USB Malware Targeting Siemens Control Software (Update C)

Overview VirusBlokAda, an antivirus vendor based in Belarus, announcedVirusBlokAda, http://www.anti-virus.by/en/tempo.shtml, website last visited July 15, 2010. the discovery of malware that uses a zero-day vulnerability in Microsoft Windows processing of shortcut files. The malware utilizes this...

Persistent Payload In Windows Volume Shadow Copy

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' class...

Shylock/Caphaw Banking Malware Infections on the Rise

Two dozen major U.S. and European banks are in the crosshairs of the Shylock, or Caphaw, financial malware of late, and victims who trade with one of the 24 financial institutions are at risk of giving up their credentials and losing assets in their accounts. Malware researchers have noticed a ri...

Android based hacking tool to steal passwords from connected computers

A recently discovered new form of Android malware called USB Cleaver can not only infect your smartphone, but also targets your PC to steal sensitive information from it. A hacking tool discovered by analysts at F-Secure, which is capable of stealing information from a connected Windows machine...

New Autorun Malware Spiking

Autorun malware used to be kind of a big deal around here. Worms that jump directly from removable media such as USB drives as soon as they are connected to a PC can cause some major trouble, spreading quickly through a network. Microsoft made a change to newer versions of Windows that disables t...

Researchers Uncover Polymorphic AutoRun Worm

W32/Autorun.worm.aaeb-h is an evolved, virtual machine-aware AutoRun worm that makes use of obfuscation and polymorphic techniques in order to evade detection and infect removable media and mounted network shares, according to McAfee. Researchers have seen an increase in samples for the year-old...

Worm Tries AutoRun, Then Social Engineering to Infect

Sophos and TrendMicro, and anumber of other security firms, are reporting a dramatic increase in the prevalence of a worm using AutoRun and social engineering to proliferate. If you thought Microsoft solved the AutoRun problem, you aren’t alone. They tried to shut it down after it was famously an...

CPE17 Autorun Killer ASCII Buffer Overflow

Exploit Title: CPE17 Autorun Killer - ASCII Buffer Overflow Exploit Date: 01/10/2012 Author: mr.pr0n @pr0n Homepage: http://ghostinthelab.wordpress.com/ Software Link: http://download.thaiware.com/program15/cpe17antiautorun1590.rar Version: v.1.8.6 Build 1590 Tested on: Windows XP SP3...

Buffer overflow

Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file...

CVE-2012-4054

CVE-2012-4054 affects CPE17 Autorun Killer 1.7.1 and earlier. The vulnerability is a buffer overflow in the readfile function that enables arbitrary code execution by a crafted inf file, with a Local attack vector and no authentication required per the CVSS data. Impact is listed as complete conf...

CVE-2012-4054

Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file...

CPE17 Autorun Killer 1.7.1 Buffer Overflow

CPE17 Autorun Killer 'CPE17 Autorun Killer %q readfile function is vulnerable it can be overflow , 'Author' = 'Xelenonz' , 'Version' = '0.1', 'Payload' = 'EncoderType' = Msf::Encoder::Type::AlphanumMixed, 'EncoderOptions' = 'BufferRegister'='ECX', , 'DefaultOptions' = 'DisablePayloadHandler' =...

CPE17 Autorun Killer <= 1.7.1 Stack Buffer Overflow Exploit

Exploit for windows platform in category local exploits CPE17 Autorun Killer 'CPE17 Autorun Killer %q readfile function is vulnerable it can be overflow , 'Author' = 'Xelenonz' , 'Version' = '0.1', 'Payload' = 'EncoderType' = Msf::Encoder::Type::AlphanumMixed, 'EncoderOptions' =...

CPE17 Autorun Killer 1.7.1 - Local Stack Buffer Overflow (Metasploit)

CPE17 Autorun Killer 1.7.1 - Local Stack Buffer Overflow Metasploit CPE17 Autorun Killer 'CPE17 Autorun Killer %q readfile function is vulnerable it can be overflow , 'Author' = 'Xelenonz' , 'Version' = '0.1', 'Payload' = 'EncoderType' = Msf::Encoder::Type::AlphanumMixed, 'EncoderOptions' =...

CPE17 Autorun Killer 1.7.1 - Local Stack Buffer Overflow (Metasploit)

CPE17 Autorun Killer 'CPE17 Autorun Killer %q readfile function is vulnerable it can be overflow , 'Author' = 'Xelenonz' , 'Version' = '0.1', 'Payload' = 'EncoderType' = Msf::Encoder::Type::AlphanumMixed, 'EncoderOptions' = 'BufferRegister'='ECX', , 'DefaultOptions' = 'DisablePayloadHandler' =...

Video: College Professor, Students Crack Zeus Trojan Mystery

A segment from last night’s Rock Center, Brian Williams’ TV news magazine, gives the inside scoop on how a college professor and his students helped law enforcement crack one of the largest and most profitable banking Trojan operations around. Reporter Richard Engel sat down with Gary Warner, a...

Albania is the most Malware infected Nation

Albania is the most Malware infected Nation Researchers at Security firms Norman and Microsoft Analyse data from their security products that Albania is the most Malware infected Nation, with 65% of scanned computers reporting infections. Rest Most Infected Countries are South Korea, Guatemala,...

The Infections That Will Not Die: Conficker and AutoRun

One of the wonderful things about some pieces of malware is that, like that slightly dodgy uncle who never seems to have a job, they never really go away. They just sort of hang about in the background, waiting for the right time to hit you up for some spare cash or CPU cycles. It appears that th...

OpenOffice.org Xterm Spawn

Some friends asked me some tips for how to make a locked down machine that doesn't allow the user to execute anything from the GUI and doesn't have a terminal emulator installed into starting a terminal, using an allowed application, OpenOffice. The below is hardly a security vulnerability unless...

Zeus Now Using Autorun As Infection Numbers Rise

After tapering off, the Zeus Trojan has been staging a comeback over the last few months, possibly using a new infection routine that leverages Windows’ autorun feature even after a company update to limit infections that use it, according to research by Microsoft. Microsoft’s Malicious Software...