62 matches found
South Korea Cyber Attack, Wiper malware and Chinese IP Address
Yesterday we reported about a massive Cyber attack on South Korea that was responsible for shutting down networks of South Korean banks and TV broadcasters. Police are still investigating the cyber attack but the country's Communications Commission has revealed that the hacking originated from a...
Shamoon Malware Steals Data, Overwrites MBR
A new piece of malware known as Shamoon that has the ability to destroy files on infected machines and overwrite the master boot record has researchers scratching their heads, wondering what the tool’s purpose might be and why the attackers behind it would destroy infected PCs. There are some...
Ransomware replaces Windows MBR and asking users for Money
Ransomware replaces Windows MBR and asking users for Money Security researchers from TrendMicro, F-Secure and Dr. Web have intercepted two new ransomware variants currently circulating in the wild. This new ransomware variant prevents infected computers from loading Windows by replacing their...
BIOS based Virus discovered by Chinese Security Firm
BIOS based Virus discovered by Chinese Security Firm A Chinese AV company 360 discovered a new Trojan, the "BMW Virus" also called Mebromi, that can actually infect a computers BIOS: "BMW 360 Security Center virus is the latest catch of a high-risk virus, the virus that infected a chain BIOS...
Symantec: Boot Sector Malware In Vogue
HED: Symantec: Boot Sector Malware Back In Style DEK: Malware writers are turning to boot record malware to infect systems – a throwback to earlier forms of malware. What’s old is new again. This time it’s boot sector malware – fashionable around the turn of the Millenium – that’s making a...
Rootkit: TDLv4
TDL-4 is the fourth generation of the TDL botnet, originated in 2008. The TDL-4 botnet could be used to send out spam, steal individuals data or used for malicious attacks. TDL-4 features an improved algorithm that encrypts communications between infected computers and the botnet's C&C.; TDL-4 al...
New Chinese MBR Rootkit Identified
A new rootkit that uses the master boot record MBR to hide itself has been discovered in China and is being used to install an online game password stealer. The bootkit is installed on the computer by a trojan downloader distributed from a Chinese adult site and is detected by Kaspersky as...
Virus Watch: The Chinese Bootkit
We recently discovered a new bootkit, i.e. a malicious program which infects the hard drive’s boot sector. Kaspersky Lab detects it as Rookit.Win32.Fisp.a. The bootkit is distributed by Trojan-Downloader.NSIS.Agent.jd. The Trojan infects the computers of users who try to download a video clip fro...
linux/x86 overwrite MBR on /dev/sda with `LOL!` 43 bytes
Exploit for linux/x86 platform in category shellcode ======================================================== linux/x86 overwrite MBR on /dev/sda with LOL! 43 bytes ======================================================== ; linux/x86 overwrite MBR on /dev/sda with LOL! 43 bytes section .text glob...
linux/x86 overwrite MBR on /dev/sda with `LOL!' 43 bytes
linux/x86 overwrite MBR on /dev/sda with LOL!' 43 bytes. Shellcode exploit for linx86 platform ; linux/x86 overwrite MBR on /dev/sda with LOL!' 43 bytes ; root@thegibson ; 2010-01-15 section .text global start start: ; open"/dev/sda", OWRONLY; mov al, 5 xor ecx, ecx push ecx push dword 0x6164732f...
The Ryan & Roel Show Episode 1
Welcome to the Show – Mon, October 20 2008 In this show, we introduce ourselves and recap the Virus Bulletin 2008 conference. We talk about the MBR Trojan bootkit, the controversy surrounding anti-virus testing standards, information on the blackmarket for online gaming passwords and some data fr...
[IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- iViZ Security Advisory 08-003 25/08/2008 - ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com -...
[IVIZ-08-007] DriveCrypt Security Model bypass exploiting wrong BIOS API usage
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- iViZ Security Advisory 08-007 25/08/2008 - ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com -...
[IVIZ-08-006] DiskCryptor Security Model bypass exploiting wrong BIOS API usage
----------------------------------------------------------------------- iViZ Security Advisory 08-006 25/08/2008 ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com...
[IVIZ-08-009] Grub Legacy Security Model bypass exploiting wrong BIOS API usage
----------------------------------------------------------------------- iViZ Security Advisory 08-009 25/08/2008 ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com...
Design/Logic Flaw
Guidance Software EnCase does not properly handle 1 certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; 2 NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain...
CVE-2007-4035
Guidance Software EnCase does not properly handle 1 certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; 2 NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain...
CVE-2007-4035
Guidance Software EnCase is affected by CVE-2007-4035 and related CVE-2007-4201 issues. The flaws involve improper handling of (1) malformed MBR partition tables with many entries that can prevent logical collection of a disk image, (2) NTFS filesystems with directory loops that can block examina...
CVE-2007-4035
Guidance Software EnCase does not properly handle 1 certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; 2 NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain...
PT-2007-5243 · Guidance · Encase
Name of the Vulnerable Software and Affected Versions: Guidance Software EnCase affected versions not specified Description: The issue arises from the improper handling of certain malformed MBR partition tables and NTFS filesystems. This allows remote attackers to prevent the logical collection o...