The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Advertisement

You can always use information security services, such as penetration testing to stay secure.


Security Bulletins
Latest Malware Updates

OSX.Ventir

10/20/2014

Trojan.Cryptdef!gm

10/20/2014

Exp.CVE-2014-0565

10/20/2014

Backdoor.Plexor

10/20/2014

Backdoor.Emdivi

10/17/2014

W32.Qakbot!gen9

10/17/2014

Bloodhound.HWP.5

10/17/2014

Trojan.Beginto

10/16/2014

Trojan.Zbot!gen84

10/16/2014

Yontoo.C!gen1

10/16/2014
01/13/2014

Trojan.Turla

Type:  Trojan
Discovered:  13.01.2014
Updated:  13.01.2014
Affected systems:  Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
AV Vendor:  Symantec

Description:

When the Trojan is executed, it creates the following files:
  • %CurrentFolder%\SPUNINST\vt.bin
  • %Windir%\resin.bin
  • %System%\vtmon.bin
  • %System%\drivers\mrxdmb.sys
  • %System%\drivers\nmnu.sys
  • %Windir%\$NtU*\mtmon.sdb
  • %Windir%\$NtU*\scmp.bin
  • %Windir%\$NtU*\cmp.bin

The Trojan then creates the following registry entries:
  • HKEY_LOCAL_MACHINE\SYSTEM\Select\"Default" = "01"
  • HKEY_LOCAL_MACHINE\SYSTEM\Select\"LastKnownGood" = "01"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmnu\"DisplayName"= "nmnu"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmnu\"ImagePath" = "%System%\drivers\nmnu.sys"

It may then create a service with the following characteristics:
  • Service name: mrxdmb
  • Image Path: %System%\drivers\mrxdmb.sys

Next, the Trojan connects to any of the following command-and-control (C&C) servers:
  • nightday.comxa.com
  • sanky.sportsontheweb.net
  • tiger.netii.net
  • north-area.bbsindex.com

The Trojan may then perform the following actions:
  • Open a back door on the compromised computer
  • Gather and encrypt sensitive information
  • Send files to the C&C server
  • Load files on the compromised computer
  • Add new C&C server addresses to the registry
  • Update its drivers
  • Add a proxy
  • Terminate processes
  • Write data to a log file

Security Advisories Database

Cross-site Scripting Vulnerability in Tivoli Directory Server

A cross-site scripting vulnerability was reported in Tivoli Directory Server.

10/18/2014

SQL Injection Vulnerability in IP.Board IP.Content Module

SQL inection vulnerability was reported in IP.Board IP.Content Module.

10/17/2014

SQL Injection Vulnerability in Pligg CMS

SQL inection vulnerability was reported in Pligg CMS.

10/17/2014

SQL Injection Vulnerability in TYPO3 wt_directory Extension

SQL inection vulnerability was discovered in TYPO3 wt_directory Extension.

10/17/2014

SQL Injection Vulnerability in TYPO3 Address Visualization with Google Maps Extension

SQL inection vulnerability was discovered in TYPO3 Address Visualization with Google Maps Extension.

10/17/2014

SQL Injection Vulnerability in TYPO3 Flat Manager Extension

SQL inection vulnerability was discovered in TYPO3 Flat Manager Extension.

10/17/2014

SQL Injection Vulnerability in NULL Byte

SQL inection vulnerability has been discovered in NULL Byte.

10/17/2014

Cross-site Scripting Vulnerability in MicroPact iComplaints

A cross-site scripting vulnerability was discovered in MicroPact iComplaints.

10/17/2014

Cross-site Scripting Vulnerability in Cisco Unified Communications Manager

A cross-site scripting vulnerability was found in Cisco Unified Communications Manager.

10/17/2014

Cross-site Scripting Vulnerability in F5 Multiple Products Configuration Utility echo.jsp

A cross-site scripting vulnerability was discovered in F5 Multiple Products Configuration Utility echo.jsp.

10/17/2014