An overview of Cythosia DDoS Bot

Cythosia v2 is a DDoS Botnet System has been published in BlackMarket Forums a while ago, we decided to publish an article shared on my private blog. Here at UIC R.E. Academy we strongly believe in sharing knowledge, for this reason we decided to publish articles, also not up to date, that could come handy/teach […]

Artro Botnet Anatomy Overview

Following the idea of knowledge sharing, here another article taken from my private blog and shared for our readers. Some time ago, while talking with Roman from abuse.ch, we found it necessary to give a more in depth look of a very active Botnet named Artro ( executable commonly identified as Win32/Renos or Trojan-Downloader.Win32.CodecPack ) […]

DarkComet Analysis – Understanding the Trojan used in Syrian Uprising

On February 17th the CNN published an interesting article, where some Syrian’s regime opponents claimed that the government was using a Trojan to monitor and disrupt the protestor’s network. Apparently the regime has been using a well-known social engineering technique: impersonate a trusted person then attack from the inside. It is not possible to confirm […]

RootSmart Android Malware Analysis

Android’s increasing popularity, combined with the possibility to create alternative markets, makes this platform a fertile ground for malware authors. While most of these applications just exploit the inexperience of the average user that is looking for free software, others are pretty smart and use more sophisticated techniques to take, and keep, control of the […]

Shylock via volatility

Shylock is a new Financial Malware, publicly reported for the first time on 7 September 2011. Additional informations on can be checked out from Mila’s blogpost http://contagiodump.blogspot.com/2011/09/sept-21-greedy-shylock-financial.html Tools Volatility MHL Malware Plugins Timeliner,RegistryApi, evtlogs Plugins Essay Memory Acquisition First step is the Memory Acquisition that can be accomplished essentially in two ways, depending essentially by […]

Morto Malware Analysis

Today we’re going to analyze Morto.A a malware which, in this weeks, is spreading in many Internet places. It’s a worm that allows unauthorized access to an infected computer and tries to compromise administrator passwords for Remote Desktop connections, through RDP protocol, on a network. Indeed this threat infecting computers by targeting accounts that have […]

Carberp Reverse Engineering

We are going to talk about Trojan Banker Carberp from a Reverse Engineering point of view. Carberp is a Botnet delivered in the usual ways of Blackmarket selling, designed to be a Trojan Spy and specifically a Banker similar to SpyEye and ZeuS, able to perform Man in the Browser attacks, steal victim credentials, kill […]

Rootkit Banker Win64.Banker and Win32.Banker Analysis

Rootkit Banker Win64.Banker Reverse Engineering, this is the first rootkit able to steal banking account credentials even on x64 systems. We’ll take a look into the functionalities of this interesting rootkit, focusing mainly on the techniques used to disable UAC, to install the certificate and to steal information from the infected machines. Tools IDA Essay […]

How to Deal with Malware

With this brief tutorial, here at UIC we are going to open a new Reversing Chapter that follows the new challenge promptly emerged in the last years: Malware Reverse Engineering. This field is quite interesting and important for every serious RCE Community mostly because we are now facing an impressive boost of Malicious Executables and […]