2018/05/15

News & Related

Portal updated to v3.0

New web site


We are pleased to present you the version 3 of our official website.


Changelog


  • Backend migration from PHP to Python.
  • Software (and new versions) distribution improved.
  • Overall website simplified (user experience and administration).
  • Web server migration from Apache to Nginx.

Coming articles


  • New version of the article “Shortcuts as entry points for Malware part 3”
  • .BAT (Windows Batch) files as Malware host (Dropper)
  • Clean install of Windows 10 — Improve the overall privacy and security.


Coming updates


  • Winja 4.2
  • Windows Privacy Tweaker 4.0
  • Who Stalks My Cam 4.0
  • Unnamed Malware Scanner (Merge RunPE detector, ADS Revealer, Shortcut Scanner and new techniques) 


Notice: Who Stalks My Cam is temporary removed from our Software collection until new version is ready. 

Feel free to share your feelings and follow us on our social networks to stay tuned about our progress.


read more...


2017/04/27

Malware

Shortcuts as entry points for malware part 2

It was only yesterday that we reported about a way of infecting Microsoft Windows users by using a simple shortcut trick with the BITSAdmin Tool to download and execute a remote application.


If you haven’t already read the article, please click here.


The main issue with the first example is that your firewall could potentially block the download attempt since it requires a remote http/https connection to download the file before its execution.


We found another sneaky way of exploiting the Windows shortcut with a new 0day by embedding any files (such as application files) directly inside the shortcut itself.


Yes! the application is inside the windows shortcut


This makes the malicious application fully undetectable by any antivirus software before it will be dropped and executed.


Note: An an example, in the PoC mentioned below, we decided to use this vulnerability as a file dropper, but we could ...
read more...


2017/04/26

Malware

Shortcuts as entry point of Malware Part 1

We came across a way of installing malware threats in a Microsoft Windows Operating System using the well-known Shortcut System that nearly everybody uses and blindly trusts.

Because of it's very nature, it is quite hard to detect. Removal might even be more difficult.


Preface

A shortcut isn’t a binary executable file. At least not directly, as it mostly points to another location folder or file. However, it can also execute Windows shell commands (which is potentially a very dangerous feature, but often used for programming tasks such as system shutdown/logoff/restart directly via a regular shortcut).

Since a shortcut isn’t a binary executable, an antivirus program will not detect such a shortcut as a possible malicious shortcut.

Shortcuts can be shared through archive files without losing its properties.

Finally you can easily change the icon and disguise the malicious shortcut with a folder icon or ...

read more...