Malware Unpacking With Ollydbg

dexter_packed

For years, malware take advantage of packers to protect themselves against reverse analysis and AV detection. Third party packers such as UPX, PECompact, Aspack, etc. were being used by malware for years to somehow evade antivirus detection and make reversing difficult . However, due to the fact that these are available tools, AV companies and reversers where able to study them and thus malwares packed with such third party packers can be easily unpacked these days. Today however, malware using a so called hacker-packer is proliferating. Unlike packers such as UPX, hacker-packer tools are not readily available. They are sold and distributed usually underground. Continue reading “Malware Unpacking With Ollydbg” »

Malware Unpacking With Ollydbg

dexter_packed

For years, malware take advantage of packers to protect themselves against reverse analysis and AV detection. Third party packers such as UPX, PECompact, Aspack, etc. were being used by malware for years to somehow evade antivirus detection and make reversing difficult . However, due to the fact that these are available tools, AV companies and reversers where able to study them and thus malwares packed with such third party packers can be easily unpacked these days. Today however, malware using a so called hacker-packer is proliferating. Unlike packers such as UPX, hacker-packer tools are not readily available. They are sold and distributed usually underground. Continue reading “Malware Unpacking With Ollydbg” »

Hijacking Java Upgrade

upgrade_java_windows7_4

In this one, we will look at how to inject a malicious Java upgrade by using DNS poisoning to intercept the traffic. The best part of this whole hack, is that it’s almost impossible for the victim to figure out that the update is malicious, until it is too late. After all, how many of us security pros check with Wireshark, where a program is really connecting to, when it requests for an upgrade. What’s scary to see, is that popular softwares such as Notepad++ and Download Accelerator Plus (DAP) do not have a security update process. Millions of people who use these softwares are thus vulnerable! Continue reading “Hijacking Java Upgrade” »