Skip navigation.
Home
WARNING: This site contains samples of live malware. Use at your own risk.
MALWARE UPLOAD:
Malware to Upload:
Upload an unknown or suspicious file here for analysis. All files uploaded here will be imported into the Offensive Computing Malware database. By using this service, you certify that you are not uploading any copyrighted software and you consent to unconditional dissemination.

Great Virtual Memory Overview by Mark Russinovich

Virtual memory continues to be one of the things that people have a lot of problems understanding. There are lots of misconceptions about how this fundamental part of the operating system works. Mark Russinovich has done an excellent job, as usual, distilling this information into a very readable form. I suggest you read his blog post titled Pushing the Limits of Windows: Virtual Memory on the technet site.

Exploiting human weakness with AntivirusPro 2009

Almost everyday our viewers ask us about Rogue anti-malware software. Out of all of the questions we receive, the most common is “When will these attacks stop?” The sad truth is that we cannot see an end to this problem in near sight. As long as the malicious individuals are able to trick or force users into downloading, installing, and eventually paying for their fake “Rogue” anti-malware products, they will continue to develop and push the envelope.

More information here...

751f86d2e478387fe0a507a1e6fd7b2d

MS08-067 Gimmiv Worm

Here is the Gimmiv worm that was created for the latest Microsoft patch. Kudos to Microsoft for patching the flaw out of band and not sitting on it.

d65df633dc2700d521ae4dff8c393bff

Please comment if you upload other samples and I will update this post.

Thanks to Dobby for these additional samples:

dc3fdfde66fffb6cfbec946a237787d8
f173007fbd8e2190af3be7837acd70a4
3ee354cc8b63b8849b28e6f376f2b263
6c3e53864541bb13fa7853f7b580b807
24cd978da62cff8370b83c26e134ff4c

Antivirus 2009 - 2 files added - 5 domains added (Low Detection) 1/36

Today I came across a new Antivirus 2009 binary with a 1 out of 36 detection ratio on VirusTotal. The session starts at antivirus-best.com and that page is reduced to a pop-up message, as usual. Then we are briefly taken to voodoorevenue.com where the affilliate information for the malware creators is sent and then redirected to the point of download, protection-overview.com.

more info here...
b0674e8e6c99de286a62b2fde5358110

Hack.lu talk on Rustock.C

On Thursday morning i will give talk on Rustock.C analysis at the Hack.lu in Luxembourg. After the conference is over, i will publish the slides on my site. I hope there will be some interesting speeches and good discussions on security and malware-analysis.

cu @ the conference!

cheers,
frank

Malware Challenge

|

Participants should download the malware sample and analyze it. The end result should be a document containing details on the analysis performed. The analysis document can be written in any form, but the questions and statements beow should be answered within it. Participants should note what questions are being answered.

All the rules here:
http://www.malwarechallenge.info/challenge.html

Prizes:
http://www.malwarechallenge.info/sponsors.html

A new member of the Offensive Computing team - Dante Allegro

| | | | | | | |

Hello everyone!

My name is Dante Allegro , and as the newest member of the team my job is to work with members of the commercial community who wish to purchase products and services from Offensive Computing.

If you or your company would like to utilize the Offensive Computing malware database in your commercial product, or if you have a specific job that you feel the Offensive Computing team can assist you with , please contact me and I will be quite happy to assist you.

As I am on the road quite a bit please contact me directly at dallegro ( at ) offensivecomputing.net.

The End of Storm?

Dark Reading has posted a scandalous article about the end of the Storm worm.

"It’s been nearly a month now since the Storm botnet sent its last spam run -- significantly long enough that botnet researchers now conclude this could be the end of most infamous botnet once and for all."

Malware rockstars Joe Stewart and Paul Royal have weighed in on this and seem to suggest this is the case. I'm sad to hear about this because I had a lot of fun reversing the storm worm. It was one of the great worms, but it's a good thing that it's no longer spreading.

e-card.exe threat (Braviax + XP AntiSpyware 2009)

A new wave of e-card malspam is going out. The e-mail arrives spoofed as 123greetings.com and installs XP Antivirus 2009 once on the computer.

906d95a9d5aa5db06ebb24f7168de0fe

Full details here...

iPhone Users Vulnerable to URL Spoofing Attack

As I was reading my RSS feeds, I just noticed that Aviv Raff disclosed two vulnerabilities found in iPhone on Jewish new year (Oct 2). But, to my surprise the phishing vulnerability isn’t new really ... Further Read