Tuesday, June 3rd, 2008
Most malware tends to store stolen credentials and information in make-shift text files, which are then forwarded to the author via email or another protocol. However, the use of scalable and robust solutions is becoming more popular in the malware community. In fact, it is becoming increasingly popular for malware ...
Posted in Coding, Internet, Privacy, Security | No Comments
Monday, June 2nd, 2008
Yesterday's post discussed a mystery PDF file that was boopytrapped to drop a backdoor.
Today we'll look at how these documents are created.
Here's an example of a tool called Y08-04 aka GenMDB.
When run, it displays this user interface:
The apparent purpose of this tool is to create trojanized PDF files. You select ...
Posted in Coding, Internet, Security, Software | No Comments
Sunday, June 1st, 2008
XSS (Cross-Site Scripting) Very Much Alive and Kicking
We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...
Posted in Coding, Internet, Security | No Comments
Sunday, June 1st, 2008
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of ...
Posted in Coding, Internet, Linux, Privacy, Security, Software | No Comments
Friday, May 30th, 2008
We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features.
Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal ...
Posted in Coding, Internet, Privacy, Security | 1 Comment
