Canadian Pharmacy scam has resurfaced, and shifted its spam strategy. The Canadian Pharmacy had been very active in the past. Its new strategy, though not new in spam world, is to compose emails with long message body, then inserts a hyperlink somewhere in any part of the email content. I've observed some spam emails from this botnet-operated pharmacy that slips from the spam filtering software, but it wont take that lonf for sure.

Figure 1 is an example of the spam mail. The message may look legit, but when you read it's content, its nothing but random words or phrases.The link to the canadian pharmacy wbsite is inserted as a small hyperlink, and when you view the included image, Figure 2 will be revealed. Familiar?

Figure 1. Canadian Pharmacy Spam mail

Figure 2. Loaded image

If you're still in doubt, try to click the image area which will redirect you to the actual canadian pharmacy website (See Figure 3)

Figure 3. Canadian Pharmacy website

OpenPacket.org

This looks pretty helpful when you deal with network/packet research:
Check: https://www.openpacket.org/

Angelina is in your (Spam) mailbox!

While most of us simply ignoring the spam mailbox, sometimes its a good idea to check them once in a while. But be ready as viruses mostly are lurking in your spammed mails.
So always wear some protection - use sandboxie while browser. It's not 100% malware proof but most of the time its enough layer of protection against web based exploits and malware.

I will be using my gmail account for demonstration.

1. Browse the Spam folder and slect anything cathces your interest.
2. Spams range from medicines, watches, and of course porn.

3. Hmmm..look at that subject above (highlighted in red):
"Angelina Jolie naked - WATCH". Isnt it interesting??

4. Google is so security conscious. By default, the objects that may contain malicious code, eg. graphics files, are not displayed by default. OK lets open it! Woaah!
5. As you can see, there is a watch link thats waiting for you to click if you wanna see more of Angelina!

6. But be cautious! This is the most common strategy of malware author spamming their malicious programs (or virus) to unsoliciting recipients.

Tip. You can check the SMTP header and the html code to see any malicious objects, like links to executable files or other javascripts. You can do it by clicking the small rectangular button in the picture below:

Clicking the "Show original" will show you the SMTP header and the HTML inside the mail as similar below:

7. Gotcha! You next step now is to manually download the exe file and send it to AV vendors if you can't analyze it by yourself. Or send it to online sandboxing services like Anubis (my favorite), Norman, CWsandbox, and free virus scanning Virustotal or virusscan.

Tamarin

http://hecker.org/mozilla/adobe-mozilla-and-tamarin

Security tools/RCE tools

Thanks to people for maintaining the ff links. Very helpful in our field.

Security Tools:
http://securitytools.wikidot.com/

RCE Tools:
http://www.woodmann.com/collaborative/tools/index.php/Category:RCE_Tools

Google hacking could lead to Zlob infection!

Link:http://www.fortiguardcenter.com/analysis/googlehackzlob.html