I was analyzing a piece of malware the other day and came across a unique method to place malware locally on a host without using the network to transfer it. This is something that is so simple in design, and yet so effective in its delivery. Let’s take a closer look. To get the malicious file, one would simply need to visit or open malicious HTML content....

The Zeus botnet has been in the wild since 2007 and it is among the top botnets active today. This bot has an amazing and rarely observed means of stealing personal information–by infecting users’ computers and capturing all the information entered on banking sites. Apart from stealing passwords, this bot has variety of methods implemented for stealing...

The Zeus botnet has been in the wild since 2007 and it is among the top botnets active today. This bot has an amazing and rarely observed means of stealing personal information–by infecting users’ computers and capturing all the information entered on banking sites. Apart from stealing passwords, this bot has variety of methods implemented for stealing...

While reading Microsoft’s confirmation of the DLL preloading risks in arbitrary Windows applications vulnerability, somehow it reminded me of the wave of LD_PRELOAD vulnerabilities that were exploited many years back on multiple non-Windows-based systems. It’s not a new class of vulnerability; the recent LNK file zero-day was probably the last biggest...

Malicious PDF files and related exploits are invading the Net. Looking at the CVE records in the National Vulnerability Database for Adobe products, we see a dramatic increase in 2009. Since January 1, Adobe vulnerabilities have continued to appear. During this period, five are classified as medium, while about 30 are judged high-level threats. Now...

In an excellent blog, the people from Apache did a very good job analyzing and documenting how a security breach happened–going through all the stages of the attack and drawing conclusions. Should you ever become the unfortunate victim of an attack, this blog offers an example of how to document it! I quote:”If you are a user of the Apache-hosted JIRA,...