Infected Mind

From describing 29A as a virus reasearch group (symantec) to describing them as a gang!!(sophos) , one thing interrupted my mental masturbation:

“But somehow, we feel this is probably not the last time we’ll hear from this motley crew” –Posted by Symantec Security Response

Now a Security blog starts to tell future!

  Avers may feel victorious, Glad, Horny! The satan of their religion is gone,  but this monster got defeated by time and other things rather than  Avers ridiculous blogs and products!

From my point of view 29A was dying since their last zine, and fairly I dislike the word ‘dead’ for a group like 29A ,since their great work still motivating alot of new vxers.

At the end..

Farewell 29A you were the orgasm of the scene that never reached such pleasure and satisfaction before!
for more info visit the 29A site

I paid a visit to the norman sandbox,which I found this code couldbe enough to bypass norman sandbox emulator edtection and somehow f-secure emulator too(not sure 100% about the latter), see the following code: Read the rest of this entry »

Today I noticed the option on virustotal.com (“Dont distribute sample”) was disabled ,they put an explanation for that on their blog ,in short they explained that decision was taken as a result of the continuous AVers complaints about how its been used by virii developers to create new UD samples.

Well… Read the rest of this entry »

Happy new year everybody……..

call @f
push 0c3h
@@:
pop edx
jmp $-5

I think by now most of people related to VX-scene read what Peter Ferrie wrote on Symantec Security Response Blog .

I thought of it too, vx-scene is dying in my perspective and in old retired elite the scene is already dead,because of the lack of real asm or at least complicated codes.

see these two links from the past(29A#6)

Z0MBiE
Benny

Imagine , that the whole vx-scene dying gossip was from that time 2001.

For me I think the scene still have the chance to revive but it needs real vxer who

 Will not  feel  okey until they create.. ---- from Z0MBiE article.

Lets wait to see the new combined zine,and hope for future new creative vxers.

After a very boring weak for a grinch type of person! things seem a bit moving:

-First , The storm worm on their xmas propagation try, used Fast-Flux technique but this time the IP changed every 1sec! I made myself a list of IPs by making a loop lasted for about 7 min ,Most of the IPs I got are unique,makes me wonder how many zombies did they jam into that attack! In the same occasion I got my own binary copy of storm worm (at last).

-Second, Read the rest of this entry »

Using CamFrog as a way to get into free live porn ,isnt my real treat. Especially when that product has such Stratup key to run:

“C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe” 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe

I think the idea is straight forward! (“minimize” will be passed to that program)

Now..the good news Read the rest of this entry »

While I was dusting the internet pages I came across an old article about virus underground,interesting indeed! I recalled it ,as once this link have been published before on rrlf site, yet I chose to read it all over again!

The Virus Underground[New York Times]

I am wondering now about the odd pictures ,why is SPTH seems to be half naked! whats wrong with benny did they took his picture by surprise! May be I reach the answer when I read the whole article, which I doubt to find .

Read the rest of this entry »