Malware Analysis

First, Happy Thanksgiving to anyone that celebrates this holiday. In reality, I hope that we’re all thankful every day. Yes, I know- I’m working on a blog post on turkey day. It’s alright because I already helped cook a few items for the dinner table later this evening, and I have some free time, so why not? I’ll keep this one short. If you follow Microsoft Patch Tuesday’s like I do, then you probably know that Microsoft provided a patch for Microsoft Security Bulletin MS14-064, which was rated as critical....

Last month, I attended SecTor 2014 in Toronto, a beautiful city in Ontario, Canada. Actually, that was the first time I had ever attended the conference and visited the country. I had a great time, and I met a few people that really made the rest of my time out there worthwhile. It has been a while since I last posted anything and thought I’d share some of the content that was presented during a basic malware analysis training session that I took at SecTor....

A couple of days ago, researchers at Barracuda Networks reported that Hasbro.com was serving malware to its visitors. For additional information, I recommend that you read the Threatpost blog, which covers the story in greater detail. The purpose for this blog post is to provide my analysis of the network traffic file(s) that were provided by Barracuda Networks, which you can obtain here. Obviously, this is nothing new. Exploit kits, specifically this one, are nothing new....

Recently, I started reading Decompiling Android by Godfrey Nolan, primarily out of interest and curiosity. Obviously, I have an interest in malware and all-things threatsy, maliciously and shady (I made those words up, just now). Anyway, I figured I’d give this Android malware sample and whirl, and see what that side of the world looks like. This post will be my first analysis on this subject, so it most certainly may not be complete - but I’ll try my best....

This is probably not amazing news to many of you, since you probably see a lot of automated scanning and exploitation attempts on your network perimeter. Although a bit of old news by now, I thought I’d share anyway. About a week or two prior to ISC Diary posting about this active threat, I had seen activity related to this Trojan on one of the systems that I have. The following is one of the many similar entries in my access....