Self-healing software to remedy malware attacks
Well this sounds cool: http://www.sciencedaily.com/releases/2014/11/141113140011.htm > Computer scientists have developed software that not only detects and eradicates never-before-seen viruses and other malware, but also automatically repairs damage caused by them. The software then prevents the invader from ever infecting the computer again. Paper can be downloaded here… Read more
Malware Analysis #3: Hesperbot, Part 2
This is a follow up to the last post: Malware Analysis #3: Hesperbot, Part 1 [https://tribalchicken.com.au/?p=605] With some assistance from CERT Australia, it’s possible to identify this particular malware sample as Hesperbot, or at least a very close relative. This also matches their data about this particular campaign. I’… Read more
Malware Analysis #3: Hesperbot, Part 1
I was kindly forwarded a sample of a phishing email crafted to appear as an Australia Post missed delivery noticed. Someone is certainly trying to deliver something (which isn’t a parcel), so my goal is to figure out what that is exactly. Note: I have included some general Phishing information. If you wish to… Read more
Automated malware analysis: Mail server -> Cuckoo
Here’s something I threw together over a beer. Some real basic bash scripts to automatically submit anything that is quarantined by the mail server to my Cuckoo Sandbox instance for analysis. I’m sure there are much more graceful ways to do this, but hey, it works: Quarantine on the mail server is carried… Read more
Analysis of Zemot / Rerdom Malware updated.
Cheers to @herrcore [https://twitter.com/herrcore] for pointing out I had incorrectly named the malware in these posts * Monday Malware analysis: Kuoloz.D (Part 1) [https://tribalchicken.com.au/?p=365] * Part 2 of Monday Malware analysis: Kuoloz.D [https://tribalchicken.com.au/?p=382] I had used the name Kuoloz, which is incorrect… Read more