Security Hero » Packed http://sechero.com If it's about security, you heard it here first Mon, 12 Jul 2010 23:27:38 +0000 en hourly 1 Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs http://sechero.com/generic-unpacking-of-self-modifying-aggressive-packed-binary-programs-3/ http://sechero.com/generic-unpacking-of-self-modifying-aggressive-packed-binary-programs-3/#comments Mon, 25 May 2009 21:44:51 +0000 invalid string

Bugtraq: PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs

PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs

URL: http://www.securityfocus.com/archive/1/503800

]]> http://sechero.com/generic-unpacking-of-self-modifying-aggressive-packed-binary-programs-3/feed/ 0 Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs http://sechero.com/generic-unpacking-of-self-modifying-aggressive-packed-binary-programs-2/ http://sechero.com/generic-unpacking-of-self-modifying-aggressive-packed-binary-programs-2/#comments Mon, 25 May 2009 20:30:01 +0000 invalid string

PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs

<!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 21:27:50 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8gly-0007Hw-9E for email@address; Mon, 25 May 2009 21:27:50 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id DBED2236FD1; Mon, 25 May 2009 14:24:55 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 1040 invoked from network); 25 May 2009 16:18:46 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to:cc:subject :date:mime-version:content-type:content-transfer-encoding:x-priority :x -msmail-priority:x-mailer:x-mimeole; bh=U5avKvFgz5HgwmGOPr5cworxmwPKe2LmHj3+hLQtZZI=; b=j6LfEK5NoNoXHMy+lgszx0ngySphcfbTM0sWBCx+krjSnStEA10fCcsipy65BX61gC KzcCKNRGElmrwTVrluhXnm/ZBLdrePV56tHHcfELZIYlc7BqXnjhAtmEsNh4PT4LvIDV 46ZQUqqx5fS2HQ04NVJN5fgNimKt2DriYIWeM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:cc:subject:date:mime-version:content-type :content-transfer-encoding:x-priority:x-msmail-priority:x-mailer :x -mimeole; b=PwoQeDWinTeE/nVvAmm+Znj0NlYQQVHEIxYUMxWV97U2GOsTeluyCgwlDGjw79ZlhU M3slnaKtX4rSLlZgQqBwkyoLe8JAZi6TIUUfdeplxfY/a3UW5k5bOfRGjbBP0KEqd0Lt RWxRH8Jcvzdf6Aybe4UpFRAKlQoM4POXTPz2w= Message-ID: <C27C7C74DC944F639243FA91F5792010@DIED> Cc: "SBUGTRAQ" <bugtraq@securityfocus.com> MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 X-IMAPbase: 1176125385 9184 Status: O X-UID: 9184 Content-Length: 1297 X-Keywords:

]]> http://sechero.com/generic-unpacking-of-self-modifying-aggressive-packed-binary-programs-2/feed/ 0 Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs http://sechero.com/generic-unpacking-of-self-modifying-aggressive-packed-binary-programs/ http://sechero.com/generic-unpacking-of-self-modifying-aggressive-packed-binary-programs/#comments Mon, 25 May 2009 16:18:32 +0000 invalid string

PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs

Posted by Piotr Bania on May 25

ABSTRACT

Nowadays most of the malware applications are either packed or protected.
This techniques are applied especially to evade signature based detectors
and also to complicate the job of reverse engineers or security analysts.
The time one must spend on unpacking or decrypting malware…

URL: http://seclists.org/fulldisclosure/2009/May/0204.html

]]> http://sechero.com/generic-unpacking-of-self-modifying-aggressive-packed-binary-programs/feed/ 0 The Sims 3 Leaked Two Weeks Before Its Launch http://sechero.com/the-sims-3-leaked-two-weeks-before-its-launch/ http://sechero.com/the-sims-3-leaked-two-weeks-before-its-launch/#comments Tue, 19 May 2009 01:21:52 +0000 invalid string http://sechero.com/the-sims-3-leaked-two-weeks-before-its-launch/

The Sims 3 Leaked Two Weeks Before Its Launch

It can¡¦t get any better than this for gamers: The Sims 3 video game has been leaked on torrents two weeks before its official release. This is just unbelievable, as a few weeks ago, the an unfinished version of the Wolverine movie was leaked on torrents about 30 days before its premiere. According to Electronic Arts and Maxis, the game will officially be released on Junde 2, and for the moment none of them reacted on The Sims 3 leak on torrents.

