Archive for the 'virus' Category

JBoss Worm Exploiting Old Bug to Infect Unpatched Servers | threatpost

Saturday, October 22nd, 2011

Worm uses bug in jmx-console to execute shell code, then it installs perl-based control daemon that connects to IRS, and tries to discover other JBoss’es near by by using jgroups UDP multicast. Here is more details, including the source code http://pa…

JBoss Worm Exploiting Old Bug to Infect Unpatched Servers | threatpost

Saturday, October 22nd, 2011

Worm uses bug in jmx-console to execute shell code, then it installs perl-based control daemon that connects to IRS, and tries to discover other JBoss’es near by by using jgroups UDP multicast. Here is more details, including the source code http://pa…

w32_stuxnet_dossier.pdf (application/pdf Object)

Wednesday, November 17th, 2010

Most complete research on stuxnet comes from Symantec in a form of their paper called “W32.Stuxnet Dossier”.

W32.Stuxnet | Symantec Connect

Wednesday, November 17th, 2010

Blog posts from Symantec tagged as ‘stuxnet’ — most current research on the topic usually announced there.

Introduction to ClamAV’s Low Level Virtual Machine (LLVM)

Tuesday, September 7th, 2010

[some notes on] How to use clamav built-in JIT byte-code interpreter to create new viri signature definitions.

[rus ]Об одном эвристическом методе детекции вирусных инжекций на сайтах / Информационная безопасность / Хабрахабр

Tuesday, September 29th, 2009

statistical method for detection of statistical malicious javascript, perl implementation.

malware_biz.pdf (application/pdf Object)

Wednesday, April 16th, 2008

awesome paper about business of spam/malware/etc, kinda scary