Win32.BlackBerryBBC Malware Analysis

Today I got a mail containing a malware from [email protected] The sender’s address is forged and this is kind of Email Spoofing. Email contains a description about malwares and encourages the receiver to install a file called Anti-Vir.rar.

HiMan EK and CVE-2013-2551

Recently during one of my analysis of URLs from urlquery, I came up with a URL ending in: /ie8910.html. The link, after being opened, returns an index with the following code:   As it can be seen from the “ip-blocked-by-firefox” Google Safe Browsing is already blocking the address, though there is no active service on port 8080 while there’s one running […]

Active CookieBomb, CVE 2013-2465 and Reveton

This is the second QuickAnalysis post after the one by evilcry; During my daily urlquery investigation (, I come across a website infected by the CookieBomb injection payload. hxxp:// The JS inside the index page, obviously, is obfuscated: after deobfuscation we have this: The code above clearly shows a classical CookieBomb Javascript infection. What is […]

Low detection “Flash_update.exe”

UIC’s [Quick Analysis] blog posts are a fast way to share some information and/or samples which are under our microscope. About “Flash_update.exe” During my daily malware hunting I came across a sample reported by clean-mx at the following address: We have an executable named “Flash_update.exe” with (at the moment of writing) a low detection […]