Questions tagged [malware]

Malware is any malicious software, script, or code developed or used for the purpose of compromising or harming information assets without the owner’s informed consent. Examples include viruses, worms, spyware, keyloggers, backdoors, etc.

Malware can take many forms and perform multiple functions. From the Vocabulary for Event Recording and Incident Sharing (VERIS):

Malware is any malicious software, script, or code developed or used for the purpose of compromising or harming information assets without the owner’s informed consent. Examples include viruses, worms, spyware, keyloggers, backdoors, etc.

In order to compromise a system, malware may exploit vulnerabilities in software or deceive users. Alternately, an attacker may install tools to facilitate activities during an ongoing intrusion, such as back doors or information collection. The Software Engineering Institute has produced a lexicon of terms used in malware analysis.

Programmers interested in malware analysis have many resources available to assist and guide them through various stages of the process.

873 questions

100

votes

7 answers

How does this site infecting script work?

My Joomla! website has been repeatedly hacked into. Someone, somehow, managed to inject the following rubbish into the key php scripts, but I mean not to talk about configuring Joomla. The site is not visited much (at times I fear I might be the…

asked Jan 22 '10 at 14:10

Peter Perháč

20,434
21
120
152

votes

2 answers

How does the JPEG of Death vulnerability operate?

I’ve been reading about an older exploit against GDI+ on Windows XP and Windows Server 2003 called the JPEG of death for a project I’m working on. The exploit is well explained in the following…

c++ security memcpy malware

asked Feb 06 '15 at 15:26

Rafa

1,151
9
17

votes

19 answers

kdevtmpfsi using the entire CPU

We are using an EC2(Ubuntu) amazon instance for running Apache.Recently we noticed that there is a process using the entire CPU. We removed it using the help of the following procedure [root@hadoop002 tmp]# systemctl status 25177 ●…

linux ubuntu amazon-ec2 malware

asked Feb 10 '20 at 13:37

Shijin TR

7,516
10
55
122

votes

6 answers

How to decode a PDF stream?

I want to analyze a stream object in a PDF file which is encoded using /FlateDecode. Are there any tools which allow one to decode such encoding (ASCII85decode, LZWDecode, RunlenghtDecode etc.) used in PDFs? The stream content is most likely a PE…

pdf adobe reverse-engineering malware exploit

asked Jan 17 '15 at 09:11

rebel87

votes

3 answers

What kind of Android application will require android.permission.READ_PHONE_STATE permission?

I have seen some Android apps on my phone require this android.permission.READ_PHONE_STATE permission. I don't know if I could trust them. I know this permission will give the app access to many information. I'm particularly interested in what…

android permissions malware android-permissions

asked Nov 13 '13 at 23:52

Wei Yang

votes

4 answers

What is the meaning of '@' in the URL?

Let us try to access http://yahoo.com@3627729518 with any browser. We get redirected to google.com. 3627729518 is the decimal representation of 11011000.00111010.11000010 .01101110 without dots. What's the reason of such behavior? Note: I've…

http url basic-authentication malware

asked Sep 23 '16 at 15:13

xenteros

15,586
12
56
91

votes

3 answers

What is "%TEMP%\Encoding Time.csv" on Windows?

Does anyone know what app is writing to file "%TEMP%\Encoding Time.csv"? The file is constantly growing. Searching Internet did not yield any meaningful results. Below is an example of the records in the file. 0x1B959F08, 37033756854966440,…

malware

asked May 13 '17 at 23:45

Konstantin Glukhov

1,898
3
18
25

votes

3 answers

Android App using Webview/javascript. what can be a security concern?

I am creating an android web app using Webview and enabling Javascript through addJavascriptInterface(true). My App will contain html data that will be loaded from an external site. I am worried about the cross-site-scripting XSS/security of my app…

javascript android webview xss malware

asked Apr 01 '13 at 01:56

Amit sinha

votes

6 answers

My site is infected with obfuscated PHP malware - what is it doing + how do I get rid of it?

I have three websites all hosted on the same webserver. Recently I was working on one of the websites and noticed that, about a month ago, a bunch of files had been changed. Specifically, all instances of index.html had been renamed to…

php security web obfuscation malware

asked Apr 04 '17 at 15:42

W Biggs

votes

4 answers

Active Adblock Plus shows weird error in Chrome JS Console

Every page I browse with Chrome shows this error in the console: extensions::uncaught_exception_handler:8 Error in event handler for (unknown): SyntaxError: Failed to execute 'insertRule' on 'CSSStyleSheet': Failed to parse the rule '::content…

google-chrome console malware adblock

asked Oct 14 '15 at 21:52

user3423688

votes

7 answers

unknown scripts are running and redirecting on click to unknown websties

Problem:- Sometimes, on clicking on NAVBAR menu or on any div on my bootstrap website, It redirects to ads or unknown links in new tab something like this. http://cobalten.com/afu.php?zoneid=1365143&var=1492756 Imported links from hosted file:-…

javascript jquery html css malware

asked Jun 27 '18 at 14:07

aman

votes

1 answer

Disable Networking in Electron

electron.js is a user interface toolkit that allows a web application to operate as an arbitrary GUI. However, there are some applications that should be considered sensitive - for instance, a GUI for banking should have strong assurances that it's…

node.js security networking electron malware

asked Dec 23 '17 at 14:53

Athan Clark

3,886
2
21
39

votes

3 answers

What is com.walkfreestub? (causing crashes on Android)

Quite recently, our Android app has started crashing due to a NullPointerException in a package called com.walkfreestub. Currently there are absolutely no references to this online (we've tried all sorts of other searches related to the crash). Any…

android crash malware

asked Aug 18 '15 at 18:48

Kevin Cooper

5,018
4
37
51

votes

2 answers

Android exploit dalvik classes: Preferences

Recently, i have been trying to understand how some apps manage to change android browser settings by code like the homepage. This is how "far" i have come. It is not support by the android api and normal code. You have to use native code. I…

android root preferences malware

asked Oct 30 '12 at 19:24

Ukjent

votes

3 answers

Site with a bitcoin miner script

I found some of my users visiting a site that seemed to have a Bitcoin mining JS script in its code: