Taking Apart the Energizer Trojan

iago-vL writes "Researchers at SkullSecurity have written a tutorial on how they reverse engineered the Energizer Trojan and generated an Nmap probe to remotely detect infections. The Energizer Trojan is a great educational tool because its inner workings are very simplistic, and it makes minimal efforts to hide itself or conceal its purpose; it even lists what appears to be the author's name — 'liuhong' — in the source! The article provides an introduction to malware analysis, from infecting a test machine to debugging and disassembling the Trojan to writing the actual probe."

Re:Multi-page article

[iago-vL]

Haha, I hadn't even thought of that!

I originally wrote it as a single page, but 60 images + that much text was too much, so I broke it into 4 pages. For what it's worth, I don't have any ads or anything so it's not like I'm profiting from it.

slashdotted. text-only googlecache.

page 1: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D627&hl=en&sa=G&strip=1
page 2: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D645&hl=en&sa=G&strip=1
page 3: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D647&hl=en&sa=G&strip=1
page 4: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D649&hl=en&sa=G&strip=1

Re:Multi-page article

He accurately recalls something he hasn't seen for years and this makes him weak-minded? Is this because you do not find the information valuable? Is the definition of a strong mind then only one that stores what you believe one should store? Perhaps you could publish a paper describing the sorts of things we should be memorizing to strengthen our minds.

Re:Multi-page article

[maxume]

It must suck to have to start disliking stuff just because some plebs found out about it.

Re:Multi-page article

[t0p]

Jeeze, you're mean! The Energizer Bunny is not the product of a "crappy ancient ad campaign"... the creature's a freaking icon! And although I can't remember the exact ad where the rabbit escapes its own ad to invade others, there have been plenty of others featuring the creature. I saw one just the other day. And it seems to me that Energizer Bunny ads have been run since forever! Well, I can't remember a time BEB (Before Energizer Bunny) so that means the thing's been around for at least 20 years! I haven't checked the fount of all human knowledge yet, but I'm sure it will confirm my beliefs.

Go anywhere in the world, find someone who watches commercial TV with any sort of regularity and show him a picture of the Bunny - I'll bet you 1000-1 he'll know who it is. That creature isn't just an icon - it's up there with Mickey Mouse, Jesus Christ and Coca Cola. Get down on your knees and beg the Bunny-God for forgiveness!

Woman's fantasy

[ianare]

Energizer and trojans combined : a woman's dreams come true.

New Nmap 5.30BETA1 Release

[fv]

We just today released Nmap 5.30BETA1, which contains the version detection signature described in this post for detecting the Energizer trojan. It also includes a detection and exploitation script for a major Mac OS X vulnerability which Nmap developer Patrik Karlsson found last month and Apple finally patched this morning. There are about 100 other changes as well, including 37 new NSE scripts. You can download it free here.

Pardon the Nmap promotion, but it seemed on-topic for the story.