Malware Case Study, Secure Science

The trojan was hosted on web servers located in the Ukraine and Russia, and existed among several gigabytes of data encoded with a proprietary algorithm. There were nearly 10,000 individual files available, each containing between 70 bytes and 56 megabytes worth of stolen data that only criminals could read...until now.

The primary objective for this research was to decode the stolen data and enter it into IntelliFound, which is an innovative solution that specializes in returning illegally obtained confidential information to the appropriate organizations.

A secondary objective for this study is to discover and explain intimate details on the trojan, which includes but is not limited to, its anti-detection mechanisms, internal data structures, API hooking functions, and procedures for controlling the flow of data and communication across multiple threads. Download PDF - View as HTML - via SunbeltBLOG

Linked by shanmuga Friday, 17th November 2006 1:37AM