Monday 8th September 2014 11:12
Wow, what an amazing way to end the final year project: SecureHoney.net went viral, the project won an award (left) from the British Computer Society and I've been offered a scholarship to study a cyber security PhD.
It's been nearly three months since the last blog post in which we looked at the Android Simplocker Ransomware.
I decided it would be a good idea to take some time off over the summer so I'm ready and energised for the next adventure which starts later this month.
So what's been happening since the last blog post? Quite a lot as it turns out...
... read more
Tuesday 17th June 2014 10:09
In yesterday's blog post (How To Dissect Android Simplelocker Ransomware) we dissected the new Android Simplelocker ransomware.
In this blog post we'll be creating an antidote for the ransomware to decrypt any files it encrypts.
The process of creating the antidote is actually very simple because the ransomware comes with a built-in decrypt method and cipher password. This means we're able to create our own Java class and copy the decryption code from the ransomware into our antidote class.
So let's jump right in and start creating our antidote for Simplelocker!
... read more
Monday 16th June 2014 11:56
In this blog post we'll be looking at a new type of malware for Android phones that encrypts important files and demands the user pay a ransom to regain access to their phone.
This is the first reported case of ransomware being used on smartphones so I'm keen to find out more about this new malicious app.
I want to understand what this ransomware does and how it restricts the phone user from accessing files on their SD card. I'll be providing a step-by-step dissection of the malware to provide a clear explanation of how this app carries out its malicious activities.
So before we start the dissection let's look at exactly what Simplelocker is and where it came from.
... read more
Sunday 16th March 2014 16:34
Coming up in this blog post: dissecting malicious version of Flappy Bird reveals premium rate SMS message sent without user being aware.
I'm at a point with the project where I'm diverging away from the honeypot for a moment to look at other sources of malware.
I'm keen to see how Android malware is put together and how to reverse engineer it to see what's going on under the hood.
So in this blog post I'll be focusing on how to dissect one of the malicious versions of Flappy Bird.
Flappy Bird
First, a brief introduction and background on what Flappy Bird is.
Flappy bird is a game created by Vietnamese developer Dong Nguyen and published by indie game producer .GEARS Studios.
Dong Nguyen released the game on 24th May 2013 and it suddenly became popular in early 2014. It's reported that the game was earning $50,000 per day from adverts which were displayed within the game.
Creator Dong removed the game from Apple and Google on the 10th February 2014 after feeling guilty because the game was too addictive.
Having been removed from both both Apple's App Store and Google Play, various malicious versions of the app started to appear online to fill the gap.
So it's one of these malicious version of Flappy Bird that I'll be dissecting in this blog post.
... read more
Thursday 6th February 2014 11:23
Coming up in this blog post: trojan horse receives commands from a Chinese C&C server and sends DDoS attacks to a Malaysian online casino website.
I'll be analysing the malware to determine what it does and also update you on the rest of the project as it's been a while since my last blog post.
My last post was back on the 14th December 2013 and since then I've been buried in revision for exams in January, along with post-graduate applications and graduate scheme applications.
This means there's not been a huge amount of progress on the project, but I'm aiming to get straight back into focusing on it now. I'm also eager to share some insights into the "disknyp" malware which came to light back in December.
... read more