|
|
|
posted in Worm sources on Dec 11th, 2009
Name
Worm.MSH.Skowor.A
Type
Worm
Author
sk0r/Czybik
Written in
PowerShell
Description
I was looking for PowerShell based malware and eventually found the POC Skowor worm. The only worm written in this language.
It attempts to propagate via the Kazaa P2P network by putting a copy of itself in the shared folders. As far as I see there is no typical malicious payload except it overwrites files [...]
posted in External tools, Worm sources on Nov 13th, 2009
Name
Win32/Blaster/Worm (Lovsan, Lovesan)
Type
Spreader, Worm
Author
Unknown
Written in
C
Description
This worm was very active in 2003. It spreaded via an RPC vulnerability and executed a DoS attack on a specific date. It’s a well structured code, easy to read and understand. The intresting paragraphs are the spreader which attacks new victim system to learn and see how (easily) it [...]
posted in External tools, Worm sources on Nov 8th, 2009
Name
Win32/ogw0rm
Type
Spreader, Worm
Author
Unknown
Written in
C
Description
Ogw0rm is a good example how malware propagates itself via Instant Messaging apps. It checks the process list for running IM applications and propagates itself by sending messages to new victims.
It shows how to enumerate Windows, send key strokes to the OS, Registry stuff and a little networking stuff. A simple malware source [...]
posted in RAT sources, Tools & sources, Worm sources on Oct 16th, 2009
Name
Win32/Rbot
Malware type
RAT, Worm
Author
Unknown
Written in
C
Description
Rbot is an IRC controlled backdoor (or “bot”) that can be used to gain unauthorized access to a victim’s machine. It can also exhibit worm-like functionality by exploiting weak passwords on administrative shares and by exploiting many different software vulnerabilities, as well as backdoors created by other malware. There are many variants [...]
© 2010 all rights reserved.
