Security_Guy

How the protection of Citadel got cracked

December 31, 2013 by Steven K

Steven K

Recently on a forum someone requested cbcs.exe (Citadel Backconnect Server)If you want to read more about the Backconnect on Citadel, the link that g4m372 shared is cool: http://laboratoriomalware.blogspot.de/2012/12/troyan-citadel-backconnect-windows.htmlI've searched this file thought downloading a random mirror of the Citadel leaked package in hope to find it inside.Finally the file wasn't…

Continue Reading

How the protection of Citadel got cracked

December 31, 2013 by Steven K

Steven K

Recently on a forum someone requested cbcs.exe (Citadel Backconnect Server)If you want to read more about the Backconnect on Citadel, the link that g4m372 shared is cool: http://laboratoriomalware.blogspot.de/2012/12/troyan-citadel-backconnect-windows.htmlI've searched this file thought downloading a random mirror of the Citadel leaked package in hope to find it inside.Finally the file wasn't…

Continue Reading

How the protection of Citadel got cracked

December 31, 2013 by Steven K

Steven K

Recently on a forum someone requested cbcs.exe (Citadel Backconnect Server)If you want to read more about the Backconnect on Citadel, the link that g4m372 shared is cool: http://laboratoriomalware.blogspot.de/2012/12/troyan-citadel-backconnect-windows.htmlI've searched this file thought downloading a random mirror of the Citadel leaked package in hope to find it inside.Finally the file wasn't…

Continue Reading

How the protection of Citadel got cracked

December 31, 2013 by Steven K

Steven K

Recently on a forum someone requested cbcs.exe (Citadel Backconnect Server)If you want to read more about the Backconnect on Citadel, the link that g4m372 shared is cool: http://laboratoriomalware.blogspot.de/2012/12/troyan-citadel-backconnect-windows.htmlI've searched this file thought downloading a random mirror of the Citadel leaked package in hope to find it inside.Finally the file wasn't…

Continue Reading

Codes, What Are They Good For?

December 21, 2013 by the grugq

the grugq

What is a Secure Communication? The goals of secure communications are the following. Some of these are surprisingly difficult to achieve: Make the content of a message unreadable to parties other than the intended one(s) Make the meaning of a message inaccessible to parties other than the intended one(s) Avoid…

Continue Reading

In Search of OPSEC Magic Sauce

December 20, 2013 by the grugq

the grugq

Of Bomb Threats and Tor Recently (December 16th, 2013) there was a bomb threat at Harvard University, during finals week. The threat was a hoax, and the FBI got their man that very night. The affidavit is here. This post will look at the tools and techniques the operative used…

Continue Reading

Win32/BruteForce.WP

December 20, 2013 by Steven K

Steven K

DrWeb released a news about this malware in August, they know it as 'Trojan.WPCracker.1'And more recently ~ 1e8cd0f0f1702820c870302520bc0176.This executable communicate with a C&C at dorblu99.netLet's have a closer look.Login:Main:Bot info:Broken wordpress:Statistics:Add domains:Add admin panels:Add logins:Add passwords:Add module for jm(zip):Add module for wp(zip):Add shell jm(php):Cron brute:Ban list:Logs:Domains list (downloaded by the…

Continue Reading

Win32/BruteForce.WP

December 20, 2013 by Steven K

Steven K

DrWeb released a news about this malware in August, they know it as 'Trojan.WPCracker.1'And more recently ~ 1e8cd0f0f1702820c870302520bc0176.This executable communicate with a C&C at dorblu99.netLet's have a closer look.Login:Main:Bot info:Broken wordpress:Statistics:Add domains:Add admin panels:Add logins:Add passwords:Add module for jm(zip):Add module for wp(zip):Add shell jm(php):Cron brute:Ban list:Logs:Domains list (downloaded by the…

Continue Reading

Win32/BruteForce.WP

December 20, 2013 by Steven K

Steven K

DrWeb released a news about this malware in August, they know it as 'Trojan.WPCracker.1'And more recently ~ 1e8cd0f0f1702820c870302520bc0176.This executable communicate with a C&C at dorblu99.netLet's have a closer look.Login:Main:Bot info:Broken wordpress:Statistics:Add domains:Add admin panels:Add logins:Add passwords:Add module for jm(zip):Add module for wp(zip):Add shell jm(php):Cron brute:Ban list:Logs:Domains list (downloaded by the…

Continue Reading

Win32/BruteForce.WP

December 20, 2013 by Steven K

Steven K

DrWeb released a news about this malware in August, they know it as 'Trojan.WPCracker.1'And more recently ~ 1e8cd0f0f1702820c870302520bc0176.This executable communicate with a C&C at dorblu99.netLet's have a closer look.Login:Main:Bot info:Broken wordpress:Statistics:Add domains:Add admin panels:Add logins:Add passwords:Add module for jm(zip):Add module for wp(zip):Add shell jm(php):Cron brute:Ban list:Logs:Domains list (downloaded by the…

Continue Reading

A Crypto Challenge For The Telegram Developers

December 19, 2013 by Moxie Marlinspike

Moxie Marlinspike

Earlier this week, a company called Telegram announced a “secure” mobile messaging product. How secure? In their words of their FAQ, “very secure.” Curious to learn more, I went to look at the protocol, and immediately had a number of questions and concerns. However, when pressed on technical details by…

Continue Reading

Win32/Atrax.A

December 6, 2013 by Steven K

Steven K

Atrax is a TOR botnet, you can read about it on the excellent post of Aleksandr.Someone on kernelmode.info posted recently a fresh sample:MD5: 44a6a7d4a039f7cc2db6e85601f6d8c1Fun things also, the coder leaved a message:"Nice blog post ESET 2013/07/24 Greetz to KernelMode.info"Atrax advertising:Programming language: C (No C++!)OS: Win XP - 8.1 (all x86/x64)Admin rights…

Continue Reading

Win32/Atrax.A

December 6, 2013 by Steven K

Steven K

Atrax is a TOR botnet, you can read about it on the excellent post of Aleksandr.Someone on kernelmode.info posted recently a fresh sample:MD5: 44a6a7d4a039f7cc2db6e85601f6d8c1Fun things also, the coder leaved a message:"Nice blog post ESET 2013/07/24 Greetz to KernelMode.info"Atrax advertising:Programming language: C (No C++!)OS: Win XP - 8.1 (all x86/x64)Admin rights…

Continue Reading

Win32/Atrax.A

December 6, 2013 by Steven K

Steven K

Atrax is a TOR botnet, you can read about it on the excellent post of Aleksandr.Someone on kernelmode.info posted recently a fresh sample:MD5: 44a6a7d4a039f7cc2db6e85601f6d8c1Fun things also, the coder leaved a message:"Nice blog post ESET 2013/07/24 Greetz to KernelMode.info"Atrax advertising:Programming language: C (No C++!)OS: Win XP - 8.1 (all x86/x64)Admin rights…

Continue Reading

Win32/Atrax.A

December 6, 2013 by Steven K

Steven K

Atrax is a TOR botnet, you can read about it on the excellent post of Aleksandr.Someone on kernelmode.info posted recently a fresh sample:MD5: 44a6a7d4a039f7cc2db6e85601f6d8c1Fun things also, the coder leaved a message:"Nice blog post ESET 2013/07/24 Greetz to KernelMode.info"Atrax advertising:Programming language: C (No C++!)OS: Win XP - 8.1 (all x86/x64)Admin rights…

Continue Reading