Monthly Archives: February 2011
Relevant Knowledge: what is it, how it get installed and how to remove it
Already few days have passed since the Relevant Knowledge globe sits there in the taskbar in Notification area. I was very busy the last few days and I don’t give too much attention to it but today looking at it, I start to ask myself how this globe got there? I don’t remember to got installed anything with that name, Relevant Knowledge for sure a parasitic program and I decided to track back, what program carried it on? Because in my opinion, to install something in a computer without its owner knowledge or agreement is highly immoral and unethical, even more is very dangerous. It’s a logical flow of thoughts, …
Oddjob, a banking trojan more
A new player enters the malware scene targeting financial institutions with a name from the James Bond movie Goldfinger. It’s Oddjob trojan and I must admit the researchers from trusteer.com prove a lot of imagination giving the name of a deadly character to this newly discovered trojan. The trojan code seems to be not finalized yet, rather in a beta stage or a testing phase and the analysis reveals that its creators from Poland(Eastern Europe) are striving to improve the code functionalities. At this moment banks from USA, Denmark, UK, Poland to name only a few, are the favourite targets of the trojan which acts in the adress space of …
Is Google.com hacked ? Google Images redirecting to malware(fake antivirus)
Yesterday I received an email from one of my visitors bringing to my attention an incredible fact. He said that his computer was infected by malware just visiting Google images, looking for an image of the romanian president Basescu. I was a bit skeptical but he insisted these were the facts, so I reproduced his actions. Navigating to google.com –>Images, I typed in the Search box basescu, this is a partial screenshot with google images results : I clicked on the first thumbnail and all the browser(Opera) requests were logged with Burp Proxy Suite, an intercepting proxy server for HTTP traffic, acting like a man-in-the-middle between the browser and the …
Spy Eye and Carberp — the new banker trojans offensive
The common way for a “wanna-be” hacker to fulfill his sick aspirations is to achieve a known trojan — there is a plenty on the Internet, sometimes they are called RATs(Remote Administration Tools) and use a crypter for the trojan executable file in an attempt to deceive the antiviruses scanning engines based on files signatures. In the same idea, of using the simpliest approach that does not require too much programming work, the vast majority of crypters are coded in Visual Basic 6, the most accesible programming language ever. Still very dangerous by the features they have as : injects code into legitimate processes, bypass firewalls by using reverse connections, …