Using ILSpy to analyze a small adware file

My curiosity was triggered when the telemetry of our heuristic scanner started showing a multitude of reports about a small file called grandfather.exe, so I went out to grab a copy and have a look at it. As you can probably tell from some of the detection names at Virustotal, this is a MSIL...

Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands

Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1260 MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT...

Ransomware attacks on Hospitals put Patients at Risk

Just last week, the Federal Bureau of Investigation FBI issued an urgent "Flash" message to the businesses and organisations about the threat of Samsam Ransomware, but the ransomware has already wreaked havoc on some critical infrastructure. MedStar, a non-profit group that runs 10 hospitals in t...

Proofpoint Warns Of New MSIL/Crimson Tied To Cyber Espionage

Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites. Researchers at Proofpoint this week published a report on Operation Transparent Tribe, which was ongoing as of Feb. 11...

Microsoft .NET Framework SDK 1.0/1.1 MSIL Tools Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/17243/info Microsoft .NET Framework SDK contains tools for assembling and disassembling MSIL files. These tools are prone to buffer-overflow vulnerabilities that attackers could exploit to cause a denial of service or...

PokerAgent botnet stole over 16,000 Facebook credentials

PokerAgent botnet was discovered in 2012 by ESET Security Research Lab, which is a Trojan horse designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats. According to latest report, the botnet i...

[SECURITY] Fedora 11 Update: monodevelop-2.0-9.fc11

This package provides MonoDevelop, a full-featured IDE for Mono with syntax colouring, code completion, debugging, project management and support for C sharp, Visual Basic.NET, Java, Boo, Nemerle and MSIL...

[SECURITY] Fedora 11 Update: monodevelop-2.0-8.fc11

This package provides MonoDevelop, a full-featured IDE for Mono with syntax colouring, code completion, debugging, project management and support for C sharp, Visual Basic.NET, Java, Boo, Nemerle and MSIL...

[SECURITY] Fedora 11 Update: monodevelop-2.0-6.fc11

This package provides MonoDevelop, a full-featured IDE for Mono with syntax colouring, code completion, debugging, project management and support for C sharp, Visual Basic.NET, Java, Boo, Nemerle and MSIL...

[SECURITY] Fedora 11 Update: monodevelop-2.0-5.fc11

This package provides MonoDevelop, a full-featured IDE for Mono with syntax colouring, code completion, debugging, project management and support for C sharp, Visual Basic.NET, Java, Boo, Nemerle and MSIL...

Microsoft .NET Framework SDK 1.01.1 - MSIL Tools Buffer Overflow

Microsoft .NET Framework SDK 1.01.1 - MSIL Tools Buffer Overflow source: https://www.securityfocus.com/bid/17243/info Microsoft .NET Framework SDK contains tools for assembling and disassembling MSIL files. These tools are prone to buffer-overflow vulnerabilities that attackers could exploit to...

Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow

source: https://www.securityfocus.com/bid/17243/info Microsoft .NET Framework SDK contains tools for assembling and disassembling MSIL files. These tools are prone to buffer-overflow vulnerabilities that attackers could exploit to cause a denial of service or potentially execute arbitrary code...