Here is a 1 hour youtube video explaining step-by-step the process of finding and exploiting buffer overflow vulnerabilities, how to exploit them, and finally how to write a metasploit module for it. Click Here.

I came across a great video series on rootkits today. The course is from opensecuritytraining.info and the link to the course details including download of the course materials is here.

The videos are here:

A recent sample [edit] was found using fling.com during backchannel communications. After searching for similar samples, several samples have been found to be exhibiting this behavior. The spreadsheet of these samples can be found here and all hashes can be looked up on minotauranalysis.com for the full report details. Nearly 70 samples have matched and this activity has been observed since december of last year.

UPDATE: It appears that the malware is using http://promos.fling.com/geo/txt/city.php for GeoIP capabilities. A request to that URL will return the city name of the infected computer’s IP address, and allow the malware authors to tailor ads and popups appropriately.

We are aware that the anti-malware DNS comparison engine is offline. We are working on a new version, and if you have any DNS vendors you would like to add to our list, please email info@novcon.net. We hope to restore this service shortly.

Minotaur has added several new features of the last couple weeks. Most of these features have to do with backchannels. Backchannels are network communications that malware uses to “call home”. These communications can be anything from retrieving new commands and configurations to simple lookups of public information from public sources. Minotaur keeps track of all communications that take place during the execution of malware in the sandbox. It then correlates all of these communications with each other and produces a list of the top destinations of this traffic. Minotaur also produces a map of all communications that take place during the execution of the sample. Below is an example of such a map.

These capabilities are very much still a work in progress. We hope to soon provide much more information about each IP address and each communication. In the meantime we are building a database of all known back channels that Minotaur observes. The first fruits of this database can be seen in the link below.

BackChannels

…what’s 15,000 pictures worth?

Yup, minotaur now saves a video of each (relevant) sample processed via it’s cuckoo VMs.

What does it look like? WHy not check out a few samples with videos:

Fake AV
Hupigon

And for some old school mayhem:
Joke.Program

The system is automatically recording new samples as they come in as well as back-filling samples as it has time.

Languy99 has published a video comparison of malware detection capabilities or Kaspersky 2012 vs. Norton 2012 Beta

• Monthly update from Sophos: help get rid of IE6, avoid tsunami scams, check out Pwn2own, be surprised at RSA, and groan at Epsilon
  
  
• Team Cymru: Episode 98
  
  
• The Hacker News Network:
  
  
  
• Languy99′s Emsisoft Antimalware 5.1 Review:
  
• Languy99′s K7 Total Security Review:
  
• Matt Rizos on Using the Norton Bootable Removal Tool:
  
• XP/Vista/Win 7 Anti-Virus/Anti-Spyware/Home/Total/Internet Security 2011 Removal Guide by RogueAmp:
  
  
• Avast! Free Antivirus 6.0 Review and Malware Test by Cudgelwap1:
  
  
• Activation Ransom Trojan – by F-Secure
  
  

• Today is the record for Patch Tuesdays, with 17 bulletins and 64 vulnerabilities
  • NeoWin
  • ZDNet