Actus Sécurité Confirmé 2011 S45

=> New method of injection. 06/11/2011. «I disovered a new method of injection (I don’t know if it is really new) in a malware dropped by duqu. So I want to share it with you and as usual write a p0c (…).»
Source : blog.w4kfu.com/post/new_method_of_injection

=> Zeus Code Update Part 2 – Who is behind the recent changes?. 06/11/2011. «This time, we look at similar Zeus trojans from a different angle. We consider the entire set of changes and we try and estimate the complexity of those changes, which may give us an insight into the level of understanding shown by the respective authors when altering the Zeus source code (…).»
Source : www.tidos-group.com/blog/?p=456

=> Whistler Bootkit Flies Under the Radar. 08/11/2011. «Whistler, one of the first e-threats that could be classified as bootkits, has evolved new means to bypass the AV detection (…).»
Source : labs.bitdefender.com/?p=807
Billets en relation :
09/11/2011. Source : twitter.com/#!/2gg/statuses/134216556157739008

=> Floating-point math functions abused. 08/11/2011. «It’s common that malware using several tricks to change the execute flow of the program to disturb malware analysis, such as using unfamiliar callback functions, raising exception and so on. During malware analysis, we hardly see some math functions imported and invoked, but currently we found a bunch of samples using floating-point math operations to harass analysis. Now I will give an example to show how this happened (…).»
Source : blogs.avg.com/news-threats/floating-point-math-functions-abused/

=> APEC SpearPhish. 09/11/2011. «A suspicious email was received on 10/26/2011 and targeted a single, key individual in the organization. The sender appeared to be from a Hawaii-based real estate company. (…).»
Source : www.kahusecurity.com/2011/apec-spearphish-2/

=> Steganography or encryption in bankers?. 10/11/2011. «While looking over some potentially malicious links from Brazil, I came across an interesting group of files. They were of varying sizes but had similar structures (…).»
Source : www.securelist.com/en/blog/208193235/Steganography_or_encryption_in_bankers

=> The Duqu Saga Continues: Enter Mr. B. Jason and TV’s Dexter. 11/11/2011. «As we informed you earlier, we’ve recently been conducting an investigation into a number of incidents in connection with a Duqu trojan infection. Thankfully we’ve been able to make some headway in getting to the bottom of Duqu and putting together several of the previously absent components without which it has been difficult to understand what’s actually been going on (…).»
Source : www.securelist.com/en/blog/208193243/The_Duqu_Saga_Continues_Enter_Mr_B_Jason_and_TVs_Dexter

Vous pourriez aussi aimer...

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.