Sunday, February 18, 2007

ComboFix Warning

If you use the handy anti-malware tool ComboFix:
if a computer is infected with a new form of malware
(which apparently uses rootkit technology) and ComboFix
is run on it, critical system files can be deleted.

The author has ceased distribution of the program until
the problem is fixed. I can't find any information on the
malware, but i'll post when it is available.

Link to discussion.

Friday, February 16, 2007

Unreal.B to be Released Next Week

**Release has been delayed for a few weeks due to
some bugs that need to be worked out.

Yet another advance of rootkit technology (and soon
for detection) from the Russian team behind the
program RKU: next week they will release a new version
of their ARK (anti-rootkit) test program, dubbed 'Unreal'.
Version 2 will most likely bypass all known ARKs, including
the latest version of their own top-notch software. It won't
be long, I suspect, until RKU is updated to detect and
remove Unreal.B

More info on Unreal.B (scroll down for an English translation)
See my previous post about version 1, Unreal.A
See my last post(below) for more info on RKU.

Saturday, February 10, 2007

Leaving Babylon

Makers of the tiny, powerful RootkitUNhooker have released
a new version. Earlier, I posted about the Unreal rootkit test file,
which bypassed nearly every known anti-rootkitter; version
3.20 of RKU detects Unreal.A

*Here's a list of some of the rootkits that RKU detects and removes.
*Latest version: [updated February 18th, 2007]
*Info about the next version:
version 3.30 will include:

added: DKOH detection (not unhookable) for common kernel objects
added: ability to dump kernel memory region
added: AntiRkU and based tools bypassing, xdf updated to v0.7
fixed: few bugs in driver, related to self-protection part

And some other features not listed here, because they are not ready yet.
Release date: as soon as it will be ready tongue

-Thank you, independent coders, for advancing security software
farther than any AV company ever could.

Another interesting note: while reading the RKU forum, I happened
upon a post by someone requesting source code for the program.
One of the authors of RKU responded:

"If we give sources for public, they also will be used for malware

Wednesday, February 7, 2007

Decryption Challenge part 3

Here's a tougher one. Figure out what book I am
referring to using some or all of the following clues:
(tildes separate the parts of code)

Hints: many ascii de/encryption sites exist.
Double encryption anyone?

ecisionsday reaay otnotnotnay ertaincay
6d 69 74 20 70 72 65 73 73
b3h4v10r4l, c45h

Saturday, February 3, 2007

Decryption Challenge part 2

Here's an easier one: a 3 part code separated by
tildes. To properly decrypt, you must figure out
what each section means and answer the question


01100001 01101101
01111010 01101110
00101110 01100011
01101111 01101101
00100000 01110010
01100101 01110110
00101110 00100000
00100011 00110010

Decryption Challange part 1

I have encrypted a text file with some quotations in it.
I used Bcrypt, with an eight character password (the
minimum password length)

First person to decrypt the file gets title of leet cryptanalyst.

Download link [via Rapidshare]