Trojan.Win32.Xocry.ff malware suffers from an insecure permissions vulnerability.
932a00f5f7015f7fbe93a8d4673539e6
Newfuture Trojan V.1.0 BETA 1 malware suffers from an insecure permissions vulnerability.
e267f7d69761b3693f04b9c14690bfa6
TROJAN.WIN32.JORIK.DMSPAMMER.SZ malware suffers from a remote memory corruption vulnerability.
55fd186c4f2c6e538578030ac38957e3
Trojan:Win32/Alyak.B malware suffers from a remote stack corruption vulnerability.
06f8543da6c6582b57fde48c8e24b0a6
Trojan.Win32.Bayrob.cgau malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.
846139c1b2a63ba6cc03a4216d4531c4
Trojan.Win32.Barjac malware suffers from a remote stack buffer overflow vulnerability.
de7ba11ed626c2d3eb52927ed32f9e6b
Trojan.Win32.Antavka.bz malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.
e6caa6b4d13212a574220913e5388693
This whitepaper is an analysis of the breach into the Kudankulam Nuclear Power Plant through the lens of Cyber Kill Chain, the study of remote access trojans, and the targeting of critical infrastructure.
c9ed98dbcbf5c0a3dfbec128ccf74d1b
Scanguard versions through 2019-11-12 on Windows has insecure permissions for the installation directory, leading to privilege escalation via a trojan horse executable file.
395b36711cd21e23af1e2c01cdd5e128
D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices will load a trojan horse "quserex.dll" and will create a new thread running with SYSTEM integrity.
7d5b487d0bc7a54d4746370b3f054425
The Microsoft DirectX SDK "Xact3.exe" cross-platform tool allows for arbitrary code execution via a trojan horse file "xbdm.dll" in the current working directory, upon opening a ".xap" project file from the same location.
d7f1056ce3aa140ad0e115c7bf50b3c0
Polaris Office 2017 version 8.1 allows attackers to execute arbitrary code via a trojan horse "puiframeworkproresenu.dll" file in the current working directory, due to a search order flaw vulnerability.
cb627d3986c07f094a3e4282ca8924de
All Foscam cameras and network devices use the same SSL private key that is hard coded into the downloadable firmware. The keys were extracted using the utility 'binwalk' and allow an attacker to MITM any Foscam device.
f9b6c2e53b7f33e185a5629869b46838
The Apache OpenOffice installer for Windows contained a defective operation that could trigger execution of unwanted software installed by a Trojan Horse application. The installer defect is known as an unquoted Windows search path vulnerability. In the case of Apache OpenOffice installers for Windows, the PC must have previously been infected by a Trojan Horse application (or user) running with administrator privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit. The exploit may already have operated on the user's PC.
7705d5ab1a4089c1df13600a4048d119
HP Security Bulletin HPSBNS03635 1 - Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory. Revision 1 of this advisory.
208143266211c16a2e73608c2b984f2c
Linux.Liora is an ELF binary infection tool written in Go. Archive password is set to p4ssw0rd. Use at your own risk.
1da80990474640002885d779ca73905c
Source code for Linux.Zariche, a proof of concept elf (x86_64) file prepender, written in Vala. Archive password is set to p4ssw0rd. Use at your own risk.
367de68d9e9604a69a4e2ce440386280
Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software fails to catch early during the malware campaigns.
6e50932089aaee64f33c7521af785baa
Mandriva Linux Security Advisory 2014-162 - Untrusted search path vulnerability in Catfish allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.
22bdaf3a14f26e6a8f8ee1e4859bb0a8
Chkrootkit checks locally for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.
9e67dd56f835264d43aeb04944610b03
There is a hidden option and access control vulnerability in Ammyy Admin tool which allows an attacker to utilize "Ammyy Admin tool" as a trojan horse to access the computer without a victim's information. Versions 3.2 and below are affected.
30120c2b49d33e102046637f8588d5b7
Emperor Security Magazine issue number two. This issue discusses SSL, EIGRP, trojans, and more. Written in Persian.
1b813329d3c49ff598bbaa3406380bb6
Memory analysis and manipulation can provide security analysts with formidable weapons. During his talk at Information Security Day for ISACA Luxembourg Chapter, Frederic BOURLA presented most memory manipulation tricks from both offensive and defensive angles. The talk first dealt with the attacker’s layer, from pivoting attacks to IEEE1394 issues through in-memory fuzzing, which permits auditors to bypass built-in features, network limitations and encryption to remain able to uncover security vulnerabilities in a running application. In a second stage, the talk focused on the benefits of memory manipulation in computer forensics and malware analysis fields, especially when facing sophisticated malcode, such as kernel rootkits or heavily encrypted reverse trojans. Basically, this talk aimed to open the doors to a fascinating world which could easily allow security analysts to save lots of time during their recurrent duties. These are the slides from the talk.
15b76834e6e1d95bcaf4711fcf9bed73
Mandriva Linux Security Advisory 2012-077 - Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.
fa1ac8dbf0bf748076337278c27ec507
HP Security Bulletin HPSBPV02754 SSRT100803 2 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. The ProCurve switch operating system is not infected with the malware and the content on the compact flash card has no impact on the operation of the switch. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity. Revision 2 of this advisory.
4d95f4cfc66c0fa4f9c45feaf62536b8