Slashdot Mirror

← Back to Stories (view on slashdot.org)

Taking Apart the Energizer Trojan

Posted by Soulskill on from the dissecting-the-pink-rabbit dept.

iago-vL writes "Researchers at SkullSecurity have written a tutorial on how they reverse engineered the Energizer Trojan and generated an Nmap probe to remotely detect infections. The Energizer Trojan is a great educational tool because its inner workings are very simplistic, and it makes minimal efforts to hide itself or conceal its purpose; it even lists what appears to be the author's name — 'liuhong' — in the source! The article provides an introduction to malware analysis, from infecting a test machine to debugging and disassembling the Trojan to writing the actual probe."

5 of 55 comments (clear)

  1. Re:Multi-page article by iago-vL · · Score: 5, Informative

    Haha, I hadn't even thought of that!

    I originally wrote it as a single page, but 60 images + that much text was too much, so I broke it into 4 pages. For what it's worth, I don't have any ads or anything so it's not like I'm profiting from it.

    --
    http://www.skullsecurity.org/blog/
  2. slashdotted. text-only googlecache. by Anonymous Coward · · Score: 5, Informative

    page 1: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D627&hl=en&sa=G&strip=1
    page 2: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D645&hl=en&sa=G&strip=1
    page 3: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D647&hl=en&sa=G&strip=1
    page 4: http://74.125.95.132/search?q=cache:http://www.skullsecurity.org/blog/%3Fp%3D649&hl=en&sa=G&strip=1

  3. Re:Multi-page article by Anonymous Coward · · Score: 5, Insightful

    He accurately recalls something he hasn't seen for years and this makes him weak-minded? Is this because you do not find the information valuable? Is the definition of a strong mind then only one that stores what you believe one should store? Perhaps you could publish a paper describing the sorts of things we should be memorizing to strengthen our minds.

  4. Re:Multi-page article by maxume · · Score: 5, Insightful

    It must suck to have to start disliking stuff just because some plebs found out about it.

    --
    Nerd rage is the funniest rage.
  5. New Nmap 5.30BETA1 Release by fv · · Score: 5, Informative

    We just today released Nmap 5.30BETA1, which contains the version detection signature described in this post for detecting the Energizer trojan. It also includes a detection and exploitation script for a major Mac OS X vulnerability which Nmap developer Patrik Karlsson found last month and Apple finally patched this morning. There are about 100 other changes as well, including 37 new NSE scripts. You can download it free here.

    Pardon the Nmap promotion, but it seemed on-topic for the story.