Custom Search

Travnet Trojan Could Be Part of APT Campaign

Attackers use all kinds of attack vectors to steal sensitive information from their targets. Their efforts are not limited to only zero-day vulnerabilities. Malware authors often exploit old vulnerabilities because a large number of organizations still use old vulnerable software. The Trojan Travnet, which steals information, is a classic example of malware that …

Malware That Pretends To Be Google

Malware authors (AKA the criminals or the bad guys), use many advanced techniques to hide their activities. From encoding, to encrypting, to auto-generated random domains, conditional redirections and many other interesting methods.

In the middle of all their advanced options, they also use simple techniques to confuse the end user to think that a malicious domain …

The current case “DNSChanger” – what computer users can do now

There are two different characteristics of “DNSChanger” malware which should become clear with the following explanation:

Character 1:The malware modifies the DNS settings on an infected Windows PC. These settings include the “hosts” file and the DHCP settings.If the DNS settings are changed, a user does not reach the website he/she intended …

Fake AV business alive and kicking

Since June 2011 we have seen a substantial decrease in the number of fake antivirus programs. Right now we are observing 10 000 daily attempts to infect users with Trojan-FakeAV; back in June the figures were 50-60,000.

The daily number of attempted infections using Trojan-FakeAV in the past 5 months

Nevertheless, new …

Spamvertised ‘Uniform Traffic Ticket’ and ‘FDIC Notifications’ Serving Malware – Historical OSINT

The following intelligence brief will summarize the findings from a brief analysis performed on two malware campaigns from August, namely, the spamvertised Uniform Traffic Tickets and the FDIC Notification.

_Uniform Traffic Tickets

Spamvertised attachments – Ticket-728-2011.zip; Ticket-064-211.zip; Ticket-728-2011.zip

Detection rates: Ticket.exe – Gen:Trojan.Heur.FU.bqW@aK9ebrii -  Detection rate: 37/43 (86.0%)MD5   : 6361d4a40485345c18473f3c6b4b6609SHA1  : 50b09bb2e0044aa139a84c2e445a56f01d70c185SHA256: ca67a14bfed2a7bc2ac8be9c01cb17d5da12b75320b4bad4fe8d8a6759ad9725

Ticket1.exe …

Ascio Registrar Compromised – Brings Down UPS.com, Theregister and Others

If you tried to visit today the sites for UPS.com, theregister.co.uk, Vodafone, The Daily Telegraph and some other high profile sites, you would have received a scary message saying that they’ve been hacked (by turkguvenligi):

And they were indeed hacked, but not in the way most people think. Their servers were not …