Exploit.SWF.Agent.br. Guns, germs, and steel (as in original 1997 book title by Jared Diamond) is the symbol for offensive and resource-leveraging technologies which, during the course of human history, have enabled now-thriving societies to outlive their predecessors. The digital age has its own - digital - guns, germs and steel. Like what? Contact us at info@nobunkum.ru.
nobunkum.ru
Lookout
http://www.nobunkum.ru/lookout
On guns, germs, and steel of the digital age. Exploit.SWF.Agent.br.
nobunkum.ru
Everybody lies: reaching after the truth while searching for rootkits
http://www.nobunkum.ru/analytics/en-everybody-lies
On guns, germs, and steel of the digital age. Exploit.SWF.Agent.br. Everybody lies: reaching after the truth while searching for rootkits. Common ways to reach the truth. The article is also available in Russian. To put it short, choosing the right source of information is the cornerstone of the Rootkits Detection Quest. And it is also an ever-developing process, because what ever used to be a right source of information turns into a liar after some time and some steps of rootkits evolution. Global unhoo...
nobunkum.ru
Case study: TDSS Rootkit
http://www.nobunkum.ru/analytics/en-tdss-analysis
On guns, germs, and steel of the digital age. Exploit.SWF.Agent.br. Case study: TDSS Rootkit. Family divergence and recent updates. Trojan installation and protection bypassing. The article is also available in Russian. This is a case study for the TDSS malware, also known as Tidserv, TDSServ and Alureon. Some of the mal-named detections for components include Trojan.Win32.DNSChanger and Trojan.FakeAlert. Here are some reasons why I decided to conduct a deep study of this malware. Thus, TDSS is kind of a...