We can say that hackers and pirates have won another battle against publishers and distributors, and this will have to hurt EA a lot. For the moment we can¡¦t tell for sure if the game is real as the packed/unpacked leaks are sized somewhere near 5GB. The small size of the game makes us think that this is not the actual game, but maybe it¡¦s an unfinished version of The Sims 3 life simulation game.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31350

]]> http://sechero.com/the-sims-3-leaked-two-weeks-before-its-launch/feed/ 0 Microsoft Security Bulletin for May 2009 http://sechero.com/microsoft-security-bulletin-for-may-2009/ http://sechero.com/microsoft-security-bulletin-for-may-2009/#comments Tue, 12 May 2009 08:00:00 +0000 invalid string

Microsoft Security Bulletin for May 2009

The table below lists the Microsoft vulnerabilities for May.
MS Bulletin Number Microsoft Bulletin Title Severity Impact of Vulnerability Affected Software CVE ID
MS09-017 Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) Critical Remote Code Execution Microsoft Office 2009-0220 2009-0221 2009-0222 2009-0223 2009-0224 2009-0225 2009-0226 2009-0227 2009-0556 2009-1128 2009-1129 2009-1130 2009-1131 2009-1137

Threat Remediation

Fortinet provides coverage on Microsoft vulnerabilities in May 2009.

CVE Number Signature Name
CVE-2009-0220 MS.PowerPoint.PP4X322.DLL.Code.Execution
CVE-2009-0221 MS.PowerPoint.Atom.Integer.Overflow
CVE-2009-0222 MS.PowerPoint.PP4X322.DLL.PackedData.Buffer.Overflow
CVE-2009-0223 MS.Powerpoint.Converter.Code.Execution
CVE-2009-0224 MS.Powerpoint.Objects.Size.Heap.Overflow
CVE-2009-0225 MS.Powerpoint.Old.File.Format.Parsing.Code.Execution
CVE-2009-0226 MS.PowerPoint.File.Format.Converter.Code.Execution
CVE-2009-0227 MS.PowerPoint.File.Stack.Buffer.Overrun
CVE-2009-0556 MS.PowerPoint.OutlineTextRefAtom.Memory.Corruption
CVE-2009-1128 MS.PowerPoint.PSTSoundEntity.Code.Execution
CVE-2009-1129 MS.PowerPoint.PSTExEmbed.Code.Execution
CVE-2009-1130 MS.PowerPoint.HashCode10.Code.Execution
CVE-2009-1131 MS.PowerPoint.CurrentUserAtom.Remote.Code.Execution

For more information on new and enhanced signatures, visit the IPS Service Update History. If you require more information, contact the FortiGuard Team using our Contact Us web page.

Document History

Revision Date Version Number
Tuesday, May 12, 2009 1 Initial Documentation.

Reference:

URL: http://www.fortiguardcenter.com/advisory/FGA-2009-18.html

]]> http://sechero.com/microsoft-security-bulletin-for-may-2009/feed/ 0 4005 http://sechero.com/4005/ http://sechero.com/4005/#comments Mon, 13 Apr 2009 16:59:49 +0000 invalid string

