Actus Sécurité Confirmé 2012 S01

=> Stuxnet/Duqu: The Evolution of Drivers. 28/12/2011. «We have been studying the Duqu Trojan for two months now, exploring how it emerged, where it was distributed and how it operates. Despite the large volume of data obtained (most of which has yet to be published), we still lack the answer to the fundamental question – who is behind Duqu? (…).»
Source : www.securelist.com/en/analysis/204792208/Stuxnet_Duqu_The_Evolution_of_Drivers

=> Suo Anteeksi: Polite Variant of ZeuS. 28/12/2011. «There’s a run of ZeuS (aka Zbot) trojans currently targeting several Finnish banks. And naturally, our Threat Research team has been working on related cases. Interestingly, they’ve discovered some new ZeuS functionality that hints of SpyEye (…).»
Source : www.f-secure.com/weblog/archives/00002292.html

=> JQuery powered malware. 28/12/2011. «We have already written numerous times about the fact that social networks can be used by cyber criminals to harm their users. This technique we have spotted on the twitter network is not new, but it is interesting nonetheless (…).»
Source : blogs.avg.com/news-threats/jquery-powered-malware/
Billets en relation :
29/12/2011. Source : twitter.com/#!/Xylit0l/statuses/152319449494589440

=> Tracking Cyber Crime: we-deal.net black services. 31/12/2011. «Tracking Cyber Crime (…).» Gros boulot de Xylitol.
Source : xylibox.blogspot.com/2011/12/tracking-cyber-crime-we-dealnet-black.html
Billets en relation :
27/12/2011. Herpes botnet : xylibox.blogspot.com/2011/12/herpes-botnet.html
31/12/2011. Tracking Cyber Crime: ProfitBins.ru : xylibox.blogspot.com/2011/12/tracking-cyber-crime-profitbinsru.html
31/12/2011. Tracking Cyber Crime: ATM skimmer (Diebold) : xylibox.blogspot.com/2011/12/tracking-cyber-crime-atm-skimmer.html
31/12/2011. Tracking Cyber Crime: bastard.su FuLLz : xylibox.blogspot.com/2011/12/tracking-cyber-crime-bastardsu-fullz.html
31/12/2011. Tracking Cyber Crime: cardsmarket.su : xylibox.blogspot.com/2011/12/tracking-cyber-crime-cardsmarketsu.html
31/12/2011. Tracking Cyber Crime: pawn-shop.cc : xylibox.blogspot.com/2011/12/tracking-cyber-crime-pawn-shopcc.html
31/12/2011. Tracking Cyber Crime: lulzsec.su iProfit PayPal Shop : xylibox.blogspot.com/2011/12/tracking-cyber-crime-lulzsecsu-iprofit.html

=> Lancement d’un Wiki sur les botnets. 01/01/2012. «L’objet de ce Wiki est le partage d’informations par la communauté des chercheurs (académiques, indépendants) sur les botnets, les techniques de lutte contre les botnets. Il constitue une des briques de travaux de thèse commencés en 2011. La démarche de ce wiki comprend plusieurs objectifs: Décrire de façon encyclopédique l’information disponible sur les botnets et les techniques d’analyse et de lutte ; Établir des références aussi riches que possible pour l’ensemble des informations publiées, soit par renvoi à des publications scientifiques, publications de sources reconnues ou des travaux particulièrement documentés (…).» Une initiative privée très intéressante de Eric Freyssinet, officier de gendarmerie que l’on ne présente plus, auteur notamment du blog ‘Criminalités numériques’. Seul bemol à mon sens, la nécessité imposée par l’auteur de participer avec son identité réelle. Je crains que cela ne ferme la porte à pas mal de contributions -amateures ou professionnelles- toutes aussi pertinentes et dignes d’intérêts que de celles de professionnels à l’identité déclarée et revendiquée.
Source : www.botnets.fr/index.php/Accueil
Billets en relation :
01/01/2012. Criminalités numériques : blog.crimenumerique.fr/
01/01/2012. Source : twitter.com/#!/ericfreyss/statuses/153581398316429314

=> Bootkit Threat Evolution in 2011. 04/01/2012. «The year 2011 could be referred to as a year of growth in complex threats. Over the course of this year we witnessed an increase in the number of threats targeting the Microsoft Windows 64-bit platform, and bootkits in particular. Here is a self-explanatory diagram depicting the evolution of bootkit threats over time (…).»
Source : blog.eset.com/2012/01/03/bootkit-threat-evolution-in-2011-2

=> ZeuS – P2P + variant DGA – new risk analysis. 04/01/2012. «Autumn of 2011 registered a new malware infections. Analysis of the mechanism to run malicious software, the process of hiding, or manner of storage configurations ZeuS indicated. However, when monitoring infected machines have failed to notice the characteristic for the Trojan to communicate with a C & C. After closer examination it appeared that the sample is probably a new version based on the ZeuS code accidentally made public (…).»
Source : translate.google.com/translate?hl=fr&sl=auto&tl=en&u=http%3A%2F%2Fwww.cert.pl%2Fnews%2F4711
Billets en relation :
04/01/2012. ZeuS – wariant P2P+DGA – analiza nowego zagroz.enia : www.cert.pl/news/4711
06/01/2012. Source : twitter.com/#!/MalwareScene/statuses/155276188657532928

=> Analyzing PDF Malware – Part 2. 06/01/2012. «As the title states, this is the second part of Analyzing PDF Malware. If you haven’t read the first part you can find it here. Go ahead and read it now if you haven’t already, we’ll wait (…).»
Source : blog.spiderlabs.com/2012/01/analyzing-pdf-malware-part-2.html

=> Image Symlinks targeted by Remote File Inclusion attacks . 07/01/2012. «Image Symlinks is a quick bulk image uploader for WordPress powered by TimThumb. Image Symlinks also has a Built-in Image Uploader powered by Uploadify (www.uploadify.com) to upload images. Sounds great doesn’t it? What everyone omits to tell you is that both TimThumb and Uploadify will open up your site to the entire world and therefore render your site extremely vulnerable to hackers (…).»
Source : stopmalvertising.com/security/image-symlinks-targeted-by-remote-file-inclusion-attacks.html

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.

Navigation