Uncategorized
4

Zorenium – The Bot That Never Was

I was first made aware of Zorenium bot at the start of November last year by a friend on twitter (R136a1). There were no actual sales threads, just a discussion in IRC and a pastebin post detailing some features (http://pastebin.com/Pp5xmtK7). After being sent a sample, I decided not to write …

Uncategorized

Malware – A One Night Stand

Last night i had this idea that ransomware and other “stab you in the face then steal your wallet” types of malware are likely a result of the antivirus industry becoming better at dealing with malware. It sounds like a crazy claim, but with a little explaining I think most …

Uncategorized

The Centralization of Fraud

Everyone is aware of the dangers of credit/debit cards, right? You get infected with banking malware or you leave your wallet at the bar, next thing you know there are bills for things you don’t remember purchasing showing up on your bank statement. Well there was once a time when …

Uncategorized

Infamous Skynet Botnet Author Allegedly Arrested

On the 4th of December the German Federal Criminal Police Office (BKA) issued a press release stating they had arrested two suspects for computer crimes, with the support of GSG 9 (A German special operations unit). The release detailed that the two suspect has reportedly modified, distributed and used existing …

Uncategorized

MtGox Nearly Breaks Bitcoin…Again

Previous Incident  In April 2013 large trading volume caused the MtGox trading engine to begin lagging. As soon as the trading engine lag started to build, traders panic sold due to the increasing risk of loss from trading blind. Of course the panic selling just added to the trading volume, …

Uncategorized

End of The Line for Solar Bot (Win32/Napolar)?

Solar Bot Solar Bot is a new type of usermode rootkit that created much hype by being “the first of it’s kind”. The rootkit is able to inject and hook both 32-bit and 64-bit processes, making it effective on 64-bit systems, which is uncommon for usermode rootkits. Solar bot makes …

Uncategorized
1

KINS Source Code Leaked

Much Ado About Nothing Today the KINS source code was posted publicly after being sold to just about everyone and their dog. As expected it’s just a Zeus modification containing code taken from various places (there is also evidence of the bootkit). As you can see in this image, there …

Uncategorized
10

Carberp source code now leaked

The Bootpocalypse While security blogs are still flooding the internet with the old news of the carberp source going on sale for $50k, I’d like to take some time to give you some slightly more recent news and a recap.  Towards the end of last month it became apparent to …

Uncategorized

Carberp source code, days away from full leak

Brief history Carberp was a banking bot that first came up on researchers’ radars in the last part of 2010. By the end of 2011 the bot had been spotted in the wild, testing with bootkit functionality. Come the end of 2012 the full kit, including the bootkit, were put …

Uncategorized
2

Rise of the dual architecture usermode rootkit

A bit about past rootkits In the past it has been very common to see usermode rootkits that only attack one architecture, which has usually been 32-bit. A standard rootkit injects code into specific/all running processes in order to modify code inside them, this then allows it to hide itself …