PE GRUM Virus and Some Search Engine Poisoning malware [Archive]

View Full Version : PE GRUM Virus and Some Search Engine Poisoning malware

Nico

April 16th, 2007, 08:10

Hello,

Here are two blog posts i made recently.
One related to Search Engine Poisoning, and the other one, regarding a PE infector spread using SPAM and .ANI vulnerability.

Search Engine related: http://www.websense.com/securitylabs/blog/blog.php?BlogID=116

File Infector: http://www.websense.com/securitylabs/blog/blog.php?BlogID=121

Enjoy

blurcode

April 16th, 2007, 12:57

Quote:

It looks as if they wanted to hide the malicious file on disk, but because of a bug, only the legitimate winlogon is hidden.

70h

April 26th, 2007, 11:21

Nico hello, can u share the malware (200.exe for example..)? As for me it's much more interesting to play with binaries myself and then read your comments

sorry for my pure english
great thanks, 70h

Nico

May 20th, 2007, 11:07

I can't share samples, sorry.

disavowed

May 21st, 2007, 10:31

Quote:

[Originally Posted by 70h;65218]Nico hello, can u share the malware (200.exe for example..)? As for me it's much more interesting to play with binaries myself and then read your comments
sorry for my pure english
great thanks, 70h

http://mwdl.offensivecomputing.net/malware2/1703001996/malware.zip

70h

May 23rd, 2007, 12:42

Quote:

[Originally Posted by disavowed;65837]http://mwdl.offensivecomputing.net/malware2/1703001996/malware.zip

thx, but what about password? i have tried malware, virus, biohazarad low/uppercase but nothing out =\

ZaiRoN

May 23rd, 2007, 13:24

Password is always the same: infected

Silkut

May 30th, 2007, 10:14

Nice job Nico, I enjoyed the article on MISC.