Mildly interesting
As I'm working on collecting older malware samples I've made some observations.
1. The word "IOC" (Indicator of Compromise) has not been present in a report from 2001 - 2010.
2. Most malware samples were not shared. If they were shared they used MediaFire
3. Around 2008 people began referencing VirusTotal for malware detection rates and names. VirusTotal reports from that era are broken because they URLs have changed. VirusTotal's URLs were originally in spanish and were HTTP based
4. One of the first vendors to share malware MD5 (or SHA1, haven't seen a SHA256 yet) was FireEye (now Trellix) and Secureworks
5. Malware campaigns using social networks for target users was revolutionary concepts in 2009.
6. Conficker malware analysis reports illustrate how much malware has evolved. The malware techniques used by Conficker are amateur at best compared to modern malware techniques. Conficker was declared revolutionary (not exact words) because of its modularity. See attached image. A modern malware payload doing what Conficker did is ... meh ... everyone can do this. Interesting how much has changed.
As I'm working on collecting older malware samples I've made some observations.
1. The word "IOC" (Indicator of Compromise) has not been present in a report from 2001 - 2010.
2. Most malware samples were not shared. If they were shared they used MediaFire
3. Around 2008 people began referencing VirusTotal for malware detection rates and names. VirusTotal reports from that era are broken because they URLs have changed. VirusTotal's URLs were originally in spanish and were HTTP based
4. One of the first vendors to share malware MD5 (or SHA1, haven't seen a SHA256 yet) was FireEye (now Trellix) and Secureworks
5. Malware campaigns using social networks for target users was revolutionary concepts in 2009.
6. Conficker malware analysis reports illustrate how much malware has evolved. The malware techniques used by Conficker are amateur at best compared to modern malware techniques. Conficker was declared revolutionary (not exact words) because of its modularity. See attached image. A modern malware payload doing what Conficker did is ... meh ... everyone can do this. Interesting how much has changed.
π40β€16π―14π€3π₯1π’1
The most interesting person in the world was messaging me.
They've suddenly deleted their e-mail and Xitter account.
Come back:(
They've suddenly deleted their e-mail and Xitter account.
Come back:(
π’49β€18π7π₯°2π1π«‘1
vx-underground
MALAYSIA, STOP. DO NOT VIBE CODE A BANK
www.rytbank.my
Ryt Bank | Worldβs first AI-powered Bank
Ryt Bank is a next-generation AI-powered digital bank led by YTL Digital Capital Sdn Bhd, and Sea Limited, two of Southeast Asiaβs most successful companies. Ryt Bank is committed to transforming the banking landscape in Malaysia by offering innovative productsβ¦
π€£72π’11β€2π±1π1π1
vx-underground
NOOOOO https://www.rytbank.my/
Someone is going to do a prompt injection and transfer the entire countries GDP into a Swiss bank account π
π102π€£20β€9π«‘7π₯3π2
Connor Fitzpatrick a/k/a Pompompurin, the previous administrator of Breached, has been subject to re-trial and is being re-sentenced.
He is facing 188 months in prison (15 years) and $1,016,786.51 in restitution to victims.
He is facing 188 months in prison (15 years) and $1,016,786.51 in restitution to victims.
β€33π€£26π’13π±9π₯4π1
The first malware paper I've seen use a SHA256 was on November 12th, 2010 by Giuseppe Bonfa.
It was noted in an article for the InfosecInstitute titled: ZeroAccess Malware - De-Obfuscating and Reversing the User-Mode Agent Dropper
Mr. Bonfa now works for IBM
It was noted in an article for the InfosecInstitute titled: ZeroAccess Malware - De-Obfuscating and Reversing the User-Mode Agent Dropper
Mr. Bonfa now works for IBM
π₯51β€7π€6π’1π―1
vx-underground
The first malware paper I've seen use a SHA256 was on November 12th, 2010 by Giuseppe Bonfa. It was noted in an article for the InfosecInstitute titled: ZeroAccess Malware - De-Obfuscating and Reversing the User-Mode Agent Dropper Mr. Bonfa now works forβ¦
Prior to this, I had only seen MD5 hashes and (sometimes, rarely) SHA1. Congratulations Mr. Bonfa
π44β€9π€3π’1
This media is not supported in your browser
VIEW IN TELEGRAM
me going to bed after a long day of internet schizophrenia
β€76π―17π€£7β€βπ₯5π€4π3π’1π1
Tiny people inside my computer,
I come with gifts.
New papers:
- 2024-06-28 - An unexpected journey into Microsoft Defender's signature World
- 2025-07-26 - Ghosting the Sensor Disrupting Defender for Identity Without Detection
2025-08-24 - Hyper-V utility LiveCloudKd evolution and architecture technical analysis
- 2025-08-31 - Fetch PEB Using Verifier DLL
- 2025-09-04 - Investigating a Mysteriously Malformed AuthenticodeSignature
Thank you to Explode3240 for assisting with these papers.
New malware samples:
- Malware analysis papers from 2006 - 2010 have been synced and pushed to prod
New malware source code:
- Added a proof-of-concept "CSS" keylogger. It was initially noted by usetraceix
Pic unrelated
I come with gifts.
New papers:
- 2024-06-28 - An unexpected journey into Microsoft Defender's signature World
- 2025-07-26 - Ghosting the Sensor Disrupting Defender for Identity Without Detection
2025-08-24 - Hyper-V utility LiveCloudKd evolution and architecture technical analysis
- 2025-08-31 - Fetch PEB Using Verifier DLL
- 2025-09-04 - Investigating a Mysteriously Malformed AuthenticodeSignature
Thank you to Explode3240 for assisting with these papers.
New malware samples:
- Malware analysis papers from 2006 - 2010 have been synced and pushed to prod
New malware source code:
- Added a proof-of-concept "CSS" keylogger. It was initially noted by usetraceix
Pic unrelated
β€39π±5π’4π₯1
Nerds angry at ProtonMail today (yesterday?) due to internet drama (as is tradition). People are big mad. Is it a big deal? Are people overreacting? Why did normie accounts comment on the issue like they know what's going on?
Phrack did some silly things on the internet. They were able to get access to North Korean state-sponsored machines, or something, which were being used to attack South Korean government stuff. Specifically, the DPRK was targeting:
- South Korea Defense Counterintelligence Command
- South Korea Ministry of Foreign Affairs
- ???
Phrack was able to do some internet nerd stuff and dump DPRK password sheets (domain, username, password) which were stored in various files unencrypted (literally a .docx). They also dumped screenshots of user stuff, more credentials, tooling, documentation, and 20,000 browser history entries.
Following this, Phrack decided to be nice and notify the South Korean government regarding the DPRK.
I'm not a government nerd, but I'd guess that the South Korean government would like to be notified of any intelligence regarding the DPRK and their offensive cybersecurity actions toward them.
Here is the drama:
Phrack was speaking to South Korean nerds in proxy. Some nerd made a Proton e-mail and contacted the South Korean government from Proton e-mail. On August 15th, proxy nerd had their Proton e-mail magically nuked. Additionally, Phrack nerd had their Proton e-mail magically nuked August 16th.
It doesn't take a rocket scientist to put 2 and 2 together here and determine that Proton, for reasons not explained, took action against them (in some capacity) and terminated their accounts.
Phrack then contacted Proton e-mail requesting an unban, or something. Proton replied with, "your account will cause further damage to our service, therefore we will keep the account suspended."
Phrack then decided to contact Proton legal department. Phrack contacted Proton's legal department on 8 separate occasions and was ignored.
Did Proton violate their privacy stuff by terminating the Phrack accounts? Why was Phrack stuff terminated? Did the South Korean government get big mad and decide to send legal stuff to Phrack? Is Proton illegal and for nerds?
Find out next time on Dragon Ball Z
Phrack did some silly things on the internet. They were able to get access to North Korean state-sponsored machines, or something, which were being used to attack South Korean government stuff. Specifically, the DPRK was targeting:
- South Korea Defense Counterintelligence Command
- South Korea Ministry of Foreign Affairs
- ???
Phrack was able to do some internet nerd stuff and dump DPRK password sheets (domain, username, password) which were stored in various files unencrypted (literally a .docx). They also dumped screenshots of user stuff, more credentials, tooling, documentation, and 20,000 browser history entries.
