Jul 16 06

Floser Bacurio and Roland Dela Paz published an interesting article about Locky’s new anti-sandbox technique and how to crack it.

Find out more: Cracking Locky’s New Anti-Sandbox Technique

written by d45id \\ tags: , , ,

Apr 16 26

Avec ce petit script que vous pouvez voir quel type de fichiers serait chiffré en cas d’infection par le LOCKY virus.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
@echo off
setlocal enabledelayedexpansion
echo 
set total=0
cls
for %%i in (a b c d e f g h i j k l m n o p q r s t u v w x y z) do (
  set DRIVE=%%i:\
  if exist !DRIVE! (
    call :lookup !DRIVE!
  )
)
echo Nombre de fichiers potentiellement affectés : %total%
pause
goto :eof
 
:lookup
set drive=%1
set subtotal=0
echo Examiner %drive%
for /r %drive% %%i in (*.mid *.wma *.flv *.mkv *.mov *.avi *.asf *.mpeg *.vob *.mpg *.wmv *.fla *.swf *.wav *.qcow2 *.vdi *.vmdk *.vmx *.gpg *.aes *.ARC *.PAQ *.tar*.bz2 *.tbk *.bak *.tar *.tgz *.rar *.zip *.djv *.djvu *.svg *.bmp *.png *.gif *.raw *.cgm *.jpeg *.jpg *.tif *.tiff *.NEF *.psd *.cmd *.bat *.class *.jar *.java *.asp *.brd *.sch *.dch *.dip *.vbs *.asm *.pas *.cpp *.php *.ldf *.mdf *.ibd *.MYI *.MYD *.frm *.odb *.dbf *.mdb *.sql *.SQLITEDB *.SQLITE3 *.asc *.lay6 *.lay *.ms11 *.sldm *.sldx *.ppsm *.ppsx *.ppam *.docb *.mml *.sxm *.otg *.odg *.uop *.potx *.potm *.pptx *.pptm *.std *.sxd *.pot *.pps *.sti *.sxi *.otp *.odp *.wks *.xltx *.xltm *.xlsx *.xlsm *.xlsb *.slk *.xlw *.xlt *.xlm *.xlc *.dif *.stc *.sxc *.ots *.ods *.hwp *.dotm *.dotx *.docm *.docx *.DOT *.max *.xml *.txt *.CSV *.uot *.RTF *.pdf *.XLS *.PPT *.stw *.sxw *.ott *.odt *.DOC *.pem *.csr *.crt *.key wallet*.dat) do (
  echo %%i
  set /a subtotal=subtotal + 1
  set /a total=total + 1
)
echo fichiers trouvés: %subtotal%
pause
goto :eof

written by d45id \\ tags: , , , , ,

Aug 15 04

DYLD_PRINT_TO_FILEOh no, only a couple of days after OS X  a privilege escalation vulnerability in OS X 10.10 was discovered a researcher at Malwarebytes spot a new adware installer that uses DYLD_PRINT_TO_FILE exploit.

What you can do?

  • wait until Apple released a security update while you get p0wned
  • install SUIDGuard – A kernel extension adding mitigations to protect SUID/SGID binaries

written by d45id \\ tags: , , , , ,

Mai 14 21

7548102540_8e8788b3cf_tSecurity researchers report on a Android smartphone Trojan named iBank. iBanking seems to be very cool malware with a lot of features. It can intercept SMS, divert calls, hidden activate the microphone of the phone, read the site and access its file system. The Trojans are organized into botnets that communicate via HTTP and text messages.

Find out more about iBanking @Symtantec blog

P.S. A BlackBerry version is comming soon ;-)

written by d45id \\ tags: , , , , ,

Jan 14 03

Stealing Money from ATMs with Malware

This talk will discuss a case in which criminals compromised and robbed an ATM by infecting it with specially crafted malware. The successful compromise of an ATM can easily result in the loss of several hundred thousand dollars.

Continue reading »

written by d45id \\ tags: , , , ,