Clik here to view.
Formgrabbers for Beginners
IntroductionFor a long time malware has targeted web data such as site logins. A malicious application could intercept socket functions within a web browser and scan for HTTP headers in order to...
View ArticleClik here to view.
Infamous Skynet Botnet Author Allegedly Arrested
On the 4th of December the German Federal Criminal Police Office (BKA) issued a press release stating they had arrested two suspects for computer crimes, with the support of GSG 9 (A German special...
View ArticleClik here to view.
Peer-to-Peer Botnets for Beginners
With all the hype about the ZeroAccess take-down, i decided it might be a nice idea to explain how peer to peer botnets work and how the are usually taken down.Traditional BotnetsA basic example of a...
View ArticleClik here to view.
2013 In Malware
As an end of year article, I though it might be a nice idea to review some of the interesting (to me) malware related events of this year. There's no specific order to the list, but I'll try to include...
View ArticleClik here to view.
The Centralization of Fraud
Everyone is aware of the dangers of credit/debit cards, right? You get infected with banking malware or you leave your wallet at the bar, next thing you know there are bills for things you don't...
View ArticleMalware - A One Night Stand
Last night i had this idea that ransomware and other "stab you in the face then steal your wallet" types of malware are likely a result of the antivirus industry becoming better at dealing with...
View ArticleClik here to view.
Webinjects - The Basics
It's not uncommon for malware to use a technique known as formgrabbing; this is done by hooking browser functions responsible for encrypting and sending data to a webpage. By intercepting data before...
View ArticleClik here to view.
The 0x33 Segment Selector (Heavens Gate)
Since I posted the article about malware using the 0x33 segment selector to execute 64-bit code in an 32-bit (WOW64) Process, a few people have asked me how the segment selector actually works deep...
View ArticleClik here to view.
Zorenium - The Bot That Never Was
I was first made aware of Zorenium bot at the start of November last year by a friend on twitter (R136a1). There were no actual sales threads, just a discussion in IRC and a pastebin post detailing...
View ArticleClik here to view.
Zorenium Bot Turns Out to be Real (April Fool)
Nearly 2 weeks ago I published an article about a seemingly fake bot with ridiculous features, however; After spending the past few weeks doing some deep digging, it turns out that the Zorenium malware...
View ArticleCoding Malware for Fun and Not for Profit (Because that would be illegal)
A while ago some of you may remember me saying that I was so bored of there being no decent malware to reverse, that I might as well write some. Well, I decided to give it a go and I've spent some of...
View ArticleClik here to view.
Rovnix new "evolution"
Rovnix is an advanced VBR (Volume Boot Record) rootkit best known for being the bootkit component of Carberp. The kit operates in kernel mode, uses a custom TCP/IP stack to bypass firewalls, and stores...
View ArticleClik here to view.
FBI Cybercrime Crackdown - Blackshades
It would seem the FBI is cracking down on cybercrime (well script-kiddies at least), with a bunch of international raids carried out in the past few days and more said to come. As of today it seems...
View ArticleClik here to view.
A few Reason for Maximum Password Length
A lot of people have recently been wondering the reason behind maximum password lengths, after it was revealed that eBay limited passwords to 20 characters. Many people see this as a security flaw (and...
View ArticleClik here to view.
Hacking Soraya Panel - Free Bot? Free Bots!
Some security agencies have been raving about a revolutionary new bot that combines point-of-sales card grabbing (ram scraping) with form grabbing. The bot is actually not very interesting and pretty...
View ArticleClik here to view.
Usermode System Call hooking - Betabot Style
This is literally the most requested article ever, I've had loads of people messaging me about this (after the Betabot malware made it famous). I had initially decided not to do an article about it,...
View ArticleClik here to view.
Win64/Vabushky - The Great Code Heist
IntroductionThis analysis is of a new winlocker dropper that was first seen in the wild last month, the binary is 64 bit, packed with MPRESS, and contains 3 local privilege escalation exploits...
View ArticleClik here to view.
A Quick Updated
You've probably noticed there's been no articles in quite a while, part of this is due to a lack of interesting malware samples to look at, but It's mainly because I'm working on a new website. I've...
View ArticleClik here to view.
Astute Explorer (GCHQ Challenge 1 - 5)
GCHQ has been having trouble finding experienced hackers and programmers to work for them, so they've put out a lot of, admittedly fun, challenges. The idea is that people who do well in the online...
View ArticleClik here to view.
Astute Explorer (GCHQ Challenge 5 - 10)
Continuation for http://www.malwaretech.com/2014/09/astute-explorer-gchq-challenge-1-5.htmlVulnerabilityOn line 26 the function fails if exactly BLOCK_SIZE is not read, this means if there is data...
View Article