Following this, Phrack decided to be nice and notify the South Korean government regarding the DPRK.
I'm not a government nerd, but I'd guess that the South Korean government would like to be notified of any intelligence regarding the DPRK and their offensive cybersecurity actions toward them.
Here is the drama:
Phrack was speaking to South Korean nerds in proxy. Some nerd made a Proton e-mail and contacted the South Korean government from Proton e-mail. On August 15th, proxy nerd had their Proton e-mail magically nuked. Additionally, Phrack nerd had their Proton e-mail magically nuked August 16th.
It doesn't take a rocket scientist to put 2 and 2 together here and determine that Proton, for reasons not explained, took action against them (in some capacity) and terminated their accounts.
Phrack then contacted Proton e-mail requesting an unban, or something. Proton replied with, "your account will cause further damage to our service, therefore we will keep the account suspended."
Phrack then decided to contact Proton legal department. Phrack contacted Proton's legal department on 8 separate occasions and was ignored.
Did Proton violate their privacy stuff by terminating the Phrack accounts? Why was Phrack stuff terminated? Did the South Korean government get big mad and decide to send legal stuff to Phrack? Is Proton illegal and for nerds?
Find out next time on Dragon Ball Z
β€57π«‘22β€βπ₯5π€3π1
vx-underground
Nerds angry at ProtonMail today (yesterday?) due to internet drama (as is tradition). People are big mad. Is it a big deal? Are people overreacting? Why did normie accounts comment on the issue like they know what's going on? Phrack did some silly thingsβ¦
You can read more about it from Phrack themselves. You can also look at North Korean nerds silly passwords (they're basically qwerty)
https://phrack.org/issues/72/7_md#article
https://phrack.org/issues/72/7_md#article
Phrack
APT Down - The North Korea Files
Click to read the article on phrack
β€32π₯7π’1
7 days ago Google lost a class action lawsuit and must pay $425,000,000 to users because they "mislead" them.
For over 8 years Google collected information on users via Firebase even if users disabled analytics. The class action lawsuit initially requested $1,500,000,000. Court documents believe Google collected analytics ... accidentally (?) ... on over 98,000,000 people. This includes harvesting data (on Android and iPhone) from Uber, Venmo, Shazam, New York Times, Duolingo, and Instagram.
Google lawyers argue that they did not mislead users, rather users "simply do not understand" how Firebase works. Google stated they plan on appealing the court decision.
For over 8 years Google collected information on users via Firebase even if users disabled analytics. The class action lawsuit initially requested $1,500,000,000. Court documents believe Google collected analytics ... accidentally (?) ... on over 98,000,000 people. This includes harvesting data (on Android and iPhone) from Uber, Venmo, Shazam, New York Times, Duolingo, and Instagram.
Google lawyers argue that they did not mislead users, rather users "simply do not understand" how Firebase works. Google stated they plan on appealing the court decision.
π€£73π₯10π€10β€7π3π2π’1
This media is not supported in your browser
VIEW IN TELEGRAM
> make post about Proton
> nerds fight
> Proton CEO joins nerd fight
> Proton competitor joins nerd fight
> another day of internet schizophrenia
> nerds fight
> Proton CEO joins nerd fight
> Proton competitor joins nerd fight
> another day of internet schizophrenia
π78β€9π6π’1
History has a way of repeating itself.
Earlier today United States Secretary of Health, Robert F. Kennedy Jr, states he believes one potential cause of mass shootings (of several he listed) is video games.
Potential games which may make you prone to being a mass shooter and/or serial killer:
- Doom
- Mortal Kombat
- Wolfenstein
- Call of Duty
- Grand Theft Auto
This is the same rhetoric which was posed in the 1980s, 1990s, 2000s, 2010s and, unsurprisingly, 2020s.
Earlier today United States Secretary of Health, Robert F. Kennedy Jr, states he believes one potential cause of mass shootings (of several he listed) is video games.
Potential games which may make you prone to being a mass shooter and/or serial killer:
- Doom
- Mortal Kombat
- Wolfenstein
- Call of Duty
- Grand Theft Auto
This is the same rhetoric which was posed in the 1980s, 1990s, 2000s, 2010s and, unsurprisingly, 2020s.
