A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #3586  by gjf
 Fri Nov 19, 2010 12:31 pm
Jaxryley wrote:Drops just about everything. Rooters, virut and fake MSE alert.
Oh sh.... I have such issue IRL. But there was not only virut but sality also. It is better to reinstall such system because it would be easier and faster :)

I believe author took all these crap just to make desinfection process more complicated.
 #3643  by Meriadoc
 Mon Nov 22, 2010 2:21 pm
Hello, TDL3.273

config.ini
[main]
version=3.273
quote=You people voted for Hubert Humphrey, and you killed Jesus
id=
random=2
installdate=1290435190
reboots=2
[injector]
*=tdlcmd.dll
[clicker]
dbjs=717739116
 #3679  by STRELiTZIA
 Wed Nov 24, 2010 8:25 am
Jaxryley wrote:Not many hits over at VT.
!http://polistena.net/.buku/?getexe=dg.exe
dg.exe - 5/43 - Sophos - Mal/TDSSPack-AM - MD5 : 041e66945d2531c07245fcd91c57f406
dg.rar
[main]
version=0.03
aid=40787
sid=0
builddate=4096
rnd=1060284298
[inject]
*=cmd.dll
* (x64)=cmd64.dll
[cmd]
srv=https://nl6fa53.com/;https://li1i16b0.c ... i16b0.com/
wsrv=http://ijmgwareh0use.com/;http://cljkcp ... tator.com/
psrv=http://cikh71ynks66.com/;http://clkh71yhks66.com/
version=0.15
 #3788  by GamingMasteR
 Wed Dec 01, 2010 5:48 am
GamingMasteR wrote:Nice article on Hakin9 magazine focusing on TDSS :
In the series of two articles we will uncover the hidden mechanisms of the biggest botnet known so far: TDSS botnet.
This first article of the series tells the real story of breaking into the botnet, from scratch to root, which had to be done in order to gain access to private managementscripts. A lot of details are revealed in this part:
• The malware distribution campaign web scripts, vulnerabilities, and database
• The botnet’s network protocol encryption algorithm
• SQL vulnerabilities on the C&C server
• The botnet’s HTTP gateway configuration
• The control panel configuration
• And more.
http://hakin9.org/magazine/1544-spyware ... s-watching
Part II :
http://hakin9.org/magazine/1566-botnets-malware-spyware
  • 1
  • 30
  • 31
  • 32
  • 33
  • 34
  • 60