In the past year we have closely observed a new malware family attacking Polish online banking users. It utilized a simple observation: users tend not to check whether the text they copied is the one they pasted. Especially when that text is a 26-digit bank account number. This malware started
Category Archives: 2014
In the last several years malware writers have clearly understood that getting access to web servers can bring more benefits than infecting users’ PCs. Nowadays there are millions of completely unprotected web-sites and web servers with different kinds of vulnerabilities, so it is easy for attackers to upload web shells
At the beginning of the year we observed shift of malware chosen by criminals. Old Citadel starts losing market pushed out by new versions of KINS. The threat was important enough to be added to ZeusTracker. After this the game changed, new encryption schema came to play, confusing researches. Following
One of capabilities of a malicious botnet is to perform a distributed denial of service (DDoS) attack. Attacks can be performed by various methods like volumetric flooding, slow HTTP attacks or TCP protocol misuse. A DNS amplification is an example of volumetric flooding that became popular recently. It is well
In recent years ad fraud botnets have proven to be a significant threat to the online advertising industry, with their cost to advertisers being increasingly discussed in the press. In this talk we will give an overview of the online advertising industry, and we will describe how today’s advertisers inadvertently
Security experts have accomplished significant knowledge on how the most impenetrable botnets operate. While botnet intelligence gathering and disruptive tools are fast evolving, the legal mechanisms that enable investigation and prosecution of cyber crime are not progressing at the same pace. This has frustrated security experts, who show lack of
Mevade (also known as Sefnit) is a botnet that engages in click-fraud and cryptocurrency mining. Mevade is noticeable for two reasons. Firstly, it is huge: at some point, several millions of computers had been infected. And secondly, when it hosted its C&C servers on Tor hidden services, it almost took down the Tor network.