Actus Sécurité Confirmé 2011 S41

=> Possible Governmental Backdoor found (« case R2D2″). 09/10/2011. «Chaos Computer Club from Germany has tonight announced that they have located a backdoor trojan used by the German Goverment (…).» Retour sur une actu évoquée la semaine dernière.
Source : www.f-secure.com/weblog/archives/00002249.html
Billets en relation :
10/10/2011. German Policeware: Use the Farce…er, Force…Luke : blog.eset.com/2011/10/10/german-policeware-use-the-farce-er-force-luke
10/10/2011. Binaries : www.ccc.de/system/uploads/77/original/0zapftis-release.tgz

=> Android.Spitmo C&C . 09/10/2011. «The 13 September, Ayelet Heyman of Trusteer blogged about the first SpyEye Attack on Android. The sample « simseg.apk », was not really hard to find (…).»
Source : xylibox.blogspot.com/2011/10/androidspitmo-c.html

=> ZeuS Gets More Sophisticated Using P2P Techniques. 10/10/2011. «Recently, I’ve seen some major modifications in ZeuS murofet/LICAT. Murofet (also know as LICAT) is a modified version of ZeuS, which is using a so called Domain Generation Algorithm (DGA) to calculate the current botnet C&C domain (…).»
Source : www.abuse.ch/?p=3499

=> CWH Underground’s – Beyond SQLi: Obfuscate and Bypass. 10/10/2011. «Le nouveau whitepaper des CWH Underground (citec.us) est là, basé sur les SQL Injections avancées, ce white est réellement bien fait (…).»
Source : www.shocknsl.com/?p=129
Billets en relation :
10/10/2011. Beyond SQLi: Obfuscate and Bypass : www.exploit-db.com/papers/17934/

=> Latin American banks under fire from the Mexican VOlk-Botnet. 11/10/2011. «Latin America has ceased to be a region that simply receives attacks from across the world. Since late 2009 it has begun to copy fraudulent business models through which American cybercriminals have begun producing their own criminal resources (…).»
Source : www.securelist.com/en/blog/208193160/Latin_American_banks_under_fire_from_the_Mexican_VOlk_Botnet

=> Inside Phoenix Exploit’s Kit 2.8 mini version. 11/10/2011. «Phoenix Exploit’s Kit is a package with more continuity in crime scene crimeware. After all this tour is currently in the wild version 2.8 that, despite having a low activity since the last half of this year, remains one of the many Exploit Pack with greater preference for cyber-criminals. (…).»
Source : malwareint.blogspot.com/2011/10/inside-phoenix-exploits-kit-28-mini.html

=> Weevely Stealth Tiny PHP Backdoor Analysis. 11/10/2011. «@adulau has sent a tweet about a stealth tiny PHP backdoor named Weevely how is pretending to be unobtrusive and not detectable by NIDS, anti-viruses and log review activity. Weevely simulate a telnet-like session, if you communicate with the backdoor through HTTP, or ssh-like session, if you communicate with the backdoor through HTTPS (…).»
Source : eromang.zataz.com/2011/10/11/weevely-stealth-tiny-php-backdoor-analysis/
Billets en relation :
11/10/2011. Source : twitter.com/#!/tricaud/statuses/123884834497101824

=> Bypassing Windows 7 ASLR. 13/10/2011. «Few days ago Stefan Le Berre from NES security labs wrote an interesting document about Windows 7 ASLR. Most of my readers know that exploiting a randomized user space is quite difficult, and I am sure they appreciated NES effort (…).»
Source : marcoramilli.blogspot.com/2011/10/bypassing-windows-7-aslr.html
Billets en relation :
11/10/2011. BYPASSING WINDOWS 7 KERNEL ASLR [pdf] : www.nes.fr/docs/NES-BypassWin7KernelAslr.pdf

=> Malware Uses New DLL Loading Technique – MS11-071. 13/10/2011. «It has been a year since we have witnessed a DLL hijacking technique which loads a malicious DLL that affects hundreds of programs. The method involves dropping a collection of normal files together with the malicious DLL from within a directory. We recently analyzed the following archive sample. Only the file “deskpan.dll” was detected as malicious. (…).»
Source : blog.commtouch.com/cafe/malware/malware-uses-new-dll-loading-technique-%e2%80%93-ms11-071/

=> Analyzing SpyEye 1.3.45. 13/10/2011. «I’ve analyzed SpyEye 1.3.45 bot program. I found some interesting features (…).»
Source : cci.cocolog-nifty.com/blog/2011/10/analyzing-spyey.html
Billets en relation :
12/10/2011. Source1 : twitter.com/#!/2gg/statuses/124270187934523392
13/10/2011. Source2 : twitter.com/#!/2gg/statuses/124536185770094592
13/10/2011. SpyEye vs. Tracker : translate.google.com/translate?sl=ru&tl=en&u=http%3A%2F%2Fwww.securelist.com%2Fru%2Fblog%2F207766908%2FSpyEye_vs_Tracker

=> Android Malware accepting remote commands. 13/10/2011. «Android Malware accepting remote commands, this is the C&C (…).»
Source : twitter.com/#!/jorgemieres/statuses/124565030246170626

=> SpyEye and Zeus Malware: Married Or Living Separately? . 14/10/2011. «Everyone knows that the first year of marriage can be a tough one -around three percent of them end in the first 12 months. Looks like the same can be true of malware marriages, with the union of the Zeus and SpyEye Trojan now in question. Just one year after news broke that the Zeus and SpyEye Trojan families had merged, virus experts say there’s reason to question whether the union is still intact. (…).»
Source : threatpost.com/en_us/blogs/spyeye-and-zeus-malware-married-or-living-separately-101411

=> Malware using the Local Group Policy to Gain Persistence . 15/10/2011. «Malware is constantly finding obscure ways to hide hooks within the OS so that it can remain active after a reboot. One approach that we encountered recently involved using the Local Group Policy. Group Policy is a set of rules and settings that can be used to manage the Operating System and environment. (…).»
Source : www.hbgary.com/malware-using-local-group-policy
Billets en relation :
15/10/2011. Source : twitter.com/#!/TimelessP/statuses/125302141786132481

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.

Navigation