tag:blogger.com,1999:blog-446873836886549311Wed, 16 May 2012 17:35:08 +0000crimeware researchwebsiberia exploit packe-fraud researchmalwareESETDrive-by-DownloadcybintIE Defenderaffiliate program researchsafetyvulnerabilitiesexploit pack researchespionagezeusscarewarespamanti-virus live 2010malware intelligenceiMunizatorFast-FluxxssluckysploitdosiJAVAelfiestavulnerabilities researcherfraguswhitepapersrusskillUnique Sploit PackattacksecurityMacOSSocial Engineeringxp police antiviruscrimewareJava Drive-by-DownloadPolymorphic PoisonIvy Builder Online. PoisonIvywaledacddosdesinformationbotnetPolymorphic Cryptor Crumdenial of servicekoobfacephishingroguejorge mieresiformationpistus malware intelligencebotnet researchmalware researchDrive-by-UpdateexploitpasswordfraguMaaSThe information shared on this site is part of several research sessions and, in most textbooks, provides information that can harm your system if handled improperly. The decision to share it's purely investigative and educational, considering also useful for the prevention of attacks by different threats.http://malwareint.blogspot.com/noreply@blogger.com (Jorge Mieres)Blogger168125tag:blogger.com,1999:blog-446873836886549311.post-3097166772282348352Sun, 29 Jan 2012 16:02:00 +00002012-01-29T09:02:54.656-07:00The term "hierarchy" refers to an entity pyramidal action. Judging by the name of this new Exploit Pack of Russian origin, it seems that the author seeks to find its place within the criminal ecosystem, but all point to the feelings behind this is, above all, a beginner who seeks criminal more. However, despite being a package of more criminal exploitation within a vast range of alternatives, http://malwareint.blogspot.com/2012/01/hierarchy-exploit-pack-new-crimeware.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-7936268098097864851Tue, 24 Jan 2012 08:49:00 +00002012-01-27T20:40:47.516-07:00affiliate program researchSince October 2011 we watch this affiliate system. Money Racing AV, a private PPS (Pay-Per-Sale) affiliate who spread actively fake antispywares (rogue). We have already seen this gang active in August 2009: A recent tour of scareware XII.Advertising can be found on various russian underground communities: First contact with FTL (6 October 2011): [14:29:33] Load4sales: hello [14:30:02] mr: http://malwareint.blogspot.com/2012/01/money-racing-av-tracking-scareware.htmlnoreply@blogger.com (Steven K)1tag:blogger.com,1999:blog-446873836886549311.post-266695159668253062Wed, 12 Oct 2011 05:48:00 +00002011-10-11T22:48:56.237-07:00exploit pack researchcrimeware researchPhoenix Exploit's Kit is a package with more continuity in crime scene crimeware. After all this tour is currently in the wild version 2.8 that, despite having a low activity since the last half of this year, remains one of the many Exploit Pack with greater preference for cyber-criminals. Perhaps this "slack time" to have your response in high demand now has another crimeware of this style, http://malwareint.blogspot.com/2011/10/inside-phoenix-exploits-kit-28-mini.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-5628814096165428551Tue, 27 Sep 2011 00:34:00 +00002011-09-26T17:34:44.960-07:00The last week was held in Barcelona the NoConName security conference, and I had the pleasure of attending to give a security conference about Android. It talked about how to perform a dynamic analysis, static and forensic skip protection and release application along with our friend of MalwareIntelligence too, Ehooo, a small PoC reveals a vulnerability of Tap-Jacking. For those who could not http://malwareint.blogspot.com/2011/09/show-me-your-kung-fu-reversingforensic.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-3202169022633593234Thu, 18 Aug 2011 21:37:00 +00002011-08-18T14:38:57.708-07:00exploit pack researchSince its appearance in September 2010, Black Hole Exploits Kit had a very positive insight into the criminal environment. Their life cycle is not over yet so it has developed a natural evolution, and so far there are three generations that exist "in the wild". Black Hole Exploits Kit was developed by who is known under the nickname Paunch. The main screen allows viewing of each component of http://malwareint.blogspot.com/2011/08/black-hole-exploits-kit-110-inside.