News from the Lab

ClubHack 2007: Analysis of Adversarial Code – The Role of Malware Kits

Just came back from Pune after Presenting at ClubHack 2007. It was such a great initiative to promote security awareness in India. I talked about the recent trend in the emergence of kits like MPack and how attackers are exploiting them to install various Malware. You can find my slides below:

ClubHack 2007

December 10, 2007 Posted by rahulmohandas | Exploits, Malware Research, Technical Papers, Vulnerability Research | | 1 Comment

AntiSpyStorm: Fake Microsoft AntiSpyware Center pushing Adware !

Another blog which highlights the new-age social engineering techniques to spoof a user into installing adwares and spywares.

More here:

http://www.avertlabs.com/research/blog/index.php/2007/10/11/

October 14, 2007 Posted by rahulmohandas | Malware Research, My Blogs | | No Comments Yet

SharK2: Trojan Creation Made Easy!

This blog talks about Shark2 DIY kit and how the remote access trojans has evolved from infamous Back Orifice to the recent RATS with stealth and virtual machine detection features along with the advancement in user-friendly GUI’s.

More here:

http://www.avertlabs.com/research/blog/index.php/2007/08/21/shark2-trojan-creation-made-easy/

October 13, 2007 Posted by rahulmohandas | Malware Research, My Blogs | | No Comments Yet

The Nduja Job: Into The World Of XSS Worms

In this blog i talk about the history of  XSS worms, how they evolved to spread through multiple webmail providers and the client-server model involved in a XSS botnet.

More here:

http://www.avertlabs.com/research/blog/index.php/2007/07/19/the-nduja-job-into-the-world-of-xss-worms/

October 13, 2007 Posted by rahulmohandas | Malware Research, My Blogs | | No Comments Yet

Hacking the Malware– A reverse-engineer’s analysis

ABSTRACT

This paper attempts to document an approach on how the hackers make use of the vulnerabilities to install malicious software on the vulnerable machine. A comprehensive reverse code engineered analysis of the malicious software (Win32.Qucan.a) and the various protection schemes against the worm by various security products are also discussed.

I hope this document will help the Malware researchers, Intrusion Analysts and other Security professionals to conduct a more viable and comprehensive research.

The complete paper can be downloaded from
http://geocities.com/rahulmohandas/hacking_the_malware.pdf

MD5: F875DADCAD00792D753CC96BD57E0F72

or

http://websamba.com/forever_rahul/hacking_the_malware.zip
MD5(zip file): 5562F1A86DDC447A14D7763FF4C8D85D

October 16, 2006 Posted by rahulmohandas | Exploits, Malware Research, Technical Papers, Vulnerability Research | | 1 Comment