4005

JS/TrojanDownloader.Iframe.NDX, Win32/Adware.Antivirus2008, Win32/Adware.Coolezweb, Win32/Adware.NewWeb (2), Win32/Adware.SystemSecurity, Win32/Agent.WPI, Win32/Autoit.CL, Win32/AutoRun.IRCBot.V, Win32/Packed.Crpak.Gen, Win32/PSW.OnLineGames.NMP (2), Win32/PSW.OnLineGames.NMY (4), Win32/TrojanClicker.VB.NFM, Win32/TrojanDownloader.VB.NXG (2), Win32/Waledac.IT (5), Win32/Waledac.IU

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=5938&Itemid=26

]]> http://sechero.com/4005/feed/ 0 6661 (bitdefender_antivirus) http://sechero.com/6661-bitdefender_antivirus/ http://sechero.com/6661-bitdefender_antivirus/#comments Tue, 07 Apr 2009 00:00:00 +0000 invalid string http://sechero.com/6661-bitdefender_antivirus/

CVE-2008-6661 (bitdefender_antivirus)

Multiple integer overflows in the scanning engine in Bitdefender for Linux 7.60825 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed (1) NeoLite and (2) ASProtect packed PE file.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6661

]]> http://sechero.com/6661-bitdefender_antivirus/feed/ 0 WMF!sd6, Packed.Generic.181.. http://sechero.com/wmfsd6-packedgeneric181/ http://sechero.com/wmfsd6-packedgeneric181/#comments Tue, 24 Mar 2009 18:54:27 +0000 invalid string http://sechero.com/wmfsd6-packedgeneric181/

Mal/Behav-009, Trojan.Win32.StartPage, Exploit.IMG-WMF!sd6, Packed.Generic.181..

URL: http://www.threatexpert.com/report.aspx?md5=d7638903e602c080eed9130a5c7d3d5f

]]> http://sechero.com/wmfsd6-packedgeneric181/feed/ 0 Packed.Generic.202, Vundo.gen.w, Troj/Virtum-Gen, Trojan:Win32/Vundo.gen!BB.. http://sechero.com/packedgeneric202-vundogenw-trojvirtum-gen-trojanwin32vundogenbb-9/ http://sechero.com/packedgeneric202-vundogenw-trojvirtum-gen-trojanwin32vundogenbb-9/#comments Tue, 24 Mar 2009 16:35:14 +0000 invalid string http://sechero.com/packedgeneric202-vundogenw-trojvirtum-gen-trojanwin32vundogenbb-9/

Packed.Generic.202, Vundo.gen.w, Troj/Virtum-Gen, Trojan:Win32/Vundo.gen!BB..

URL: http://www.threatexpert.com/report.aspx?md5=4be7fb3ea1584dc7ee732a04e2ac127f

]]> http://sechero.com/packedgeneric202-vundogenw-trojvirtum-gen-trojanwin32vundogenbb-9/feed/ 0 Trojan-Dropper.Vb, Backdoor.ProRAT.K, Trojan.TDss, Packed.Generic.202.. http://sechero.com/trojan-droppervb-backdoorproratk-trojantdss-packedgeneric202/ http://sechero.com/trojan-droppervb-backdoorproratk-trojantdss-packedgeneric202/#comments Tue, 24 Mar 2009 16:10:46 +0000 invalid string http://sechero.com/trojan-droppervb-backdoorproratk-trojantdss-packedgeneric202/

Trojan-Dropper.Vb, Backdoor.ProRAT.K, Trojan.TDss, Packed.Generic.202..

URL: http://www.threatexpert.com/report.aspx?md5=7fa61f8b1ed99c1699c431790b990d36

]]> http://sechero.com/trojan-droppervb-backdoorproratk-trojantdss-packedgeneric202/feed/ 0 Infostealer, Packed.Win32.Krap.c, Mal/EncPk-FH, Backdoor:Win32/Bifrose.AE.. http://sechero.com/infostealer-packedwin32krapc-malencpk-fh-backdoorwin32bifroseae/ http://sechero.com/infostealer-packedwin32krapc-malencpk-fh-backdoorwin32bifroseae/#comments Tue, 24 Mar 2009 14:42:06 +0000 invalid string http://sechero.com/infostealer-packedwin32krapc-malencpk-fh-backdoorwin32bifroseae/

Infostealer, Packed.Win32.Krap.c, Mal/EncPk-FH, Backdoor:Win32/Bifrose.AE..

