본문 바로가기

malware

"UPATRE」에 의해 다운로드되는 「Gameover"임의의 헤더를 이용. 검출 해결이 목적 "TROJ_UPATRE"는 스팸 메일을 통해 확산하는 가장 일반적인 악성 프로그램의 위협입니다. 또한이 제품군은 암호화 된 "Gameover"라는 'ZBOT'의 변종을 감염 PC에 다운로드하는 것으로 알려져 있습니다. 또한이 'ZBOT'의 변종은 피어 투 피어 (P2P) 통신을 이용하여 자신의 명령 및 제어 (C & C)에 접속하는 것으로 알려져 있습니다. 이 악성 활동 내용은 2013 년 10 월 에 처음으로 확인되었습니다.트렌드 마이크로는 현재 이러한 "ZBOT '의 변종이 이진 않은 파일을 이용하고있는 것을 확인했습니다. 또한 다운로더이다 "UPATRE '도 이러한 악성 파일의 해독을 담당하고 있습니다. 이것은 보안 기능을 우회하여 감염 PC에서 탐지 및 제거를 방지하기 위해 수행됩니다.기존 파일이.. 더보기
Cyber Threat Landscape: Forecast his is the third post in our blog series that aims to provide a basic overview of the contemporary cyber threat landscape.According to United Nations Office on Drugs and Crime’s (UNODC) Comprehensive Report on Cyber Crime (2013), in 2011, at least 2.3 billion people, the equivalent of more than one third of the world’s total population, had access to the internet. Over 60% of all internet users .. 더보기
Cyber Threat Landscape: Attackers and Operations This is the second post in our blog series that aims to provide a basic overview of the contemporary cyber threat landscape.In 1996, a group of RAND researchers published a seminal book on the then alien concept of “netwar.” They introduced and defined the term as an “emerging mode of conflict (and crime)” in which actors rely on small teams lacking a “precise central command” or a rigid hierarc.. 더보기
Cyber Threat Landscape: Basic Overview and Attack Methods This is the first post in our blog series that aims to provide a basic overview of the contemporary cyber threat landscape.The flourishing synergy between the internet and its beneficiaries, who use it with varying identities, for various intentions and purposes, has had a noticeable impact on the overall outlook of the global cyber threat landscape.Today’s relatively open and interoperable glob.. 더보기
A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 2 A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 2This writing is dedicated to fellow sysadmins all over the networks in this globe, who work hard keeping internet services running smoothly and help to clean the bad stuff, you rocks! Respect! This is the second part of the previously posted analysis here-->>[Part 1]In this part I will discuss the FTP hacked sit.. 더보기
A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 1 A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 1This writing is dedicated to fellow sysadmins all over the networks in this globe, who work hard keeping internet services running smoothly and help to clean the bad stuff, you rocks! Respect! If you want to see the part of the writing that contains many DDoS source code disclosure, jump to the 2nd part in here .. 더보기
Fake Australian Electric Bill Leads to Cryptolocker Our reader Mark sent us a link he recovered from a Phishing e-mail. We don't have the e-mail right now, but the web site delivering the malware is kind of interesting in itself.The e-mail claims to come from "Energy Australia", an actual Australian utility company, and the link leads to:hxxp://energymar.com/ data/ electricity/ view/get/ energy.php ?eid=[long number]Note the somewhat plausible do.. 더보기
Angling for Silverlight Exploits This post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering. Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we have observed substantial tr.. 더보기
Unravelling the Connection Between New Infrastructure in Morocco and Renault Stock Price Analysis SummaryWeb intelligence suggests relationships between international media attention on Moroccan infrastructure and the performance of companies investing in the country.More specifically, there are recurring correlations between the media’s attention towards the Tanger-Med port facility and fluctuations in Renault’s stock price.Is there a relationship between the economic performance o.. 더보기
Hunting Hidden Lynx: How OSINT is Crucial for APT Analysis Analysis SummaryVisualization of open source intelligence on APTs reveals overlapping infrastructure, tools, and exploits used in the VOHO campaign and Operations Aurora, DeputyDog, and Ephemeral Hydra.Two vulnerabilities were identified as exploited by Hidden Lynx in its VOHO campaign (2012) and the Elderwood Gang responsible for Operation Aurora (2010). Command and control infrastructure was a.. 더보기