Slashdot Mirror
Taking Apart the Energizer Trojan
iago-vL writes "Researchers at SkullSecurity have written a tutorial on how they reverse engineered the Energizer Trojan and generated an Nmap probe to remotely detect infections. The Energizer Trojan is a great educational tool because its inner workings are very simplistic, and it makes minimal efforts to hide itself or conceal its purpose; it even lists what appears to be the author's name — 'liuhong' — in the source! The article provides an introduction to malware analysis, from infecting a test machine to debugging and disassembling the Trojan to writing the actual probe."
Haha, I hadn't even thought of that!
I originally wrote it as a single page, but 60 images + that much text was too much, so I broke it into 4 pages. For what it's worth, I don't have any ads or anything so it's not like I'm profiting from it.
http://www.skullsecurity.org/blog/
page 1: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D627&hl=en&sa=G&strip=1
page 2: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D645&hl=en&sa=G&strip=1
page 3: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D647&hl=en&sa=G&strip=1
page 4: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D649&hl=en&sa=G&strip=1
Well, I can't remember a time BEB (Before Energizer Bunny) so that means the thing's been around for at least 20 years! I haven't checked the fount of all human knowledge yet, but I'm sure it will confirm my beliefs.
From the fount of all human knowledge:
The Energizer Bunny is the marketing icon and mascot of Energizer batteries in North America. It is a pink toy rabbit wearing sunglasses and blue and white striped sandals that beats a bass drum bearing the Energizer logo. It is a parody of the preexistent Duracell Bunny, seen in Europe and Australia. It has been appearing in television commercials in North America since 1989.
Actually I think the very first battery bunny ad I can remember is the Duracell guy with the drum. But that's irrelevant - it's the Energizer Bunny who's the daddy now!
http://ihatehate.wordpress.com
Maybe you're thinking of the wrong brand?
No, I'm mocking the Energizer Bunny campaign of ads a robotic bunny left the set of its own ad and started interrupting other ads for fictional products.
Whether you recognize the Duracell Bunny or the Energizer Bunny as a simple of everlasting battery life depends on where you are from. In Europe and Australia, Duracell has trademarked the use, in the U.S., Energizer did (they were the jonny-come-lately).
Did I just BLOW YOU MIND!
Maybe you're thinking of the wrong brand?
No, I'm mocking the Energizer Bunny campaign of ads a robotic bunny left the set of its own ad and started interrupting other ads for fictional products.
Whether you recognize the Duracell Bunny or the Energizer Bunny as a simple of everlasting battery life depends on where you are from. In Europe and Australia, Duracell has trademarked the use, in the U.S., Energizer did (they were the jonny-come-lately).
Did I just BLOW YOU MIND!
YOU BLEW ME MIND MAN
We just today released Nmap 5.30BETA1, which contains the version detection signature described in this post for detecting the Energizer trojan. It also includes a detection and exploitation script for a major Mac OS X vulnerability which Nmap developer Patrik Karlsson found last month and Apple finally patched this morning. There are about 100 other changes as well, including 37 new NSE scripts. You can download it free here.
Pardon the Nmap promotion, but it seemed on-topic for the story.
Believe it or not some people get off on it. I bought one for the wife a while back.
http://en.wikipedia.org/wiki/Violet_wand
Posted anonymously in my freaky corner.