URL: http://www.threatexpert.com/report.aspx?md5=a4fb655c5f9bf7ab68261c584637d5c7

]]> http://sechero.com/infostealer-packedwin32krapc-malencpk-fh-backdoorwin32bifroseae/feed/ 0 Mal/TibsPk-A, Trojan.Spammer, Packed.Generic.209, Trojan.Win32.Inject.qwd, New.. http://sechero.com/maltibspk-a-trojanspammer-packedgeneric209-trojanwin32injectqwd-new/ http://sechero.com/maltibspk-a-trojanspammer-packedgeneric209-trojanwin32injectqwd-new/#comments Tue, 24 Mar 2009 07:17:28 +0000 invalid string http://sechero.com/maltibspk-a-trojanspammer-packedgeneric209-trojanwin32injectqwd-new/

Mal/TibsPk-A, Trojan.Spammer, Packed.Generic.209, Trojan.Win32.Inject.qwd, New..

URL: http://www.threatexpert.com/report.aspx?md5=a156bccc0b8bd1ca1ce3810a4e79f82b

]]> http://sechero.com/maltibspk-a-trojanspammer-packedgeneric209-trojanwin32injectqwd-new/feed/ 0 W32.Harakit, Packed.Win32.Klone.bj, Worm:AutoIt/Renocide.gen!A http://sechero.com/w32harakit-packedwin32klonebj-wormautoitrenocidegena/ http://sechero.com/w32harakit-packedwin32klonebj-wormautoitrenocidegena/#comments Tue, 24 Mar 2009 06:54:20 +0000 invalid string http://sechero.com/w32harakit-packedwin32klonebj-wormautoitrenocidegena/

W32.Harakit, Packed.Win32.Klone.bj, Worm:AutoIt/Renocide.gen!A

URL: http://www.threatexpert.com/report.aspx?md5=e025b36629d5ce396fffe658b9a8ba38

]]> http://sechero.com/w32harakit-packedwin32klonebj-wormautoitrenocidegena/feed/ 0 Packed.Win32.Krap.i, Spam-Mailbot.h.gen.a, Spammer:Win32/Tedroo.A.. http://sechero.com/packedwin32krapi-spam-mailbothgena-spammerwin32tedrooa/ http://sechero.com/packedwin32krapi-spam-mailbothgena-spammerwin32tedrooa/#comments Tue, 24 Mar 2009 03:47:08 +0000 invalid string http://sechero.com/packedwin32krapi-spam-mailbothgena-spammerwin32tedrooa/

Packed.Win32.Krap.i, Spam-Mailbot.h.gen.a, Spammer:Win32/Tedroo.A..

URL: http://www.threatexpert.com/report.aspx?md5=e03ec08c6068edc43d4e0aac119250ac

]]> http://sechero.com/packedwin32krapi-spam-mailbothgena-spammerwin32tedrooa/feed/ 0 Packed.Generic.209, Trojan-Downloader.Win32.Agent.bmrg, Generic.dx.. http://sechero.com/packedgeneric209-trojan-downloaderwin32agentbmrg-genericdx/ http://sechero.com/packedgeneric209-trojan-downloaderwin32agentbmrg-genericdx/#comments Tue, 24 Mar 2009 02:03:44 +0000 invalid string http://sechero.com/packedgeneric209-trojan-downloaderwin32agentbmrg-genericdx/

Packed.Generic.209, Trojan-Downloader.Win32.Agent.bmrg, Generic.dx..

URL: http://www.threatexpert.com/report.aspx?md5=e28b7cfec3df1c7ce3e0977ef6588db0

]]> http://sechero.com/packedgeneric209-trojan-downloaderwin32agentbmrg-genericdx/feed/ 0