R3v3rs3e's Blog

Home

Archives
Categories
Blogroll
Links
- PC Tools
Subscribe
- Entries (RSS)
- Comments (RSS)

May 2012

M T W T F S S

« Mar

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30 31
Tags

Antivirus Plus downloader exploit Facebook fake fakealert fake alert fake app fake av fake codec fake video codec IE internet explorer koobface KROTEG Malformed malicious malware Malware Research Centre MS08-078 Net-Worm.Koobface obfuscated script PC Tools porn rogue RogueAntiSpyware.System Security RogueAntiSpyware.Winifighter rogue app rogue av rogue domain Safety Center scareware SDAV security SEO shellcode social engineering Spyware Doctor Spyware Doctor with AntiVirus Spyware Doctor with AntiVirus 2010 System Security trojan vulnerability Winifighter XML

Posts Tagged ‘shellcode’

Malicious domain uses old IE Vulnerability to download and install malware

Posted by Steve Espino on July 28, 2009

Visting the malicious url:

hxxp://zusojbktvo.cn/md/t.html

gives us a blank page at plain sight.

However, upon careful inspection we are presented with the following:

code

Which translates to the following shellcode:

shellcode

Analyzing the shellcode basically leads us to the malware downloading

hxxp://pxciiruurw.cn/new/load.exe

which is saved and executed as:

c:\ 0xf9.exe

Microsoft already released a patch to resolve this vulnerability MS08-078

Posted in Vulnerabilities | Tagged: exploit, IE, internet explorer, Malformed, malicious, malware, MS08-078, shellcode, vulnerability, XML | Leave a Comment »

Follow

Follow “R3v3rs3e's Blog”

Powered by WordPress.com