Blog
Uncategorized
3

Usermode System Call hooking – Betabot Style

This is literally the most requested article ever, I’ve had loads of people messaging me about this (after the Betabot malware made it famous). I had initially decided not to do an article about it, because it was fairly undocumented and writing an article may have led to more people …

Read More
Uncategorized
4

Hacking Soraya Panel – Free Bot? Free Bots!

Some security agencies have been raving about a revolutionary new bot that combines point-of-sales card grabbing (ram scraping) with form grabbing. The bot is actually not very interesting and pretty simple, but the panel is a great deal of fun (thanks to xylitol for getting me interested). By default the …

Read More
Uncategorized
4

A few Reason for Maximum Password Length

A lot of people have recently been wondering the reason behind maximum password lengths, after it was revealed that eBay limited passwords to 20 characters. Many people see this as a security flaw (and in some cases it is), but often there are reasons behind it. I should also mention …

Read More
Uncategorized
8

FBI Cybercrime Crackdown – Blackshades

It would seem the FBI is cracking down on cybercrime (well script-kiddies at least), with a bunch of international raids carried out in the past few days and more said to come. As of today it seems that the raids are only targeting users of “blackshades” a popular remote administration …

Read More
Uncategorized
1

Rovnix new “evolution”

Rovnix is an advanced VBR (Volume Boot Record) rootkit best known for being the bootkit component of Carberp. The kit operates in kernel mode, uses a custom TCP/IP stack to bypass firewalls, and stores components on a virtual filesystem outside of the partition. Yesterday Microsoft posted an update explaining a …

Read More
Uncategorized
6

Coding Malware for Fun and Not for Profit (Because that would be illegal)

A while ago some of you may remember me saying that I was so bored of there being no decent malware to reverse, that I might as well write some. Well, I decided to give it a go and I’ve spent some of my free time developing a Windows XP …

Read More
Uncategorized
4

Zorenium – The Bot That Never Was

I was first made aware of Zorenium bot at the start of November last year by a friend on twitter (R136a1). There were no actual sales threads, just a discussion in IRC and a pastebin post detailing some features (http://pastebin.com/Pp5xmtK7). After being sent a sample, I decided not to write …

Read More
Uncategorized
2

The 0x33 Segment Selector (Heavens Gate)

Since I posted the article about malware using the 0x33 segment selector to execute 64-bit code in an 32-bit (WOW64) Process, a few people have asked me how the segment selector actually works deep down (a lot of people think it’s software based). For those who haven’t read the previous …

Read More
Uncategorized
5

Webinjects – The Basics

It’s not uncommon for malware to use a technique known as formgrabbing; this is done by hooking browser functions responsible for encrypting and sending data to a webpage. By intercepting data before it is encrypted with SSL the malware can read the HTTP header and steal usernames and passwords from …

Read More
Uncategorized

Malware – A One Night Stand

Last night i had this idea that ransomware and other “stab you in the face then steal your wallet” types of malware are likely a result of the antivirus industry becoming better at dealing with malware. It sounds like a crazy claim, but with a little explaining I think most …

Read More