Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 10:41:36 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2026052555&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fpapers%2Fvirus%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2026052555.1338201696.1338201696.1338201696.1%3B%2B__utmz%3D32867617.1338201696.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/108812/malware-reverse-part-1.pdf http://packetstormsecurity.org/files/108812/malware-reverse-part-1.pdf http://packetstormsecurity.org/files/108812/Malware-Reverse-Engineering-Part-1-Static-Analysis.html Wed, 18 Jan 2012 23:54:47 GMT This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test. http://packetstormsecurity.org/files/107770/avevasion-techniques.pdf http://packetstormsecurity.org/files/107770/avevasion-techniques.pdf http://packetstormsecurity.org/files/107770/Anti-Virus-Evasion-Techniques.html Sun, 11 Dec 2011 23:28:59 GMT Whitepaper called Anti-Virus Evasion Techniques. Some of the techniques discussed are binding and splitting, converting exe to executable client side scripts, and performing code obfuscation/morphing. http://packetstormsecurity.org/files/103727/Sophail.pdf http://packetstormsecurity.org/files/103727/Sophail.pdf http://packetstormsecurity.org/files/103727/Sophail-A-Critical-Analysis-Of-Sophos-Antivirus.html Thu, 04 Aug 2011 23:04:28 GMT This paper describes the results of a thorough examination of Sophos Antivirus internals. The author presents a technical analysis of claims made by the vendor, and publishes the tools and reference material required to reproduce their results. Furthermore, they examine the product from the perspective of a vulnerability researcher, exploring the rich attack surface exposed, and demonstrating weaknesses and vulnerabilities. http://packetstormsecurity.org/files/102811/fake_malware_and_virus_scanners.pdf http://packetstormsecurity.org/files/102811/fake_malware_and_virus_scanners.pdf http://packetstormsecurity.org/files/102811/Fake-Malware-And-Virus-Scanners.html Tue, 05 Jul 2011 14:50:06 GMT Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process. http://packetstormsecurity.org/files/102809/client_side_threats_anatomy_of_reverse_trojan_attacks.pdf http://packetstormsecurity.org/files/102809/client_side_threats_anatomy_of_reverse_trojan_attacks.pdf http://packetstormsecurity.org/files/102809/Client-Side-Threats-Anatomy-Of-Reverse-Trojan-Attacks.html Tue, 05 Jul 2011 14:44:34 GMT Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them. http://packetstormsecurity.org/files/77847/pbania-dbi-unpacking2009.pdf http://packetstormsecurity.org/files/77847/pbania-dbi-unpacking2009.pdf http://packetstormsecurity.org/files/77847/Paper-On-Unpacking-Malware.html Wed, 27 May 2009 02:50:49 GMT Whitepaper called Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs. http://packetstormsecurity.org/files/53611/malware.pdf http://packetstormsecurity.org/files/53611/malware.pdf http://packetstormsecurity.org/files/53611/malware.pdf.html Sun, 14 Jan 2007 00:08:06 GMT Whitepaper entitled "Anatomy of a Malware". A tutorial that was created to educate people on how a simple piece of malware works. http://packetstormsecurity.org/files/51731/vrg01.html http://packetstormsecurity.org/files/51731/vrg01.html http://packetstormsecurity.org/files/51731/vrg01.html.html Tue, 07 Nov 2006 05:54:03 GMT Interesting write up discussing the infection of Mach-O files including a link to the MachoMan virus. http://packetstormsecurity.org/files/49740/Taking_Back_Netcat.pdf http://packetstormsecurity.org/files/49740/Taking_Back_Netcat.pdf http://packetstormsecurity.org/files/49740/Taking_Back_Netcat.pdf.html Thu, 07 Sep 2006 08:12:17 GMT While there are some easy ways of changing the antivirus signature of a program (packers, encryptors, etc), they may not always be viable options for those wishing to bypass antivirus applications. This paper will show how to locate the signature used to identify Netcat, and modify it so that the executable no longer matches Symantec's AV signature, without interfering with any of the program's functionality. This is an exercise in identifying and modifying sections of code (aka, signatures) that are used by antivirus programs to identify malicious code; the tools and techniques used here can be applied to any program that is marked as malicious by AV applications. http://packetstormsecurity.org/files/45959/mobilethreats.tgz http://packetstormsecurity.org/files/45959/mobilethreats.tgz http://packetstormsecurity.org/files/45959/mobilethreats.tgz.html Sun, 30 Apr 2006 04:45:39 GMT Whitepaper entitled "Summary of Mobile Threat For Year 2005" that provides a detailed analysis of mobile malware and a full understanding of how such virii propagate. Also included is CalvinStinger.SIS which is a disinfection tool for the Symbian S60 platform. http://packetstormsecurity.org/files/40514/EJohansen_VB2005.tgz http://packetstormsecurity.org/files/40514/EJohansen_VB2005.tgz http://packetstormsecurity.org/files/40514/EJohansen_VB2005.tgz.html Sat, 08 Oct 2005 18:21:07 GMT Whitepaper as well as presentation slides entitled 'Anti-Virus in the Wild' that were presented at the Virus Bulletin 2005 conference in