• Posts Tagged ‘research’

    CommentCrew Developer Disconnect

    by  • June 14, 2013 • Uncategorized

    Last week, my colleague on the advanced threat research team, Rob Falcone, pointed me over at a sample that hit on our CommentCrew DES signature. Normally I would shrug this off as something old, but the compilation time on the binary showed June 4, 2013 and the command-and-control (C&C) server appeared to be active....

    Read more →

    Same CVE-2012-0158, Different Builder

    by  • March 11, 2013 • Uncategorized

    Over the past few weeks, I have been fortunate to watch the birth of a new CVE-2012-0158 builder that demonstrates original technique with excellent results (not for long). What is a builder you ask? Well, some attackers/researchers/whatever like ...

    Read more →

    Flying Through TOR with Jetplane

    by  • September 30, 2012 • Uncategorized

    When researching targeted malware and its infrastructure, I often find myself writing trackers to poll or look for changes, so I get updated with little delay. For one particular instance I needed to hit a couple systems a few times a day and want...

    Read more →

    Quick Update on ~I32SUN.EXE

    by  • May 26, 2012 • Uncategorized

    After my initial excitement died down, I sat down and took a look at the ~I32SUN.exe file and was saddened to find it looked just like CMD.exe. Hoping for something modified or different, I threw both files into BinDiff, but was saddened to see a ...

    Read more →

    Doomsday JavaScript Encoder

    by  • January 31, 2012 • Uncategorized

    In my last post I detailed a whole bunch of ways to make encoders better and that I had authored my own to see how difficult it was. Last night I released the encoder with some extra little bells and whistles to make it a bit more interesting. Bef...

    Read more →