Device Driver Development for Beginners

Redirection:

http://evilcodecave.blogspot.com/2009/09/device-driver-development-for-beginners.html

Regards,

Giuseppe ‘Evilcry’ Bonfa’

[MALWARE] Bank Of America Virus!!

Warning: This post contains Malware, pay attention!!!!

The site hxxp://bankofamerica.ulmb.com/do.php?cmd=SignIn (spreaded with Spam Mail) contains a Malware, not explicitly linked.
I’ve used Malzilla to inspect URL content, a suspicious message appears:

Browser Update Required!

This web site uses functions which is not compatible with your current browser version To update your browser please install the requiredupdate to view this page.

Very strange, that no checks about the compatibility are performed before this message, so let’s inspect further..

<script type=”text/javascript”>

var myf_1 = 60;
…
var myf_10 = “1”;
var myf_11 = “82SSN573-38NN-482N-99NQ-91S697O91631”;
var myf_12 = “uggc://jjj.svyr2lbh.arg/nccyrg.pno”;

These two strings seems to be Obfuscated Links , let’s see the rest of the Evil Code, have a function dc(str), that decodes with an easy algorithm (ROT-13 Encryption) an encrypted string, next we have a function install_ff_result() and function install_ff_ext() that installates FireFox Extension.

Now the extension file is taken from a supect source, file2you, a bit poor for Banks of America, you don’t think? 🙂

So let’s see what are the obfuscated links:

hxxp://www.file2you.net/{censored against lamah}.cab

and

hxxp://www.file2you.net/{censored or lamah}.xpi

Both these links contains the same Malware.

In the next post, i’ll report what this Malware FF Extension does..

See you to the next post 🙂

News & Links

In these days I’ve searched informations about USB C# Classes and Libraries, because Low Level I/O informations, into .NET is a bit difficult to find, here there are some links that could interest you 😉

SharpUSBLib

USBWirelessSecurity

DeviceIOControl & USB Using Managed C++ and C#

USB HID

See you to the next post 🙂