Author Archives: pornosecurity

Murofet, Zeus++ or just Zeus 2.1?

The first one writing about this new threat was Marco Giuliani. So, Murofet or Zeus++? Taking a look at a couple of samples we were able to identify: – Same API hooks – Same encryption routine for configuration file (RC4) – … Continue reading

Posted in News | Tagged , ,

Trojan Carberp

I’m interested in infostealers and specifically in banking-trojans so I didn’t want to miss this one. Samples of Carberp are floating around at least since last spring but in late September we saw such numbers increasing. Taking a look at … Continue reading

Posted in News | Tagged

Is that PDF so scary?

– “it bypasses DEP and ASLR using impressive tricks and unusual methods” – Vupen – “it uses a previously unpublished technique to bypass ASLR” – Metasploit Blog – “exploit uses the ROP technique to bypass the ASLR and DEP” – … Continue reading

Posted in Exploits | Tagged , , ,

Export Address Table Filtering (EMET v2)

I’ll tell you the truth: Export Address Table Filtering, the feature of the upcoming release of EMET, “designed to break nearly all shell code in use today”, intrigued me a bit. Since I wasn’t able to find docs about the … Continue reading

Posted in News | Tagged

Deep inside the King

Everybody knows Zeus, the king of “banking trojans”. If you are in the business of protecting banks from Zeus, you are probably interested in analyzing the configuration file of each Zeus C&C in order to understand how the bot actually … Continue reading

Posted in Code | Tagged , ,