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-7111813513965908398Fri, 01 Jul 2011 00:45:00 +00002011-06-30T17:45:41.571-07:00iJAVADrive-by-DownloadJava Drive-by-DownloadJAVA is one of the largest computer technology integration in the field of cybercrime because of its status as a "hybrid". This transforms Java platform in a highly exploited vector for the spread of all types of malicious code. Even the modern crimeware includes a battery of exploits created to exploit vulnerable versions of JAVA through Exploit Packs, and in fact, together with the PDF files, http://malwareint.blogspot.com/2011/06/java-drive-by-infection-on-demand.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-3338515853020356956Wed, 15 Jun 2011 22:29:00 +00002011-06-15T15:32:41.025-07:00whitepapersThe development of new technologies, in catching up with military interests and dependence on existing technology by developed countries, sets up a scenario where the cyber war, or war in cyberspace, is becoming more important. All countries aware of the risks of such dependence developed defense programs against attacks that could jeopardize critical national infrastructure. On the other hand,http://malwareint.blogspot.com/2011/06/art-of-cyberwar.htmlnoreply@blogger.com (Jorge Mieres)2tag:blogger.com,1999:blog-446873836886549311.post-4627231180423581113Sun, 03 Apr 2011 21:45:00 +00002011-04-03T14:45:08.180-07:00exploit pack researchA few days ago I watched one of the training of BlackHat Webcast whose title is the same as used for this post, where people of M86Security was assigned to conduct a superficial talking about the main vectors of infection today. Putting focus primarily on Exploit Packs, and emphasizing time on the modus operandi of Phoenix Kit Exploit, Neosploit and Open Source Exploit Kit (a lot of impact http://malwareint.blogspot.com/2011/04/gangsterware-stealth-shield-of-malware.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-5592985780286652488Tue, 22 Feb 2011 14:51:00 +00002011-02-22T07:51:26.717-07:00jorge mieresAs many readers know, this means of information read at this time, was founded by Jorge Mieres in 2006. What you may not know is that several months ago, Jorge has decided to move away from the front of MalwareIntelligence, leaving us with complete confidence (one of the many qualities and characteristics of Jorge) the command of his legacy. For this reason, and through these few words, we want http://malwareint.blogspot.com/2011/02/see-you-soon-jorge-mieres.htmlnoreply@blogger.com (Jorge Mieres)4tag:blogger.com,1999:blog-446873836886549311.post-7093043921136724253Sat, 19 Feb 2011 04:58:00 +00002011-02-18T21:58:35.166-07:00botnet researchIn early 2010, from MalwareIntelligence started researching a new botnet designed to agglutination of sensitive information relating to bank accounts, and theft of credentials to exploit a disturbing list of programs. NOTE: At the bottom of this article may find the link to download the complete white paper, called "Inside Carberp Botnet", which describes the various internal components that http://malwareint.blogspot.com/2011/02/inside-carberp-botnet.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-4316866949007249493Thu, 17 Feb 2011 01:57:00 +00002011-02-16T18:57:42.210-07:00whitepapersBotnets Administration. A real case - ZeuS & SpyEye Malware networks continue to grow and parallel to, the potential risk of becoming victims of their criminal activities. Gone are those days where the main vector for malicious code distribution was made up of pages that promote pornographic and warez type programs. Today, malware is distributed through any kind of website as a key used tohttp://malwareint.blogspot.com/2011/02/malwareintelligence-whitepapers.