BSOD … and even more
Yesterday, a vulnerability (Lexsi Ref. 12225) announced as a remote denial of service affecting Microsoft Windows Vista, Seven and 2008 has been published by a security researcher. It affects the...
View ArticleIngenious shellcode in a PDF document
Reading one of the last ISC’s diaries reminds a trick we recently encountered during a malicious PDF document’s analysis. It explains a somewhat special shellcode method in a PDF exploiting the latest...
View ArticleThe use of biometrics for strong authentication
More and more companies choose to use strong authentication to ensure security, which is no more assured by a simple password. It is indeed easy to find by an attacker, either through social...
View ArticleVulnerability in Windows Media Services
This month, Microsoft has fixed a vulnerability that we reported last summer, about a stack-based buffer overflow in the “Windows Media Unicast” service of Windows Media Services on Windows 2000 (Ref....
View ArticleVulnerability in Windows Media Services : epilog
No one missed it, the fix for the vulnerability in Windows Media Services that we reported to Microsoft was honored to be part of the small circle of patches pulled by the editor for not fixing the...
View ArticlePropagation plugin for SpyEye
SpyEye, a banking malware hitting the headlines after the announcement of its merge with the famous ZeuS, is a very modular clone of it, since plugins can be easily developed to add new...
View ArticleBypassing the SpyEye "rootkit", or how to perform a quick disinfection
After having presented some SpyEye plugins, let’s have a look to its features to hide itself from the user. To fully understand the contents of this post, remind that during an infection, SpyEye will...
View ArticleNew targets for SpyEye
Since last year, Microsoft is distributing the KB976002 update, prompting the user to choose among the 5 main browsers. While the two leading Internet Explorer and Firefox have been the targets of...
View ArticleCitadel: configuration file
We recently focused on the latest banking malware: Citadel. The Zeus source code release has made possible the creation of new banking malware, and Citadel is one of them. One of its particularities is...
View ArticleSorry, Mario, but the princess is in another citadel…
During the audit of an infected host looking for banking malware, we met a Citadel sample, identified by the folders it was stored in: “random” directory names in “C:\Documents and...
View Article