Comments for inREVERSE http://www.inreverse.net Sat, 21 Aug 2010 05:33:22 +0000 hourly 1 http://wordpress.org/?v=3.0.1 Comment on Malware Analysis via Reflection by CurtW http://www.inreverse.net/?p=1153&cpage=1#comment-137 CurtW Sat, 21 Aug 2010 05:33:22 +0000 http://www.inreverse.net/?p=1153#comment-137 Hi, thanks for the post. Is the tool available? I have something I could use it for, a sample of the newest unruy. In the meanwhile, I'm going to look at JavaSnoop. I've learned that there are some Java options for calling the jar that will also do something of a run trace, but I need to fire up the goat first. @curtw Hi, thanks for the post. Is the tool available? I have something I could use it for, a sample of the newest unruy. In the meanwhile, I’m going to look at JavaSnoop. I’ve learned that there are some Java options for calling the jar that will also do something of a run trace, but I need to fire up the goat first.
@curtw

]]> Comment on About TmpHider/Stuxnet #1 by rur http://www.inreverse.net/?p=1246&cpage=1#comment-136 rur Tue, 17 Aug 2010 15:18:41 +0000 http://www.inreverse.net/?p=1246#comment-136 Thank you! Thank you!

]]> Comment on About TmpHider/Stuxnet #1 by cP http://www.inreverse.net/?p=1246&cpage=1#comment-131 cP Sat, 07 Aug 2010 11:26:23 +0000 http://www.inreverse.net/?p=1246#comment-131 You can download it from here: http://ivanlef0u.nibbles.fr/repo/windoz/[MS-SHLLINK].pdf :) You can download it from here:
http://ivanlef0u.nibbles.fr/repo/windoz/MS-SHLLINK.pdf

:)

]]> Comment on About TmpHider/Stuxnet #1 by swirl http://www.inreverse.net/?p=1246&cpage=1#comment-130 swirl Wed, 21 Jul 2010 13:27:44 +0000 http://www.inreverse.net/?p=1246#comment-130 we will upload it here shortly :) we will upload it here shortly :)

]]> Comment on About TmpHider/Stuxnet #1 by rur http://www.inreverse.net/?p=1246&cpage=1#comment-129 rur Wed, 21 Jul 2010 13:23:08 +0000 http://www.inreverse.net/?p=1246#comment-129 Hi! Thank you for interesting research! The bad thing is microsoft removed pdf with documentation ([MS-SHLLINK].PDF) from their site :( May be someone saved it and can upload it to sendspace or rapidshare? Thanks Hi!
Thank you for interesting research! The bad thing is microsoft removed pdf with documentation ([MS-SHLLINK].PDF) from their site :(
May be someone saved it and can upload it to sendspace or rapidshare?
Thanks

]]> Comment on About TmpHider/Stuxnet #1 by swirl http://www.inreverse.net/?p=1246&cpage=1#comment-127 swirl Sun, 18 Jul 2010 22:55:26 +0000 http://www.inreverse.net/?p=1246#comment-127 Hey gb, if I blur all the image there would be no point in publishing it right ? ;) and anyway now there are already POCs out there so no harm done Hey gb,

if I blur all the image there would be no point in publishing it right ? ;)
and anyway now there are already POCs out there so no harm done

]]> Comment on About TmpHider/Stuxnet #1 by swirl http://www.inreverse.net/?p=1246&cpage=1#comment-126 swirl Sun, 18 Jul 2010 22:47:45 +0000 http://www.inreverse.net/?p=1246#comment-126 Hi Fotis, I got it from a private feed but you can ask a copy from <a href="http://contagiodump.blogspot.com/2010/07/cve-2010-2568-lnk-vunerability-stuxnet.html" rel="nofollow">contagiodump</a> Hi Fotis,

I got it from a private feed but you can ask a copy from contagiodump

]]> Comment on About TmpHider/Stuxnet #1 by gb http://www.inreverse.net/?p=1246&cpage=1#comment-125 gb Sat, 17 Jul 2010 20:02:26 +0000 http://www.inreverse.net/?p=1246#comment-125 Hey, it's good that you're analyzing and posting info on it, I recommend you blur out the whole image and not just the ascii part. Hey, it’s good that you’re analyzing and posting info on it, I recommend you blur out the whole image and not just the ascii part.

]]> Comment on About TmpHider/Stuxnet #1 by Fotis http://www.inreverse.net/?p=1246&cpage=1#comment-124 Fotis Fri, 16 Jul 2010 18:50:56 +0000 http://www.inreverse.net/?p=1246#comment-124 Hey nice info posted there. I would be glad if you could give me some links for a sample of this worm. I am especially interested in analyzing those lnk files that trigger the exploit. Thanks Hey nice info posted there. I would be glad if you could give me some links for a sample of this worm. I am especially interested in analyzing those lnk files that trigger the exploit.

Thanks

]]> Comment on Malware Analysis via Reflection by Sarkie http://www.inreverse.net/?p=1153&cpage=1#comment-122 Sarkie Fri, 09 Jul 2010 10:01:34 +0000 http://www.inreverse.net/?p=1153#comment-122 I used to use DJ Java for decompiling any Java malware, used to be pretty good before it went payware. Surprised this was .net reflection! I suppose most people have out dated Java inside their browser. Anyway, nice article. @sarkie_dave I used to use DJ Java for decompiling any Java malware, used to be pretty good before it went payware.

Surprised this was .net reflection! I suppose most people have out dated Java inside their browser.

Anyway, nice article.

@sarkie_dave

]]>