JavaScript de-obfuscation with Rhino
Last Friday, I received a URL which used several exploits to spread malware. As always, I started to investigate it. As you may know, these sites use javascript…
July spyware list
This month, the first positions of the list are very similar to last month’s. 1.- Application/MyWebSearch 2.- Adware/Lop 3.- Adware/Gator 4.- Adware/ActiveSearch 5.- Spyware/Virtumonde 6.-…
Ice(Pack) for the summer
It’s summer, about 29ºC – 84ºF in Bilbao, a sunny and beautiful day. Good time for an ice-cream. But today we’ll change the menu and we’ll…
More about Mpack (II)
Today I have come across a server hosting an Mpack that has 292 different websites with iframes that make reference to it. Most of…
Free commandline scanner
For research purposes we are releasing our command-line scanners and signature updates for those who wish to implement malware scanning in a not-for-profit project. Organizations…
PINCH, THE TROJAN CREATOR
Some time ago, we talked to you about malware prices, HTTP botnets, etc. Today I will show you the level Trojan creators have reached and…