π€£96β€12π4π€3π2π1
vx-underground
History has a way of repeating itself. Earlier today United States Secretary of Health, Robert F. Kennedy Jr, states he believes one potential cause of mass shootings (of several he listed) is video games. Potential games which may make you prone to beingβ¦
Call of Duty and Grand Theft Auto are some of the most successful game franchises on the planet and in history thus far.
It would be extraordinary difficult to find a younger person (Gen Z, Millennial, maybe Gen X), who hasn't played Grand Theft Auto or Call of Duty
The insinuation is so absurd. It's like stating 1 out of every 1 (100%) of people could be potentially violent.
???
It would be extraordinary difficult to find a younger person (Gen Z, Millennial, maybe Gen X), who hasn't played Grand Theft Auto or Call of Duty
The insinuation is so absurd. It's like stating 1 out of every 1 (100%) of people could be potentially violent.
???
β€47π16π8π€£6π―4π₯3π’1
Tomorrow on the vx-underground internet schizophrenia show:
- More malware papers
- More malware samples
- 5 Malware Noob Month Posts (I'm behind schedule)
- Cat pictures?
- Ransomware operator indicted
- Is malware illegal and for nerds?
- More malware papers
- More malware samples
- 5 Malware Noob Month Posts (I'm behind schedule)
- Cat pictures?
- Ransomware operator indicted
- Is malware illegal and for nerds?
β€46π€―13π₯4π2π’1
Malware Noob Month Post #9
It's impossible to know everything about malware.
That's an obvious statement people say about every subject, but I think it's important to add some context to this to really shine a light on the topic.
First and foremost, malware exists on different platforms and different architectures. This in of itself broadens the scope of malware. You essentially have a few main categories of study and then what I would describe as "everything else"
1. Windows malware
2. Linux malware
3. MacOS malware
4. Mobile malware
5. Web malware
6. ICS/SCADA malware
7. IoT malware
8. everything else...
Windows malware is the most common and widely studied and discussed. The reason why is that Windows is most commonly used in enterprise environments. That's where malware will drift toward naturally. That's where the money is.
Linux malware is far less common due to the rarity of Linux based operating systems in enterprise environments. Yes, of course they exist in enterprise environments, but it's not nearly as common as Windows. Linux malware also has some difficulties whereas Linux users *usually* aren't as ... uneducated ... as Windows users. Basically, Linux is for nerds. It's a little harder to get nerds to detonate malware.
MacOS malware very much exists. It's an extremely niche and specialized field of study on the malware ecosystem. Being completely honest, I don't know shit about MacOS malware. I've never even really used an Apple product. People like Patrick Wardle do lots of research on MacOS malware and do malware things.
Mobile malware is rampant. It exists on both Android and iPhone. However, iPhone malware is much more hush-hush (I can only speculate why). Android malware is a huge field of study, it's found every single day, it poses a very real risk. I also don't know much about it. People like Laurie Wired and some other nerd who works at ESET (can't remember your name right now, sorry bro, I love you), discuss it often. Mobile malware now has become a real area of focus since the rise of targeted malware (such as Pegasus Spyware). Everyone has a mobile device. Long story. Crazy stuff.
Web malware is fairly generic nowadays. Historically PHP malware was a huge problem in the mid-2000s. Now most web based malware is malicious HTML pages which try to convince you to run binaries. It exists, but it isn't as robust as it used to be due to changes in web application architecture.
ICS/SCADA malware is a cluster fuck. It's malware for Industrial Control Systems such as Electrical Power Plants, Nuclear Centrifuges, Water Plants, etc. I know even less about ICS/SCADA malware than I do about MacOS malware. Cybersecurity firm Dragos is a big player in ICS/SCADA malware. ICS/SCADA malware is also kind of "deadly" in that this sort of malware can really impact people's lives (losing power in their home, for example).
IoT malware (Internet of Things), is a currently fairly generic malware topic. Most IoT devices (cameras, washing machines, shit that shouldn't be connected to the internet) are Linux based operating systems. Hence, they have heavy overlap with Linux malware. However, IoT devices and IoT malware typically revolve around botnets (DDoS) because (usually) IoT devices cannot be used for much else other than bandwidth.
Everything else...
