Oddjob, a banking trojan more

A new player enters the malware scene targeting financial institutions with a name from the James Bond movie Goldfinger. It’s Oddjob trojan and I must admit the researchers from trusteer.com prove a lot of imagination giving the name of a deadly character to this newly discovered trojan. The trojan code seems to be not finalized yet, rather in a beta stage or a testing phase and the analysis reveals that its creators from Poland(Eastern Europe) are striving to improve the code functionalities. At this moment banks from USA, Denmark, UK, Poland to name only a few, are the favourite targets of the trojan which acts in the adress space of …

Continue reading

Posted in Thoughts.

Is Google.com hacked ? Google Images redirecting to malware(fake antivirus)

Yesterday I received an email from one of my visitors bringing to my attention an incredible fact. He said that his computer was infected by malware just visiting Google images, looking for an image of the romanian president Basescu. I was a bit skeptical but he insisted these were the facts, so I reproduced his actions. Navigating to  google.com –>Images, I typed in the Search box basescu, this is a partial screenshot with google images results : I clicked on the first thumbnail and all the browser(Opera) requests were logged with Burp Proxy Suite, an intercepting proxy server for HTTP traffic, acting like a man-in-the-middle between the browser and the …

Continue reading

Posted in Thoughts.

Spy Eye and Carberp — the new banker trojans offensive

The common way for a “wanna-be” hacker to fulfill his sick aspirations is to achieve a known trojan — there is a plenty on the Internet, sometimes they are called RATs(Remote Administration Tools) and use a crypter for the trojan executable file in an attempt to deceive the antiviruses scanning engines based on files signatures. In the same idea, of using the simpliest approach that does not require too much programming work, the vast majority of crypters are coded in Visual Basic 6, the most accesible programming language ever. Still very dangerous by the features they have as : injects code into legitimate processes, bypass firewalls by using reverse connections, …

Continue reading

Posted in Thoughts.

Trojan Bohu, the first attack against the cloud antivirus system

When it appears for the first time in 2009, the concept of an antivirus software using the cloud computing, seemed to be like a magical powerful solution for all the computers users concerned by their computer security. In a cloud based antivirus, a good part of files processing job is transferred to the server, resulting a light computer resources usage and theoretically a better protection when an user are facing with a new zero-day threat, the scanning services running on the server find the best solution to protect the user against it, and automatically that new threat “signature” is available to all the users from the cloud, including the disinfection …

Continue reading

Posted in Thoughts.

AdSocks RAT — about the new Java trojan computer viruses

The programs that run on our computers are, from the point of view of their code content, of two main types : compiled and interpreted. The compiled programs are those who suffer a transformation from source code written by the programmer to machine code which consists of instructions that can be directly executed by the computer CPU, that’s why sometimes is called native code. This transformation is done via a compiler. Programs coded in C, C++, Delphi, Pascal for example, are compiled programs and due to their native code produced by the compilers, have the fastest execution speed. Interpreted programs also called scripts, requires the presence of an interpreter installed …

Continue reading

Posted in Thoughts.

Patriot NG, a new security tool?

Today I’ve tested a less known security tool, Patriot NG 1.1 from www.security-projects.com. Maybe the program is less known because it’s in spanish, not translated yet in english, though all the options and settings are very easy to understand for a native english speaker. The program resides in the system tray, from where you can get access to its main options via context menu-right click. The Control Panel named in spanish “Panel De Control” is very simple and intuitive : As you already guess, the program is watching for alteration all the sensitive area of your Windows system, alerting the user when a program try to make a new connection …

Continue reading

Posted in Tools & Reviews.

The shortcut virus

Did you ever wonder how powerful is a shortcut ? Or if the computer viruses can be spreaded via shortcuts ? No, this article is not about viruses who are playing with shortcuts on your desktop, making them to run away when you want to click one of them and driving you crazy, this article is about simple shortcuts. For example somebody send you via email as attachment or you download from somewhere a folder with two files in it, a text file and a shortcut to the text file, what are you thinking ? I mean, something like this : The first impulse is to double click the file …

Continue reading

Posted in Thoughts.