During an incident, CERT Sekoia investigated fraudulent money transfers. These transfers were made from a French firm account to other bank accounts based in different places in Europe. The fraud has been valued at 800 000 euros. Initially, the bank of the French firm indicted an accountant officer of this

Botnets enable various cyber-criminal activities, like DDoS, banking fraud, data theft and extortion. Current botnet detection approaches face many challenges, for example, peer-to-peer infrastructures and domain fast-flux or encrypt the command and control information, in order to prevent signature based detection. In the recent years an increasing number of approaches

Cybercriminals employ websites to infect victims with malware using techniques such as drive-by-download or social engineering. On the other hand, several approaches (e.g. client honeypots) exist to detect malicious websites. Nonetheless, this is a time-consuming task, and thus, computational resources should be spent on targets that are more prone to

[To be completed]

Manual processing of malware samples became impossible years ago. Sandboxes are used to automate the analysis of malware samples to gather information about the dynamic behaviour of the malware, both at AV companies and at enterprises. Some malware samples use known techniques to detect when it runs in a sandbox,

Conficker was the first to introduce Domain Generation Algorithms to the malware world. Today’s modern malware practically use it as a basic building block.  Malware researchers have tackled this problem with various tools and techniques with varying degrees of success. In this talk, we will present a method which allows

What does a botnet do when it gets bored? Make every infection second count – even if it means to use the infection time for brute forcing. This presentation aims to show a complete sandbox infection cycle, which started with a seemingly Gamarue infection and end up with an automated

Brazil is a unique cybercrime landscape that has evolved on its own to surpass even the Russian-speaking underground in terms of how large and diverse it is. Brazilian cybercrime has considerably expanded in 2014, and now includes new malware and schemes engineered by local cybercriminals to steal online banking and

Botnets and other malware are getting better and better at evading blacklisting in enterprise networks. This draft paper is about an approach for detecting such botnets or other entities, using Domain Name Service (DNS) data and machine learning. Three distinguishing features of this work are that we identify what family

Nowadays malware sandboxes are commonly used by malware researchers. Sandboxes have also find they place commercially as a new security device. Not surprisingly, As was firewall in the 90’, IPS in early 2K and Web applications firewall recently, they are presented as a new silver bullet security device in the