Andromeda Gamarue Botnet Gets An Update

Recently I saw some spam emails exploiting an adobe PDF vulnerability ( thanks to Conrad Longmore ( https://twitter.com/ConradLongmore) )

upload.jpg

This PDF file seems to be exploiting CVE-2013-2729 vulnerability. The shellcode is small and simple . It just downloads the file from a server and executes it .

upload.jpg

After unpacking the file , analysis reveal that this is a new update for Andromeda - Gamarue botnet . The version is upgraded to 2.9 . Although there is no significant change in the Botnet , the version number from the request string has been removed

upload.jpg

upload.jpg

Raashid Bhat

http://twitter.com/raashidbhatt

 
32
Kudos
 
32
Kudos

Now read this

Cutwail : Malware With a Crash Reporting Feature.

Cutwail Spam component is a part of PushDo Botnet . Recently I was analysing Cutwail and came across an interesting patch reporting functionality in Cutwail . It starts with Fixing IAT ( Import Address Table ) to correct corresponding... Continue →