23.08.2011, 06:35
morphiusz ta wersja którą miał twój kolega to ta sama która radzi sobie z automatyczną piaskownicą CISa? (przynajmniej na partially limited) - temat w dziale beta dostępny tylko dla zarejestrowanych
[Aby zobaczyć linki, zarejestruj się tutaj]
egemen napisał(a):languy99 napisał(a):you guys can download the analysis here, this should lead to some clues as to how the infections happens.
[Aby zobaczyć linki, zarejestruj się tutaj]
Thanks for the analysis Languy. So it exploits JAVA and drops malware. Then the malware is executed. After the execution, it seems to be copying an executable to adobe plugins folder and
We will need to further anlayze whats going on. It seems it is trying to drop some files to adobe plugins folder and create shell keys. All of these would be blocked by CIS normally.
However there may be something iit is using that we must understand. Once we know what it is doing, i will let you know.
Be assured that if there are any problems in HIPS to lets such an infection, it will be fixed immediately to prevent this threat.