[infosecinstitute] Theoretical Methodology for Detecting ICMP Reflected Attacks: SMURF Attacks

There are plenty of different ways to track the original source of a DoS attack, but those techniques are not efficient enough to track a reflected ICMP attack. When I say “reflected ICMP attack,” that means a SMURF attack. Here I am going to show you a new model to trackback the reflective DOS attack caused by ICMP packets. This is a very efficient method, because you can do this with the help of a really few attack packets. We have seen that, to detect ICMP attacks in direct attack, we need a large amount of packets to be revised, which is not true in this case.

[securelist] Analysis of, Malware from the MtGox leak archive

A few days ago the personal blog and Reddit account of MTgox CEO, Mark Karpeles, were hacked. Attackers used them to post a file, MtGox2014Leak.zip, which they claim contains valuable database dumps and specialized software for remote access to MtGox data. But this application is actually malware created to search and steal Bitcoin wallet files from their victims. It seems that the whole leak was invented to infect computers with Bitcoin-stealer malware that takes advantage of people keen interest in the MtGox topic.

[securityaffairs] WhatsApp flaw allows hackers to steal private Chats on Android devices

A security consultant disclosed a security flaw in WhatsAppwhich can be exploited to gain access to the private chats of Android device owners.   

[securityaffairs] TURBINE, how NSA has plundered botnets to the cybercrime

TURBINE is the codename for a sophisticated hacking platform to take control of C&C servers managed by cybercrime.

[securityaffairs] Is the Agent.btz malware the link between Snake and Red October?

The agent.btz malware may have served as starting point for malware Turla and the malicious code used in the Red October campaign.

[securityintelligence] DIY: Android Malware Analysis – Taking Apart OBAD (Part 2)

Let’s give OBAD a run

Last time we discussed about various tools for analysis, setting up the app to be debugged in jdb, identifying anti-emulator code, hacking and compiling AOSP code and then running the emulator with our modified system image to bypass antivm check. So now that you can bypass the anti vm checks, if you run OBAD in the emulator you would see it asking for enabling it as a DeviceAdmin

[securityintelligence] DIY: Android Malware Analysis – Taking Apart OBAD (Part 1)

I plan on writing regular posts in the DIY series with the goal of not only understanding malware, vulnerabilities and exploits but also to share with our readers some techniques and tools they can use themselves to “know the enemy”. I am also looking forward to hearing about your experiences in analyzing similar threats with similar or more efficient tools & techniques.