Skip to main content
Borderline

Navigation principale

  • Chrysalide
  • Home

Breadcrumb

  1. Home

malware

By Ivan, 3 December, 2018
Screenshot of the manalyzer.org website

Detecting anomalies in the RICH header

A few days ago, Kaspersky published a blog post regarding a likely false flag in the wiper component of OlympicDestroyer. The attempt is based on an undocumented, lesser-known PE header called the RICH header. I don’t want to go into too much details regarding its layout, as many other sources have done a great job documenting it.

Tags

  • malware
  • manalyze
By Ivan, 5 August, 2016
Fake tech support landing page

How I got tech support scammers infected with Locky

A few days ago, I received a panicked call from my parents who had somehow managed to land on a (now defunct) web page (snapshot here) claiming they had been infected by Zeus. This horrible HTML aggregate had it all: audio message with autoplay, endless JavaScript alerts, a blue background with cryptic file names throwing us back to Windows' BSoD days, and yet somehow it displayed a random IP address instead of the visitor's one.

Tags

  • social-engineering
  • malware
  • scam
malware

Language

  • 🇺🇸 English
  • 🇫🇷 Français
RSS feed

Find me on social media