Fake CNN alerts galore!
I seize the opportunity to publish a new video (warning: 8 minutes of command-line staring) (hires XviD version here) showing you how to use my tools to retrieve malware samples hosted on a website. If you just visit an infected website with Internet Explorer, you run the risk of infecting your machine. The safe way to retrieve samples is to work in a low-risk environment (e.g. non-root account on a Linux VM) and use tools that are unlikely to be the target of exploits hosted on said website.
The following tools are featured in the video:
- wget -U ‘Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)’
- a modified SpiderMonkey
- pecheck.py (just some glue for pefile)
The file numbering trick (01., 02., 03., …) allows me to document exactly how I obtained the sample.
Since I recorded the video, the malware seems to have been removed from the site. But be careful, it’s not uncommon that compromised websites get reinfected.