Monday, June 28

TDL3 - Decomposed by F-Secure

F-Secure's team of researchers do a great job of dissecting yet another piece of malware. This time its TDL3, an example of increasingly complex and carefully architected software. F-Secure's analysis of this bot, shows some interesting trends:
- The code uses low level disk access to prevent its detection by file-scanning tools, and to provide itself with full disk access
- The implementation of an encrypted file-system within a protected area of the infected machine's disk
- The hooking of browser processes and forwarding of search terms to the bot's C&C servers

Interesting read.

Monday, June 21

New NSS Labs End-point Security Report


In a new report released by NSS Labs 10 Anti-malware vendors are described taking anywhere between 4 and 90 hours to protect their customers from these threats.  The report also mentions up to 50,000 new threats each day that entice users to click malicious links within compromised web-pages.

The vendors covered by the report include AVG, Norman, ESET,  Panda, F-Secure, Sophos, Kaspersky, Symantec, McAfee and Trend Micro.  A sample of the report is available here, but the full version with all the juicy details is $495.00 USD.

Monday, June 7

OSX Exploitation Step-by-Step

For the non-programmers/hackers it might be a little difficult to understand, but D1DN0T has written an excellent walk-through for a penetration test of a service which is running on OSX.  This write-up is good because it shows some of the common problems that occur during debugging and some of the methods of investigating ways around them.  This seems like a trivial exploit to create although I'm sure that much more time and effort went into putting the exploit together than is explained in the text.