This document is the result of work done by Emanuele De Lucia for the final CREA certification exam (Certified Reverse Engineering Analyst).The malware analyzed appeared obscured and encrypted in order to make more difficult all tasks targeted to its identification and analysis.The present document was rendered freely available with permission of the competent institute. The document is available for download in English.
Zeus is a Trojan horse that is able to steal banking informations through "Man-in-the-browser", "Keystroke Logging" and "Form Grabbing" techniques. The reversing process considers the initial phase of the system infection conducted by the agent.As we can see from the attached document, the infection process involves the injection of code into predefined processes through VirtualAllocEx and WriteProcessMemory functions. The informations that will follow are in public domain and are free to … [Read more]
This document considers what has been called the most sophisticated malware ever generated analyzing the code of its “Main Module”.With a great deal of probability, “The Flamer” also kwown as “sKyWIper”, is the most complex malware ever found.It’ able to spread itself to other systems over a local network (LAN) or via USB stick. It can record audio, screenshots, keyboard activity and network traffic.The program also records Skype conversations and can turn infected computers into … [Read more]