Thwarting Virtual Machine Detection

Tom Liston and Ed Skoudis has written a clean paper about how to detect a Virtual Machine and some possible method for prevent it against detection . it's an old paper but Recommended read.
Read the paper

Decoding malicious Javascripts

many malware authors using obscured javascripts for redirect browsers to infected URLs.
I will introduce several methods to decode malicious javascripts:
simple way to decode javascript:
find all "document.write" or "eval" in your javascript and replace them with "alert" .this act will cause decoded string show in a messagebox .(this isn't work on evry coded script certainly).
decode javascript via firefox:
this way show to you that where redirect your script ?, first going to "bookmarks" menu and select "organize bookmarks..." next select "file->new bookmark" after bookmark window appeared , enter a optinal name and copy & paste target script in "location" and press ok . to watch affect of this act just select created bookmark next select "properties" (in right-click) and looking "location" . this is a stupid solution but easy .
for more information you can read SANS paper for find other ways.
If didn't work these ways then going to a bookstore and buy a javascript book and decode your script :)

SecurityFocus Interviews the MPack Author

SecurityFocus has released an interview of mpack author .this is nothing special but it's worth of reading . if you interesting know more about mpack kit , you can read pandalabs post and "fantastic report" .

interview : "DCT,MPACK AUTHOR"
Update:
the unedited interview: papers_1.html

start

Hi,
we will start this blog for share something that is known about malware analysis and things like that .