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-2670256246721800834Sun, 07 Nov 2010 22:53:00 +00002010-11-07T15:57:33.176-07:00crimeware researchCurrently, the crimeware is widely exploited by individuals or criminal groups that seek to improve its economy so completely fraudulent using evasive and aggressive strategies.To MalwareIntelligence, the fight against cyber-crime has become his philosophy and primary objective, which make everyday a perfect excuse to address different research then channeled through one of their blogs.That is http://malwareint.blogspot.com/2010/11/crimeware-exposed.htmlnoreply@blogger.com (Jorge Mieres)1tag:blogger.com,1999:blog-446873836886549311.post-381661131650650542Wed, 06 Oct 2010 16:42:00 +00002010-10-06T09:42:45.967-07:00exploit pack researchcrimeware researchWithout functional alternatives to renew in the package, a new version of crimeware Eleonore Exploit Pack. This is the version 1.4.4mod. Acces panel of Eleonore Exploit Pack 1.4.4mod While this version of crimeware is positioned as part of a set of alternatives whose number is constantly increasing due to the large range that currently exists in the area of crime, isn't very viable option for http://malwareint.blogspot.com/2010/10/eleonore-exploit-pack-new-version.htmlnoreply@blogger.com (Jorge Mieres)2tag:blogger.com,1999:blog-446873836886549311.post-1552451558103765321Fri, 01 Oct 2010 12:07:00 +00002011-04-13T10:43:58.996-07:00crimeware researchPEK (Phoenix Exploit's Kit) has become one of the most used by those who flood the Internet every day with different types of malicious code. Currently, a large amount of malware is distributed through this crimeware, which is also widely used for collecting information relevant to a botmaster. Earlier we mentioned how it looks inside version 2.1 and at the same time we said that from the http://malwareint.blogspot.com/2010/10/phoenix-exploits-kit-v23-inside.htmlnoreply@blogger.com (Jorge Mieres)3tag:blogger.com,1999:blog-446873836886549311.post-7058038431872049746Thu, 30 Sep 2010 18:14:00 +00002010-09-30T11:14:48.419-07:00Crimeware industry continues to grow through the development and implementation of new marketing packages pre-compiled exploits add to the supply of alternatives to facilitate criminal maneuvers over the Internet. In this case, it's Black Hole Exploits Kits, a web application developed in Russia but also incorporates for the English language interface, and the first version (beta at the moment) http://malwareint.blogspot.com/2010/09/black-hole-exploits-kit-another.htmlnoreply@blogger.com (Jorge Mieres)23tag:blogger.com,1999:blog-446873836886549311.post-3628683665740031373Fri, 10 Sep 2010 04:15:00 +00002010-09-09T21:15:27.586-07:00crimeware researchThe business model that represent the affiliate programs through systems of the type Pay-per-Install is in full swing, being a fundamental part of criminal groups seeking to increase their economy. In this case, we have a new affiliate program called Black Software, which promotes the discharge of malware.  Black Software Access Panel This is a simple authentication process and conventional and http://malwareint.blogspot.com/2010/09/black-software-new-affiliate-business.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-1626063079646587741Wed, 08 Sep 2010 19:26:00 +00002010-09-08T12:26:00.631-07:00exploit pack researchcrimeware researchThe crimeware is one of the most used by cyber criminals to gather intelligence enabling the identification of trends and customs around by people who use the Internet daily. This seeks to obtain relevant information on time and complete details of the victims who, further, they allow criminals to know about which factors to emphasize their "improvements" in the web application, and botmaster http://malwareint.blogspot.com/2010/09/phoenix-exploits-kit-v21-inside.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-3623503879675507200Wed, 08 Sep 2010 03:58:00 +00002010-09-07T20:59:14.371-07:00botnet researchcrimeware researchmyLoader is a web application that allows offenders to collect statistical information related to different factors and features on each of the infected computers. The crimeware is sold in the underground market at an average cost of $ 700. The botnet Oficla started their criminal activities at the beginning of 2010 and just the executable binary detected by antivirus engines as Oficla or Sasfishttp://malwareint.blogspot.com/2010/09/myloader-c-oficla-botnet-in-bkcnet-sia.