[TLP: Amber] Maciej Kotowicz is Principal Botnet Pwner at CERT.pl with a special interest in reverse engineering and exploit development as well as automation of both. In his free time he likes to drink beer and play CTFs, in no particular order.
Also known as Gozi2/Ursnif, sometimes Rovnix, ISFB reappeared in early 2013 attracting some attention from the research community and a lot of confusion in the naming convention and to what was being analyzed. Then suddenly, it went dark again. However, dark does not mean dead. With attention of the world
At the beginning of the year we observed shift of malware chosen by criminals. Old Citadel starts losing market pushed out by new versions of KINS. The threat was important enough to be added to ZeusTracker. After this the game changed, new encryption schema came to play, confusing researches. Following