Сode injections for Windows applications

Code Injection is a process of injection code (often malicious) into third party application’s memory. A lot of software is using this technique: from malware to game bots. To show this approach, let’s try to execute third party application’s internal function with our own parameters, hacking simple application. Warning, C and debugger knowledge are required!

Read full article →


How to use WSUS to get control over Windows

This was one of the most interesting attacks showed on Black Hat Las Vegas 2015. Let’s imagine the situation: there’s a large park of Windows computers in a large organization, and they all need to be updated. Obviously, getting all of them to download updates over the Internet is both pricy and uncomfortable. The common solution is a WSUS (Windows Server Update Services) server, which is used to manage updates. It downloads the updates and delivers them to all other computers.

Read full article →


The Smallest Trojan of Modern Age

It all started two years ago, when many antivirus companies tried to outdo each other with reports on catching a new malware with full-fledged functionality aimed at taking away cash from users of different online banking systems while fitting just in 19968 bytes of code.

Read full article →


Spam with viruses

Despite the fact that Russia (surprise!) is not among the leaders in computer infectioning by this method (three leaders are traditionally USA, Germany and the UK), we suppose it will be still useful to find out what makes many users in different corners of the world click on attachments in messages from unknown senders. Off we go!

Read full article →


A Detailed Analysis of the First Locking and File Encrypting Ransomware for Android

The phone infection process has nothing unusual compared to the scheme that is already known for Android-based devices. A malicious APK file gets into the phone under the guise of the game called ‘Sex Xonix’, which supposedly gives you an opportunity to look at some naked women. Obviously, there is no way of stumbling upon such ‘treasure’ on Android Market. So it dwells on all sorts of second-class websites with questionable content, which attracts those who ‘like it hot’.

Read full article →


Monetizer Trojans

Browser Start Page Modifiers (Trojan.StartPage Family)

One of the best-known and most aggressive members of this family is, undoubtedly, Adware.Webalta.2 (according to Dr.Web’s classification). This piece of work is intended for viral advertising of webalta.ru, a Russian search engine, (we are happy to learn that, by now, this resource has fallen into decay and refuses to find whatsoever :))

Read full article →