Skip to main content

Posts

Showing posts with the label malware

Google Networks Have a Weird Malware Policy, Apparently

Applian is a company that makes some fairly widely circulated media software - FLV players, RTMP stream recorders, stuff like that. They are somehow affiliated with NirSoft. Nirsoft makes forensics tools that are often mis-diagnosed as malicious software; its less clear what Applian could be doing to get the same red-flags. But red-flagged they were, by Google's malware team no less. Google's usual plan of red-flagging what appears like bad programs through their browser and search engine while not blocking downloads is a sensible way to get the word out without being overly intrusive. However, when the content that Google believes is malicious is being hosted on their own ASN, it is less clear how appropriate that is. Most system administrators are more comfortable with removing malicious software from their networks. A strange choice.
Read more

A Virus is Being Circulated in Forum Posts with Content from This Website

Someone is creating forum posts with content from this website and links back to this website. Embedded in the forum post is a download to an executable called ares.exe, designed to look like a P2P client installer that is actually part of the Agobot family of worms (aka gaobot or gaobot.ee). My website will never have executables available for download. Few people reading this website would be inclined to download a virus this stupidly designed. More likely the point of this attack is to associate links to my site with malicious software in order to stop traffic to the site. To the attacker: Agobot is designed for idiots. You are an idiot. Even Wikipedia thinks you are an idiot. Here's from the article on Ago, which gave me a laugh - " Agobot is an example of a Botnet that requires little or no programming knowledge to use. " Its been 48 hours and you've been caught. Maybe targeting network engineers isn't the brightest idea? Here is an example of a forum
Read more

ASPY.a - Malware Source Identified as Blackhat Control Panel Developer

I've spotted a trojan/shell exploit that targets ASP.NET named ASPY.a making the rounds again recently. By no means a 0-day or brand new bit of malware, ASPY.a has been around for about 2 years . It takes advantage of vulnerable ASP scripts, uploads itself to a web server and in unpatched systems that lack sensible permissions policies and the latest updates, it can grant remote attackers administrator access. Microsoft Security Essentials will catch it, however I've seen at least one version of Symantec that does not completely remove compromised files - with Symantec server-level compromise was prevented, but the website itself remained controllable. So why am I writing a post about a 2 year old piece of malware? The story here is that the circulation appears to be driven by a developer based in Russia that sells "server control panel" (панель управления сервером, управление) software for novices tasked with IIS-based website management. The name of the company is
Read more