14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
BianLian ransomware group announced they've ransomed a children's healthcare facility.
Читать полностью…
The BBC reports the Internet Archive has been compromised by a Threat Actor operating under the moniker "Have I Been Pwned".
This is unequivocally false.
The BBC has incorrectly attributed the compromise to the the website owned and operated by security researcher @TroyHunt
Unrelated to malware.
This textbook, presumably from China because it's written in Mandarin, is an excellent illustration of how Turtles' shells work.
Education is important!
Yes, some of us are Ameriburgers.
Some of our staff members are in Europe, and big chunk of our followers are in Europe, Canada, South America, and Australia. Not everything we say or do may not align with our American audience.
Yesterday Chinese researchers from Shanghai University unveiled a technique to defeat RSA and AES encryption using Quantum Computing.
The paper titled: "Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage", is in Mandarin and has lots of maths
You can either read what other journalists wrote, or you can try to read it yourself.
The original paper: http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf
A beta version of Pokémon X&Y has leaked online.
We've seen some download links — but we're too afraid to mention it because we don't want Nintendo to send the Yakuza to our homes
eSUN 3D Printing has upgraded their stuff. All user credentials are now email:email
Photos via GatorzVR
September 17th a person named Prakash filed an official complaint against our donation transaction system stating we have failed to give them the password for the malware folder.
It wasn't a meme, it was completely legitimate.
The password is 'infected'.
uBlock Origin has been flagged by Google as 'not following best practices' from the Google Chrome web store — sparking concern it may be removed. Internet nerds are moving to Firefox or Brave.
Some are stragglers and are using uBlock Origin Lite on strict mode to combat ads.
"smelly why are you always so sick?"
In the spirit of full-disclosure, I've got a kind of, sort of, rare disease-thing. I'm immuno-compromised. The medicine which fixes my disease thingy requires injecting drugs which essentially toggle my immune system offline.
This fixes my disease thing, but it makes me susceptible to illness, and in the event that I do get sick, it takes me much longer to recover from it.
If in the event I don't take injections which toggle my immune system offline, my body is in crippling pain all day, everyday, and it hurts to live because my immune system thinks my body is a giant infection and it tries to kill me.
Nintendo executives right now (they're going to sue everyone into nothingness)
Читать полностью…
Good morning, evening, or night.
We still haven't selected winners to the swag giveaway. Relax — you can stop sending us DMs. We'll do it later today, or tomorrow, whatever.
Okay, going back to bed now. Talk to you later.
Love you,
Our social media stats from the past 28 days
tl;dr 8m - 16m impressions == $109
Good morning,
- We've got a bunch of papers in queue, no idea when we'll push them to prod
- Estimated daily malware ingestion is 450,000 samples
- Winners for the swag giveaway will be selected throughout the weekend. We wanted to let people continue posting critters
Thanks,
Updates:
Papers:
- 2009-05-03 - PE Infection - How to Inject a DLL
- 2017-03-21 - Cloak and Dagger - From Two Permissions to Complete Control of the UI Feedback Loop
- 2020-08-10 - NFCGate - Opening the Door for NFC Security Research with a Smartphone-Based Toolkit
- 2022-01-30 - Retrieving the current EIP in C⁄C++
- 2022-01-30 - SetTcpEntry6 - A custom SetTcpEntry implementation for IPv6
- 2022-02-01 - System-wide anti-debug technique using NtQuerySystemInformation and DuplicateHandle
- 2022-02-02 - Reading and writing remote process data without using ReadProcessMemory ⁄WriteProcessMemory
- 2022-02-04 - CallRemoteAPI - Call functions in remote processes
- 2022-02-04 - CreateSvcRpc - A custom RPC client to execute programs as the SYSTEM user
- 2022-02-04 - EmbedExeLnk - Embedding an EXE inside a LNK with automatic execution
- 2022-02-06 - HijackFileHandle - Hijack a file in a remote process without code injection
- 2022-02-08 - StackScraper - Capturing sensitive data using real-time stack scanning against a remote
- 2022-02-10 - WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory
- 2022-09-09 - WriteProcessMemoryAPC - Write memory to a remote process using APC calls
- 2022-10-20 - SharedMemUtils - A simple tool to automatically find vulnerabilities in shared memory objects
- 2022-12-10 - StealthHook - A method for hooking a function without modifying memory protection
- 2023-01-11 - SelfDebug - A useless anti-debug trick by forcing a process to debug itself
- 2024-09-03 - RAMBO - Leaking Secrets from Air-Gap Computers by Spelling Covert Radio Signals from Computer RAM
- 2024-09-07 - PIXHELL Attack - Leaking Sensitive Information from Air-Gap Computers via 'Singing Pixels'
Initially it was (incorrectly) assumed we have compromised the Internet Archive based on the wording of our initial post regarding the compromise.