Nerds putting malware on toasters, car firmware, ... Anything niche and weird. People will do something cool with it. Someone once put malware on stuff that tracks cows? They turned cows into DDoS stuff or something. Someone also wrote ransomware for chastity belts...
It's impossible to know everything about malware.
That's an obvious statement people say about every subject, but I think it's important to add some context to this to really shine a light on the topic.
First and foremost, malware exists on different platforms and different architectures. This in of itself broadens the scope of malware. You essentially have a few main categories of study and then what I would describe as "everything else"
1. Windows malware
2. Linux malware
3. MacOS malware
4. Mobile malware
5. Web malware
6. ICS/SCADA malware
7. IoT malware
8. everything else...
Windows malware is the most common and widely studied and discussed. The reason why is that Windows is most commonly used in enterprise environments. That's where malware will drift toward naturally. That's where the money is.
Linux malware is far less common due to the rarity of Linux based operating systems in enterprise environments. Yes, of course they exist in enterprise environments, but it's not nearly as common as Windows. Linux malware also has some difficulties whereas Linux users *usually* aren't as ... uneducated ... as Windows users. Basically, Linux is for nerds. It's a little harder to get nerds to detonate malware.
MacOS malware very much exists. It's an extremely niche and specialized field of study on the malware ecosystem. Being completely honest, I don't know shit about MacOS malware. I've never even really used an Apple product. People like Patrick Wardle do lots of research on MacOS malware and do malware things.
Mobile malware is rampant. It exists on both Android and iPhone. However, iPhone malware is much more hush-hush (I can only speculate why). Android malware is a huge field of study, it's found every single day, it poses a very real risk. I also don't know much about it. People like Laurie Wired and some other nerd who works at ESET (can't remember your name right now, sorry bro, I love you), discuss it often. Mobile malware now has become a real area of focus since the rise of targeted malware (such as Pegasus Spyware). Everyone has a mobile device. Long story. Crazy stuff.
Web malware is fairly generic nowadays. Historically PHP malware was a huge problem in the mid-2000s. Now most web based malware is malicious HTML pages which try to convince you to run binaries. It exists, but it isn't as robust as it used to be due to changes in web application architecture.
ICS/SCADA malware is a cluster fuck. It's malware for Industrial Control Systems such as Electrical Power Plants, Nuclear Centrifuges, Water Plants, etc. I know even less about ICS/SCADA malware than I do about MacOS malware. Cybersecurity firm Dragos is a big player in ICS/SCADA malware. ICS/SCADA malware is also kind of "deadly" in that this sort of malware can really impact people's lives (losing power in their home, for example).
IoT malware (Internet of Things), is a currently fairly generic malware topic. Most IoT devices (cameras, washing machines, shit that shouldn't be connected to the internet) are Linux based operating systems. Hence, they have heavy overlap with Linux malware. However, IoT devices and IoT malware typically revolve around botnets (DDoS) because (usually) IoT devices cannot be used for much else other than bandwidth.
Everything else...
Nerds putting malware on toasters, car firmware, ... Anything niche and weird. People will do something cool with it. Someone once put malware on stuff that tracks cows? They turned cows into DDoS stuff or something. Someone also wrote ransomware for chastity belts...
π₯57β€19π€£11π€4π«‘4π’1π―1
Chat, who would have thought?
A study on the United Kingdom Online Safety Act shows that websites that complied with the United Kingdom government, and performed ID verification, lost 90% of it's web traffic.
Users went to unregulated sites.
https://www.techdirt.com/2025/09/08/uk-age-verification-data-confirms-what-critics-always-predicted-mass-migration-to-sketchier-sites/
A study on the United Kingdom Online Safety Act shows that websites that complied with the United Kingdom government, and performed ID verification, lost 90% of it's web traffic.
Users went to unregulated sites.
https://www.techdirt.com/2025/09/08/uk-age-verification-data-confirms-what-critics-always-predicted-mass-migration-to-sketchier-sites/
Techdirt
UK Age Verification Data Confirms What Critics Always Predicted: Mass Migration To Sketchier Sites
New data from the UKβs age verification rollout provides hard evidence of what internet governance experts have been warning about for years: these laws donβt protect childrenβthey systβ¦
π€£93π₯25π«‘14β€8π€5π’1