Threatexpert - blog.threatexpert.com - ThreatExpert Blog
General Information:
Latest News:
Domain Name Generator for Murofet 15 Oct 2010 | 11:22 am
This post describes a technique that allows building a domain name generator for Murofet. The pseudo-random domain generators are not new – these were previously used by Sober, Kraken, or Conficker w...
Matryoshka in Flash 20 Aug 2010 | 02:13 pm
Second part of the article from the Crime Scene Investigation:Internet series has now been published by c't magazine. This time the Action Script's p-code deobfuscation technique is illustrated. You...
Angriff der Killervideos 5 Aug 2010 | 12:32 pm
It took some time, some patience and some extra samples analysed to see how the original blog post on a Flash exploit has eventually evolved into an article for a German computer magazine c't (magazin...
Config Decryptor for ZeuS 2.0 3 May 2010 | 06:13 pm
ZeuS 2.0 kit release introduces a few tricks designed to complicate the analysis of its configuration files. Apart from randomized side-effects that the new trojan leaves on a system, including its a...
WoW Factor or Back Into Matrix 29 Apr 2010 | 12:23 pm
Online gaming password stealers form a large malware category. Moreover, it is growing: there is strong demand in the virtual experience, there is supply, there are online auction sites where such ex...
Trojan.Hydraq - Part II 17 Jan 2010 | 11:05 am
Previous post described the installation process of the trojan and its backdoor commands. Now it's time to inspect its connection details, in particular - where does it retrieve the host name of the ...
Trojan.Hydraq Exposed 14 Jan 2010 | 02:49 pm
The post describes functionality (static analysis) of the trojan that was reported in the recent targeted attacks against some large companies. Trojan.Hydraq trojan is a DLL that runs as a service wi...
We are the champions, my friends 18 Dec 2009 | 12:45 pm
Results of a lengthy real-world malware protection study are published here.
Run, Chrome OS! Run! 26 Nov 2009 | 06:08 pm
It seems that the news on Chrome OS release have left no one neutral; some observers are beating the drums of its imminent failure and premature death, by relying on rather oversimplified concepts of ...
Dissecting Limbo Dropper [old] 22 Nov 2009 | 11:58 am
A routine laptop clean-up revealed a few month old video of unpacking the Limbo trojan dropper. Before it gets deleted, posting it here just in case some folks might find it useful [link to video]. P...
