Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on October 08, 2008, 10:47:19 pm

Title: crazy malware author - 48 layers of obfuscation
Post by: SysAdMini on October 08, 2008, 10:47:19 pm
 :)

http://www.cs.ucsb.edu/~marco/blog/2008/10/obfuscated-backdoor-or-joke.html (http://www.cs.ucsb.edu/~marco/blog/2008/10/obfuscated-backdoor-or-joke.html)
Title: Re: crazy malware author - 48 layers of obfuscation
Post by: Tigger` on October 09, 2008, 12:01:37 am
They are always trying to make it harder to detect things.  :)
Title: Re: crazy malware author - 48 layers of obfuscation
Post by: Orac on October 09, 2008, 09:52:05 am
Thats just crazy, if your going to go that far at least use 48 layers of different obfuscation techinques, not the same one recycled. Yet another skiddie with way too much time on their hands !!
Title: Re: crazy malware author - 48 layers of obfuscation
Post by: MysteryFCM on October 09, 2008, 07:39:20 pm
LOL! ...... ya gotta love these skiddies
Title: Re: crazy malware author - 48 layers of obfuscation
Post by: julevine on October 09, 2008, 08:04:00 pm
if someone finds a sample Can you post a rar file with the code so i can study it

thanks
Title: Re: crazy malware author - 48 layers of obfuscation
Post by: SysAdMini on October 09, 2008, 09:39:32 pm
if someone finds a sample Can you post a rar file with the code so i can study it

thanks

I had contacted the author of the article (Marco Cova) and got a quick response.
Here is the sample. PW is "mdl".

Comment from Marco
Quote
I've attached the phishing kit that contains the sample. The code I was referring to on the blog is contained in the loginsubmit.php file. The file amen.php also looks similar.