Dublin, Ireland. http://packetstormsecurity.org/files/35090/bofra_overview.txt http://packetstormsecurity.org/files/35090/bofra_overview.txt http://packetstormsecurity.org/files/35090/bofra_overview.txt.html Sat, 20 Nov 2004 21:56:06 GMT Brief analysis of the Bofra, aka MyDoom.AG/AH, worm that was first discovered circulating in the wild November 8th. http://packetstormsecurity.org/files/35036/grams.html http://packetstormsecurity.org/files/35036/grams.html http://packetstormsecurity.org/files/35036/grams.html.html Sat, 13 Nov 2004 00:43:06 GMT Full analysis of the Win32.Grams trojan. It differs from previous E-Gold phishing trojans in that it does not steal credentials instead uses the victim's own browser to siphon all the E-Gold directly from their account to another E-Gold account, using OLE automation. This would completely bypass all the new authentication methods financial institutions are using to thwart keystroke loggers/password stealers, because the trojan simply lets the user do the authentication, then takes over from there. http://packetstormsecurity.org/files/32615/decompression-bomb-vulnerability.html http://packetstormsecurity.org/files/32615/decompression-bomb-vulnerability.html http://packetstormsecurity.org/files/32615/decompression-bomb-vulnerability.html.html Tue, 03 Feb 2004 22:34:00 GMT Research on the various reactions of anti-virus software against decompression bombs. Has a thorough comparison chart and is definately a good read. http://packetstormsecurity.org/files/31558/intrusion-agent.pdf http://packetstormsecurity.org/files/31558/intrusion-agent.pdf http://packetstormsecurity.org/files/31558/intrusion-agent.pdf.html Tue, 26 Aug 2003 02:37:28 GMT White paper discussing methodologies for accessing internal networks using HTTP tunneling and tricking end users. http://packetstormsecurity.org/files/30740/virus-writing-HOWTO-2003-01-08.tar.gz http://packetstormsecurity.org/files/30740/virus-writing-HOWTO-2003-01-08.tar.gz http://packetstormsecurity.org/files/30740/virus-writing-HOWTO-2003-01-08.tar.gz.html Tue, 21 Jan 2003 07:53:18 GMT The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection. http://packetstormsecurity.org/files/30656/Kaspersky_review_11_18.doc http://packetstormsecurity.org/files/30656/Kaspersky_review_11_18.doc http://packetstormsecurity.org/files/30656/Kaspersky_review_11_18.doc.html Tue, 24 Dec 2002 19:45:24 GMT A detailed vendor analysis on Kaspersky's line of anti-virus products. http://packetstormsecurity.org/files/26586/virus-writing-HOWTO-2002-08-15.tar.gz http://packetstormsecurity.org/files/26586/virus-writing-HOWTO-2002-08-15.tar.gz http://packetstormsecurity.org/files/26586/virus-writing-HOWTO-2002-08-15.tar.gz.html Wed, 21 Aug 2002 06:33:59 GMT The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Contains a lot of source code. Every mentioned infection method is accompanied with a practical guide to detection. http://packetstormsecurity.org/files/25855/200201p.txt http://packetstormsecurity.org/files/25855/200201p.txt http://packetstormsecurity.org/files/25855/200201p.txt.html Wed, 06 Mar 2002 06:55:07 GMT "Techniques a worm might use to be harder to locate" is a look at how worms may evolve to be harder to locate on a infected computer. It begins very simple to build up to some ideas that are quite complex. Includes example source code written in Perl. http://packetstormsecurity.org/files/25846/future.of.viruses.txt http://packetstormsecurity.org/files/25846/future.of.viruses.txt http://packetstormsecurity.org/files/25846/future.of.viruses.txt.html Wed, 06 Mar 2002 06:19:25 GMT The future of viruses and operating systems. http://packetstormsecurity.org/files/17779/LoveLetterAnalysis.txt http://packetstormsecurity.org/files/17779/LoveLetterAnalysis.txt http://packetstormsecurity.org/files/17779/LoveLetterAnalysis.txt.html Fri, 05 May 2000 19:52:56 GMT An overview and Analysis of the LOVE-LETTER-FOR-YOU virus/worm. http://packetstormsecurity.org/files/11209/trojans.txt http://packetstormsecurity.org/files/11209/trojans.txt http://packetstormsecurity.org/files/11209/trojans.txt.html Wed, 08 Dec 1999 22:00:37 GMT Trojans: what they are, different kinds of trojans (RATs, keyloggers, password trojans etc') for Unix and Windows, how to look out for trojans and defeat them etc'. Everything you always wanted to know about trojans but were afraid to ask (in fear of appearing to be lame). http://packetstormsecurity.org/files/16223/alife.ps http://packetstormsecurity.org/files/16223/alife.ps http://packetstormsecurity.org/files/16223/alife.ps.html Fri, 01 Oct 1999 21:22:48 GMT Computer Viruses as Artificial Life: A consideration of computer viruses as artificial life - self-replicating organisms http://packetstormsecurity.org/files/16224/faq.txt http://packetstormsecurity.org/files/16224/faq.txt http://packetstormsecurity.org/files/16224/faq.txt.html Fri, 01 Oct 1999 21:22:48 GMT Frequently Asked Questions on VIRUS-L/compvirus http://packetstormsecurity.org/files/16226/iworm1.ps http://packetstormsecurity.org/files/16226/iworm1.ps http://packetstormsecurity.org/files/16226/iworm1.ps.html Fri, 01 Oct 1999 21:22:48 GMT The Internet Worm Program: An Analysis: A description of the algorithms used by the Internet Worm program of November 2, 1988