It is just pictures and not very useful without the narration. Email me if you need commentary for any of the slides
Download pdf
Monday, May 28, 2012
Russian Cybercrime Presentation Slides 2012
It is just pictures and not very useful without the narration. Email me if you need commentary for any of the slides
Download pdf
Saturday, May 19, 2012
See you in two weeks
 |
| Angus McIntyre |
I will be traveling and will not have time for posts until June. If you sent any files to me recently and I did not post / did not reply, please accept my sincere apologies, it has been a busy period.
Please continue to share and upload files to Contagio Community and Contagio Mobile dump where it will be available immediately to others via the main download link posted there.
I hope you all have a great end of spring and glorious summer.
Thank you
Mila
P.S. If you are looking for something that is not listed, feel free to email and ask, i might have it.
Sunday, May 6, 2012
May 3 - CVE-2012-0779 World Uyghur Congress Invitation.doc
There are already quite a few samples of this recently patched exploit in the wild, including those targeting USA companies. This particular sample is targeting Uyghur Congress, which is "an international organization aspiring to represent .. exiled Uyghur (Turkish ethnic group) people both inside and outside of the Xinjiang Autonomous Region of the People's Republic of China." ~ Wikipedia. The text of the email cannot be translated with online translators, but judging by the content of the attachment, it is meant to look like an invitation for the World Uyghur Assembly .More often than not, interesting samples come at the wrong time, when I cannot analyze them due to various reasons such as being busy with something else. I was planning to look at it this weekend but it did not happen, so here it CVE-2012-0779. Analyze it, write signatures, add detection to your filters. If you post an analysis, please send your link, I add. I will just post a few details about the file.
Thursday, May 3, 2012
019 Speech.doc MacOS_X/MS09-027.A -exploit for MS Word on Snow Leopard OSX
 |
| bbtoystore.com |
Document language code is Arabic, which is kind of interesting. Targeting Tibet human rights activists.
Research: Microsoft An interesting case of Mac OSX malware
Research: Total Defense MS09-027 Target: Mac OSX & Tibetan NGOs
Xpaj -MBR rootkit sample - sample
News about Xpaj file infector brought this new donation of a sample, which i am posting now. I will add the network capture and sandbox report to augment the detailed analysis reports released by Bitdefender Xpaj - the bootkit edition and Symantec W32.Xpaj.B is a File Infector with a VengeanceThe file is meant to look like a crack of sorts for Big Air Stoked game
I accidentally overwrote this post with a blank one, many thanks to Lotta for sending the cached page and helping recreate it. It was not a long and detailed post but I wouldn't have time to redo it.
Operation Cleanup Japan (OCJP) by 0Day.jp May 3
0DAY.JP <http://unixfreaxjp.blogspot.com/> is the project blog and it is in Japanese. We will link to his publications - via Google translation and provide you with the relevant samples. This will be an ongoing post with future updates. Please support OCJP and enjoy.
P.S. Contact Hendrik if you have difficulty understanding Google translation of some words or need help with screenshots. IE and Chrome handle the translated text formatting better than Firefox. Except when indicated otherwise, I did not analyze these samples and might not be able to answer questions.
Red dots indicate the sample download links - same password on all by the scheme. Email me if you need it. With many thanks to Hendrik for his work and contributions.DOWNLOAD ALL SAMPLES FROM THIS FOLDER OR FROM LINKS BELOW
2012-04-18 Case 39 ◘ Zeus