Actus Sécurité Confirmé 2012 S02

=> Are You Beta Testing Malware pt 2: Dissecting Fynloski’s Obfuscation. 09/01/2012. «In our previous post, we came across a couple of files that used some popular games as part of its social engineering technique. One of the files, which was named « diablo3-crack.exe » (after Diablo the video game series) is currently detected as Backdoor:Win32/Fynloski.A. It piqued our interest because we’re avid gamers, and much to our surprise when we took a closer look we found out that the obfuscation technique it uses was also interesting (…).»
Source : blogs.technet.com/b/mmpc/archive/2012/01/09/are-you-beta-testing-malware-pt-2-dissecting-fynloski-s-obfuscation.aspx

=> Who’s Behind the Koobface Botnet? – An OSINT Analysis. 09/01/2012. «It’s full disclosure time. In this post, I will perform an OSINT analysis, exposing one of the key botnet masters behind the infamous Koobface botnet, that I have been extensively profiling and infiltrating since day one (…).»
Source : ddanchev.blogspot.com/2012/01/whos-behind-koobface-botnet-osint.html
Billets en relation :
11/01/2012. Koobface malware gang – the noose tightens? : nakedsecurity.sophos.com/2012/01/11/koobface-malware-gang-noose/

=> Cyber crooks combine new Zeus variant and DDoS attacks. 10/01/2012. «A new variant of the information-stealing Zeus Trojan – dubbed Gameover – is currently being delivered to unsuspecting victims via emails purportedly coming from the National Automated Clearing House Association, the Federal Reserve Bank, or the Federal Deposit Insurance Corporation, warns the FBI (…).»
Source : www.net-security.org/malware_news.php?id=1954
Billets en relation :
06/01/2012. Malware Targets Bank Accounts : www.fbi.gov/news/stories/2012/january/malware_010612/malware_010612
09/01/2012. Zeus returns: FBI warns of ‘Gameover’ ID-theft malware : www.zdnet.com/blog/security/zeus-returns-fbi-warns-of-gameover-id-theft-malware/10002
11/01/2012. Tracking Zeus Variants : blogs.norman.com/2012/malware-detection-team/tracking-zeus-variants

=> Blackhole Ramnit – samples and analysis. 12/01/2012. «Ramnit – a Zeus-like trojan/worm/file infector with rootkit capabilities has been in the wild for a long time but recently made news because Seculert reported about a financial variant of this malware aimed at stealing Facebook credentials (…).»
Source : contagiodump.blogspot.com/2012/01/blackhole-ramnit-samples-and-analysis.html

=> Sykipot variant hijacks DOD and Windows smart cards. 12/01/2012. «Defenses of any sort, virtual or physical, are a means of forcing your attacker to attack you on your terms, not theirs. As we build more elaborate defenses within information security, we force our attacker’s hand. For instance, in many cases, implementing multi-factor authentication systems just forces the attacker to go after that system directly to achieve their goals. Take the breach at RSA, for example. It has been attributed to attackers who needed the SecurID information to go after their real targets in the defense industry (…).»
Source : labs.alienvault.com/labs/index.php/2012/when-the-apt-owns-your-smart-cards-and-certs/
Billets en relation :
12/01/2012. Researchers Find Sykipot Trojan Variant For Hijacking DoD Smart Cards : threatpost.com/en_us/blogs/researchers-find-sykipot-trojan-variant-hijacking-dod-smart-cards-011212
13/01/2012. Sykipot, le troyen qui utilisait une smartcard comme monture : si-vis.blogspot.com/2012/01/sykipot-le-troyen-qui-utilisait-une.html

=> Interview with a carder . 12/01/2012. «Talked with a carder recently via OTR Messaging (…).»
Source : xylibox.blogspot.com/2012/01/interview-with-carder.html
Billets en relation :
13/01/2012. Super-socks.com (proxies shop) : xylibox.blogspot.com/2012/01/super-sockscom-proxies-shop.html

=> Obfuscated JavaScript 2.0 – Building an encoder. 12/01/2012. «JavaScript is a wonderful language full of tricks, power and the element of confusion. In this day and age it is likely that most people handling PDF, JAVA, Flash or browser-based exploits has either seen, reversed or been owned due to JavaScript. To this day attackers continue to find clever new ways of hiding their exploit or making the reversing process a nightmare, but not many have turned to the web 2.0 features (…).»
Source : blog.9bplus.com/malicious-javascript-20-139
Billets en relation :
03/01/2012. Web Hijacks with AJAX : labs.m86security.com/2012/01/web-hijacks-with-ajax/

=> Chinese Exploit Packs. 12/01/2012. «While it can be difficult to attribute exploit packs in many cases, I believe it’s safe to say that there are a few made by Chinese authors. Their style can be seen across packs from the script used for traffic analysis to variable names and methods. Chinese packs are different but arguably still befitting the definition of an exploit pack (…).»
Source : www.kahusecurity.com/2012/chinese-exploit-packs/

=> Murofet: Changing to zlib . 12/01/2012. «Time passes and in the world of malware new threats continue to emerge, but the established threats still continue to evolve and everything points to this continuing. In this blog, we will once again talk about Zeus and, in particular, the version known as Murofet (…).»
Source : securityblog.s21sec.com/2012/01/murofet-changing-to-zlib.html

=> L’Invasion BLACKHOLE. 14/01/2012. «Quelle est la particularité de ces DNS ? A chaque query, une IP différente. Sur chaque IP, un BlackHole. (…).»
Source : internetpol.fr/wup/?L%27invasion+BlackHole.html#8069431858516ac5fe16f69744d49ac2
Billets en relation :
13/01/2012. Bhstat ? : xylibox.blogspot.com/2012/01/bhstat.html
13/01/2012. BlackHole spreads more and more malware : artemonsecurity.blogspot.com/2012/01/blackhole-spreads-more-and-more-malware.html

Vous pourriez aussi aimer...

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.