Now it is incorrectly being reported Troy Hunt compromised the Internet Archive
CIA and NSA nerds following vx-underground right now:
Читать полностью…
Updates:
Archives:
- The Old New Thing, September 2024
Bulk downloads:
- MalwareIngestion2024.10.10
- MalwareIngestion2024.10.11
- MalwareIngestion2024.10.12
- MalwareIngestion2024.10.13
- MalwareIngestion2024.10.14
- VirusSign.2024.10.12
- VirusSign.2024.10.13
- VirusSign.2024.10.14
- Bazaar.2024.09
Malware families:
- AilurophileStealer
- Amadey
- Android.Copybara
- AsyncRAT
- BansheeLoader
- DCRat
- DMALocker
- Emotet
- Fysbis
- Gafgyt
- HzRAT
- KTLVdoor
- Lactrodectus
- LummaStealer
- NeutrinoBot
- PupyRAT
- QuasarRAT
- RedLine
- RhadamanthysLoader
- Sliver
- SmokeLoader
- SnakeKeylogger
- ToneShell
- Vidar
- XenoRAT
- XWorm
Papers:
- 2020-07-16 - Masking Malicious Memory Artifacts Part II - Blending in with False Positives
- 2020-08-04 - Masking Malicious Memory Artifacts Part III - Bypassing Defensive Scanners
- 2022-02-14 - Abusing Exceptions for Code Execution Part 1
- 2022-04-02 - CreateSvcRpc - A custom RPC client to execute programs as the SYSTEM user
- 2022-04-04 - Sharing is Caring - Abusing Shared Sections for Code Injection
- 2022-10-12 - StealthHook - A method for hooking a function without modifying memory protection
- 2023-01-30 - Abusing Exceptions for Code Execution Part 2
- 2023-07-15 - Poch Poch is this thing on - Bypass AMSI with Divide and Conquer
- 2024-10-15 - Introducing Early Cascade Injection from Windows process creation to stealthy injection
We understand this may be difficult for our Ameriburger audience to understand, but not everyone who follows vx-underground is located in the United States
Not everything we do is Burger-centric and not everything is related to Ameriburger
It's going to be okay, pinky-promise
We've updated the vx-underground GitHub malware source code collection.
- Win32.BabylonRAT
- Win32.NjRat
- Win32.Ransomware.Chaos
- Win32.Ransomware.Yashma
- Win32.RedlineStealer
- Win32.CHMiner
- Win32.CometRAT
- Win32.PentagonRAT.Builder
and more...
https://github.com/vxunderground/MalwareSourceCode
Yes, having your login email also be your password is standard procedure, this is very normal and safe. Don't worry.
Читать полностью…
We're being discriminated against — you'll hear from our lawyers.
Читать полностью…
The notice on the page doesn't explicitly state what uBlock Origin is, or is not, doing to be flagged as not following best practices.
People are theorizing this is Google strong-arming ad blockers so they can boost their ad revenue on places like YouTube
Internet web designer drama today.
Advanced Custom Fields, a WordPress plugin that allows people to modify pages easier, and offers a paid version, has been usurped by WordPress itself.
WordPress pretty much told them to piss off, causing a massive shitstorm
Hello,
tl;dr im sick, be patient, giveaways in december, hdds soon (maybe), vxdb ideas?, be patient (again).
1. I'm still sick. I've been sick for over a week now. My sinus infection is semi-persistent and it's being a total pain in the ass. My health has improved, but I'm not quite 100% recovered yet. I feel like I've got a giant booger in my right nostril that I can't get out. Ugh.
2. We still haven't gotten around to the swag giveaway. It's on my todo list, but I need to sync with the crew to check out the submissions and select a few winners. We haven't found a time in the past week where we're all online at the same time and can really sit and down and review the critter pictures. That's my bad, it's on the todo list.
3. This year, as we did last year, we're going to try to do a bunch of Christmas giveaways. Last December we gave away over $45,000 in educational material. We're trying to make this an annual tradition. Let's see how it goes this year.
4. A ton of people have messaged me about harddrive sales. We've got some that are ready to clone, but I haven't sat down and began. I've been distracted by tons of stuff and cloning the drives can be kind of annoying. I'll probably start cloning drives again in the next couple of weeks.
5. We're trying to find a way to fuse our malware database with vx-underground. We had this idea where people can easy move between virus-exchange and vx-underground and download individual samples way faster. We're not sure how we're going to do it, but it's on the chopping block.
6. Despite the huge boost in hardware, thanks to all the people to helped us with our hardware fundraiser, ingestion 1,000,000+ malware samples a day is really hard and expensive. A more realistic number is closer to 100,000 - 400,000 a day, but even that is challenging unless we get a sudden surge in funding. I'm not sure why I'm so set on collecting all this malware and pushing the crew to continue the malware collection, but it's what's happening.
7. Adding papers can be hard. We try to actively monitor social media for new and cool malware-related research. Usually once we've got a bunch bookmarked somewhere, or saved as a PDF, we double check to see if we already have the paper on vx-underground, we sync it with a local backup and our remote backup, and then push to prod. Finding fresh material and doing all these extra steps is a pain in the ass, especially when we review them and try to classify them as best as possible. Stop bugging us on why we're not adding more papers — we've got like, 60,000 papers and it's not as easy as ctrl-c + ctrl-v. Because of the size of our malware collection, nothing is simple anymore, especially because we try to do everything right the first time.
Thanks for reading. Enjoy your weekend.
- smelly
Massive Pokemon leak today.
- Partial Black/White v2 dev builds & source patch files
- Pokemon Bank source code
- Pokémon HeartGold and SoulSilver source code
- Famicom tech demo from 2004
- Black/White Git
- Platinum full SVN
We've made a ground breaking discovery.
When regular internet dweebs learned the Internet Archive got defaced they were under the impression that someone deleted over 100PB's of data within the time span it takes to click refresh on their web browser.
The panic and terror makes much more sense now.
We too would be terrified if someone discovered a way to zero-fill 100PB of data (without detonating an incendiary device) across a data warehouse in the blink of an eye, because this is no regular data-wiper payload, this is unironically spooky wizard galaxy brain time magic (only logical explanation).
Pic attached is an image from the Internet Archive. Imagine zero-filling all these computer thingies in .03 seconds.
333,100 followers and we're getting BIG money from it on social media. Don't even try to talk to us unless you've got stacks like us.
Читать полностью…
Seriously? What the hell are we going to do with it? We don't analyze it (we do sync it with some vendors), we only reverse maybe 0.00000001% of the samples.
What the hell are we doing? Why hasn't someone said something? We literally just have terabytes of malware hangin' around