Hello, a new specifically covered exploit kit
We're keeping a pretty close eye on Exploit Kits here at the VRT, and when a new trend or technique starts to rear its head, we pay close attention. Over the past week or so, we saw an exploit kit doing something unusual - this kit appears to be tracking the Windows systems
Decoding Domain Generation Algorithms (DGAs) Part II - Catching ZeusBot Injection into Explorer.exe
Last week, I talked about unpacking this binary for static analysis. This week, I am going to talk about catching its injected entry point inside explorer.exe. This makes it easier to dynamically analyze the code from the very beginning of its execution routine up to the code uti
Decoding Domain Generation Algorithms (DGAs) - Part I
Part 1 - Unpacking the binary to properly view it in IDA Pro Recently, I came across an executable(MD5: 3D5060066056369B3449606F3E87F777) that was expected to be malicious in nature, but its network behavior was what was really interesting. So the first thing I did was throw it
Microsoft Update Tuesday: February 2014, huge fix for Internet Explorer
The Microsoft Updates are pretty significant this month. Internet Explorer, which was missing from the updates for the first time in a long time last month is back with a whopping 24 vulnerabilities. Besides the IE bulletin, there’s six more bulletins, 4 of which are rated critic
Four vulnerabilities in Pidgin
The VRT is announcing the discovery and patching of 4 CVE vulnerabilities in Pidgin. These vulnerabilities were discovered by the VRT VULNDEV team and reported to the Pidgin team. The VRT also created TRUFFLE rules that have been protecting Sourcefire customers for these vulnerab
VRT-2013-1001 (CVE-2013-6487): Buffer overflow in Gadu-Gadu HTTP parsing
Sourcefire Vulnerability Report VRT-2013-1001 (CVE-2013-6487): Buffer overflow in Gadu-Gadu HTTP parsing Description An exploitable remote code execution vulnerability exists in Pidgin's implementation of the Gadu Gadu protocol in the libpurple library. An attacker who can c
VRT-2013-1004 (CVE-2013-6490): Buffer overflow in SIMPLE header parsing
Sourcefire Vulnerability Report VRT-2013-1004 (CVE-2013-6490):Buffer overflow in SIMPLE header parsing Description An exploitable remote code execution vulnerability exists in Pidgin's implementation of SIP/SIMPLE message handling. An attacker who can control the Content-Len
VRT-2013-1002 (CVE-2013-6489): Buffer overflow in MXit emoticon parsing
Sourcefire Vulnerability Report VRT-2013-1002 (CVE-2013-6489): Buffer overflow in MXit emoticon parsing Description An exploitable remote code execution vulnerability exists in Pidgin's implementation of the Mxit protocol in the libpurple library. An attacker who can control
VRT-2013-1003 (CVE-2013-6486): Pidgin uses clickable links to untrusted executables
Sourcefire Vulnerability Report VRT-2013-1003: Pidgin uses clickable links to untrusted executables Description An exploitable remote code execution vulnerability exists in Pidgin's implementation of file:// URL handling. An attacker can supply a remote path which will be ev