Monthly Archives: November 2011

Custom Base64 Decoder

There’s another new exploit pack making its round. Seems to be quite pervasive as I’m seeing its redirect code on many compromised sites. Here’s the redirection script: And this is the main script of the exploit pack that awaits your … Continue reading

Posted in Exploit Packs, Malscript, Tools | Tagged , , | 3 Comments

PDF Analysis using PDFStreamDumper

PDFStreamDumper is a PDF analyzer developed by Sandsprite’s David Zimmer. He has added quite a bit of useful functions to make this an all-in-one, go-to tool as you’ll soon see. Here’s a spear-phish email that contains a malicious PDF file … Continue reading

Posted in Malicious Email, Tools | Tagged , , | 2 Comments

CVE-2011-2140 Caught in the Wild

A Chinese website contains malvertisement that leads to a few exploits including the latest Flash exploit (CVE-2011-2140). Special thanks to Jason for the find and share! Here’s the website that kicks things off: This is the infection chain: It’s quite … Continue reading

Posted in 0-Day, Exploit Packs, Malscript | Tagged , , , , | 2 Comments

Interesting BOA Phish

Phishing appears to be on the decline but some phishers aren’t stopping and have apparently changed some of their tactics. Instead of including a link in the email body, an HTML attachment is sent. The user is then enticed to … Continue reading

Posted in Malicious Email, Malscript | Tagged | Leave a comment

APEC SpearPhish

I was asked (and given permission) to publish this….. OVERVIEW A suspicious email was received on 10/26/2011 and targeted a single, key individual in the organization.  The sender appeared to be from a Hawaii-based real estate company. The email was … Continue reading

Posted in Malicious Email | Tagged , , | 2 Comments