recentpopularlog in

kme : malware   66

Watching a Malware Author Work - Schneier on Security
Per Adobe's PDF Reference:

File identifiers are defined by the optional ID entry in a PDF file’s trailer dic-
tionary (see Section 3.4.4, “File Trailer”; see also implementation note 162 in
Appendix H). The value of this entry is an array of two byte strings. The first byte
string is a permanent identifier based on the contents of the file at the time it was
originally created and does not change when the file is incrementally updated.
The second byte string is a changing identifier based on the file’s contents at the
time it was last updated. When a file is first written, both identifiers are set to the
same value. If both identifiers match when a file reference is resolved, it is very
likely that the correct file has been found. If only the first identifier matches, a
different version of the correct file has been found.
To help ensure the uniqueness of file identifiers, it is recommend that they be
computed by means of a message digest algorithm such as MD5 (described in In-
ternet RFC 1321, The MD5 Message-Digest Algorithm; see the Bibliography), us-
ing the following information (see implementation note 163 in Appendix H):
• The current time
• A string representation of the file’s location, usually a pathname
• The size of the file in bytes
• The values of all entries in the file’s document information dictionary (see
Section 10.2.1, “Document Information Dictionary”)
pdf  security  malware  incrementalupdates 
november 2019 by kme
Shoulder Surfing a Malicious PDF Author | Didier Stevens
What's "incremental updates"? Like Track Changes for PDFs? How is that a good thing?
pdf  malware  exploit 
november 2019 by kme
Update: pdf-parser.py Version 0.7.0 | Didier Stevens
<code class="language-bash">
./pdf-parser.py -n document.pdf
./pdf-parser.py -s objstm document.pdf

# decode stream objects ('-f' = filter)
./pdf-parser.py -s objstm -f document.pdf

# force 'pdfid.py' to parse the output of above (even though it's
# missing a proper PDF header)
./pdf-parser.py -s objstm -f document.pdf | ./pdfid.py -n -f

# which is (I think?) is roughly the same as
./pdf-parser.py -a -O document.pdf
</code>
pdf  parser  reversing  reverseengineering  forensic  malware  analysis  commandline  python  video  streamobject  solution 
november 2019 by kme
PuTTY semi-bug false-positive-malware
Our build setup does not involve Windows! As of 0.70, PuTTY's build process for Windows executables and installers goes from source code to digitally signed build produts entirely on Linux, without involving Windows or even WINE at any point. (We use clang-cl as a compiler, and run the WiX installer-constructor using Mono plus some home-grown glue code). So malware that runs on Windows would have a very difficult time attacking our build machine.
malware  putty  security  build 
september 2019 by kme
New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer - Palo Alto Networks BlogPalo Alto Networks Blog
Since Apple has revoked the abused certificate and has updated XProtect signatures, if a user tries to open a known infected version of Transmission, a warning dialog will be shown that states “Transmission.app will damage your computer. You should move it to the Trash.” Or “Transmission can’t be opened. You should eject the disk image.” In any case if you see these warnings, we suggest to follow Apple’s instruction to avoid being affected.
mac  osx  security  ransomware  malware  crypto  bittorrent 
april 2016 by kme
Quick Locale Switcher :: Add-ons for Firefox
Used to be a very good and almost essential add-on... However, it seems that the developers turned it into an adware / spyware during March, 2013. Developer's site (ppclick) seems to be a scam or ad-site as well – when it is working. The site has always been an advertiser one according to the archives. It is recommended to stay away from this add-on and the developer's website as well. Beware and do not install, but rather tweak and update some (clean) old version of the add-on for yourself.
malware  language  firefox  addon  extension  locale 
april 2016 by kme
CryptoLocker - Wikipedia, the free encyclopedia
In September 2014 further clones such as CryptoWall and TorrentLocker (whose payload identifies itself as "CryptoLocker", but is named for its use of a registry key named "Bit Torrent Application"),[29] began spreading in Australia; the ransomware uses infected e-mails, purportedly sent by government departments (e.g. Australia Post to indicate a failed parcel delivery) as a payload. To evade detection by automatic e-mail scanners that can follow links, this variant was designed to require users to visit a web page and enter a CAPTCHA code before the payload is actually downloaded. Symantec determined that these new variants, which it identified as "CryptoLocker.F", were not tied to the original.
malware  ransomware  security 
january 2015 by kme
How My Mom Got Hacked - NYTimes.com
In a panic, she wrote to Mike Hoats asking for advice. What he told her sounded crazy to me. Use the CryptoWall message interface to tell the criminals exactly what happened. Be honest, in other words.

So she did. She explained that the virus had struck the same week that a major snowstorm hit Massachusetts and the Thanksgiving holiday shut down the banks. She told them about the unexpected Bitcoin shortfall and about dispatching her daughter to the Coin Cafe A.T.M. at the 11th hour. She swore she had really, really tried not to miss their deadline. And then a weird thing happened: Her decryption key arrived.

When I shared the news with Mr. Hoats, he was jubilant. “That is great news, truly!” he wrote. “Whoever these yahoos are, they have some little shred of humanity.”

But Mr. Wisniewski had a more pragmatic take. “From what we can tell, they almost always honor what they say because they want word to get around that they’re trustworthy criminals who’ll give you your files back.”

Welcome to the new ransomware economy, where hackers have a reputation to consider.
ransomware  cryptocurrency  malware 
january 2015 by kme
Google Product Forums
On the details tab of the extension page there is a link "Report Abuse" which you should use.
chrome  extension  malware  reporting  solution 
march 2014 by kme
About the security content of Java for OS X 2013-001 and Mac OS X v10.6 Update 13
Description: This update runs a malware removal tool that will remove the most common variants of malware. If malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found. This update is available for systems that installed Java 6.
umad  malware  java  security  mac  osx 
february 2013 by kme

Copy this bookmark:





to read