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-1799263831423581558Wed, 08 Sep 2010 03:14:00 +00002010-09-07T20:14:57.754-07:00whitepapersBKCNET "SIA" IZZI, also known as or simply ATECH-SAGADE is an AS (Autonomous System) numbers in 6851, currently is one of the most active of crimeware through which are distributed daily a large amount of malicious code , besides being the control base for the accommodation of several C&C which feed the underground economy. Your geolocation is in Latvia and, as I mentioned on another occasion, "http://malwareint.blogspot.com/2010/09/criminal-activities-from-bkcnet-sia.htmlnoreply@blogger.com (Jorge Mieres)1tag:blogger.com,1999:blog-446873836886549311.post-2065816619688044563Sat, 04 Sep 2010 01:02:00 +00002010-09-03T18:02:27.256-07:00malware researchMalware hides behind a business. Without a doubt, I believe that no one denies this claim. Day by day is an important flow of malicious code that, while general purpose have a story in its activities, seeking final feedback on the business behind through fraudulent mechanisms and strategies. One of the most popular business models is to pay a percentage of money given to those who successfully http://malwareint.blogspot.com/2010/09/circuit-membership-for-dissemination-of.htmlnoreply@blogger.com (Jorge Mieres)5tag:blogger.com,1999:blog-446873836886549311.post-1357949467807786956Tue, 31 Aug 2010 02:49:00 +00002010-08-30T19:49:22.891-07:00malware researchGenerally cheating strategies designed for the dissemination of false antivirus (AV Rogue) consist of online simulation of a scan for malware, showing an interface that mimics Windows Explorer and which always face the same threats, including when using operating systems other than Windows. Conventional strategy of deception This is one of the many templates. It shows a supposed scan to verify http://malwareint.blogspot.com/2010/08/fakeav-via-new-strategy-of-deception.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-2705337106315723198Wed, 18 Aug 2010 17:01:00 +00002010-08-18T10:01:09.308-07:00whitepapersCriminal alternatives grow very fast in an ecosystem where day to day business opportunities are conceived through fraudulent processes. In this sense, the demand for resources for the cyber criminal isn't expected and is constantly growing. Generally I find new crimeware looking to get a place and a good acceptance in the virtual streets of the world underground, trying to reflect a balance on http://malwareint.blogspot.com/2010/08/state-of-art-in-phoenix-exploits-kit.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-6123029315505907497Mon, 16 Aug 2010 03:37:00 +00002010-08-15T20:37:02.908-07:00affiliate program researchAffiliate programs are a growing business model more profitable for criminals and create a complete circuit of spreading / malware infection among many other alternatives, encouraging its customers with a percentage of money they get in terms of success their own business. One of the systems with greater uptake in this business model is provided by the facility payment, Pay-per-Install, where http://malwareint.blogspot.com/2010/08/pirated-edition-affiliate-program-pay.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-7620373591619744026Thu, 12 Aug 2010 00:30:00 +00002010-08-11T17:33:21.230-07:00crimeware researchOne of the most profitable businesses in the area computer crime, what are the affiliate programs. These are systems which adhere offenders an economic return for a commission, as in this case, for each successful installation of malware that takes place through the system distributed.  VIVA INSTALLS, belonging to the same criminal group that is facing HAPPY INSTALLS, is one of them. This systemhttp://malwareint.blogspot.com/2010/08/pay-per-install-through-viva-installs.htmlnoreply@blogger.com (Jorge Mieres)0tag:blogger.com,1999:blog-446873836886549311.post-4117310517968865930Mon, 09 Aug 2010 15:00:00 +00002010-08-09T08:00:35.031-07:00exploit pack researchPhoenix Exploit's Pack (PEK) is another crimeware programs more widely accepted within the online criminal ecosystem, whose use in the past week massifies spreading a large amount of malware.Executable binaries that are part of the campaign so far is active, spread under the default name of the executable that incorporates the package, called exe.exe. Some of the executables that are part of thishttp://malwareint.blogspot.com/2010/08/campaign-infection-through-phoenix.htmlnoreply@blogger.com (Jorge Mieres)0