Actus Sécurité Confirmé 2012 S14

=> Citadel 1.3 . 19/03/2012. «Citadel Zeus Bot is under active development and new version 1.3.3 is released by its coder Aquabox. The author post is directly copied from underground forum and translated to english for your convenience. Thanks to @Sherb1n (…).»
Source : cyb3rsleuth.blogspot.fr/2012/03/citadel-13.html

=> Dirty RAT Eats Nate’s Banana. 21/03/2012. «Due to the complexity of these samples, this might be a pretty long blog post. Sorry in advance for that, but hopefully it will be jam-packed with goodness. I’ll try to keep everything broken up nicely to make it easier on the readers (…).»
Source : blog.spiderlabs.com/2012/03/dirty-rat.html

=> MS12-020 round up . 23/03/2012. «Tout le monde et sa grand mere a ecrit un billet sur MS12-020, et c’est donc mon tour. Le soucis, c’est que personne ne semble avoir vraiment compris la vulnerabilite, et par consequent la quantite d’inexactitudes, d’approximations et autres contresens me fait grincer des dents (…).»
Source : expertmiami.blogspot.fr/2012/03/ms12-020-round-up.html
Billets en relation :
27/03/2012. Bain de code et explications d’experts : www.cnis-mag.com/bain-de-code-et-explications-d%E2%80%99experts.html

=> Vulnerability analysis, practical data flow analysis and visualization. 23/03/2012. «Recently at CanSecWest 2012, we presented on the technology we use for analyzing malicious samples and PoC files. As malware often actively attempts to exploit software vulnerabilities these days, understanding the internals of these vulnerabilities is essential when writing defense logic (…).»
Source : blogs.technet.com/b/mmpc/archive/2012/03/23/vulnerability-analysis-practical-data-flow-analysis-and-visualization.aspx

=> The mystery of Duqu: Part Ten. 27/03/2012. «At the end of the last year the authors of Duqu and Stuxnet tried to eliminate all traces of their activity. They wiped all servers that they used since 2009 or even earlier. The cleanup happened on October 20. There were virtually no traces of Duqu since then. But several days ago our colleagues in Symantec announced that they found a new « in-the-wild » driver that is very similar to known Duqu drivers (…).»
Source : www.securelist.com/en/blog/208193425/The_mystery_of_Duqu_Part_Ten
Billets en relation :
19/03/2012. The mystery of Duqu Framework solved : www.securelist.com/en/blog/677/The_mystery_of_Duqu_Framework_solved
20/03/2012. New Duqu Sample Found in the Wild : www.symantec.com/connect/blogs/new-duqu-sample-found-wild
20/03/2012. DuQu : équipe old school et code sophistiqué passe-partout : si-vis.blogspot.fr/2012/03/duqu-equipe-old-school-et-code.html

=> Blackhole, CVE-2012-0507 and Carberp. 30/03/2012. «This week Blackhole has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/Exploit.CVE-2012-0507. Earlier this week information was published about the Blackhole update by French malware researcher Xylitol and last week Microsoft shared information about an interesting way of breaching the JRE (Java Runtime Environment) sandbox (…).»
Source : blog.eset.com/2012/03/30/blackhole-cve-2012-0507-and-carberp
Billets en relation :
20/03/2012. An interesting case of JRE sandbox breach (CVE-2012-0507) : blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx
28/03/2012. Blackhole v1.2.3 : xylibox.blogspot.fr/2012/03/blackhole-v123.html
02/04/2012. CVE-2012-0507 : marcoramilli.blogspot.fr/2012/04/cve-2012-0507.html
02/04/2012. Blackhole’s Lesser Known Exploit CVE-2011-0559 : www.f-secure.com/weblog/archives/00002342.html

=> Varying Degrees of Malware Injections Decoded. 30/03/2012. «It is no longer the day of human-readable injections, or even the use of basic encoding schemes like base64. Instead we’re seeing a rise in complex, and in some instances, elusive encoding schemes that carry with them a big punch. There are varying degrees of malware injections that include some of the following traits (…).»
Source : blog.sucuri.net/2012/03/varying-degrees-of-malware-injections-decoded.html

=> Mac Flashback Exploiting Unpatched Java Vulnerability. 02/04/2012. «A new Flashback variant (Mac malware) has been spotted exploiting CVE-2012-0507 (a Java vulnerability). We’ve been anticipating something like this for a while now (…).»
Source : www.f-secure.com/weblog/archives/00002341.html
Billets en relation :
19/03/2012. Mac Malware at the Moment : www.f-secure.com/weblog/archives/00002330.html
23/03/2012. Are you having a (Mac) Flashback? : www.f-secure.com/weblog/archives/00002336.html

=> A DDoS Family Affair: Dirt Jumper bot family continues to evolve. 05/04/2012. «Previous blog entries and analysis by others in the security community have shined a light upon the Dirt Jumper DDoS bot. Dirt Jumper continues to evolve (version 5 appears to be the newest) and a variety of other associated bots packages have emerged (…).»
Source : ddos.arbornetworks.com/2012/04/a-ddos-family-affair-dirt-jumper-bot-family-continues-to-evolve/

=> Darkshell DDOS Botnet Evolves With Variants. 05/04/2012. «Darkshell is a distributed denial of service (DDoS) botnet targeting Chinese websites. It was found in 2011 and was first analyzed by Arbor Networks. McAfee Labs recently analyzed a few new samples that turned out to be variants of Darkshell, and we found extensive variations in network traffic and control commands (…).»
Source : blogs.mcafee.com/mcafee-labs/darkshell-ddos-botnet-evolves-with-variants

=> A DDoS Family Affair: Dirt Jumper bot family continues to evolve. 05/04/2012. «Previous blog entries and analysis by others in the security community have shined a light upon the Dirt Jumper DDoS bot. Dirt Jumper continues to evolve (version 5 appears to be the newest) and a variety of other associated bots packages have emerged over time to include Simple, September, Khan, Pandora, the Di BoTNet and at least one private version of Dirt Jumper 5 that I am aware of. While we have collected about 300 malware samples of the Dirt Jumper family, it is likely that other variants are available, as the binaries and back-end PHP for Dirt Jumper has leaked several times (…).»
Source : ddos.arbornetworks.com/2012/04/a-ddos-family-affair-dirt-jumper-bot-family-continues-to-evolve/

=> Exploit Kit plays with smart redirection (amended). 06/04/2012. «This week we have detected another interesting attack vector. This time cybercriminals are using an interesting technique for hiding malicious Javascripts and employ implicit iFrame injection. At this moment we are tracking hundreds of infected legitimate web sites in the Russian internet segment using this technique of infection. Let’s analyze this attack method step by step (…).»
Source : blog.eset.com/2012/04/05/blackhole-exploit-kit-plays-with-smart-redirection

=> Zeus v2 Malware Analysis – Part II . 07/04/2012. «Welcome back for Part II. I am going to be taking a look at memory forensics by way of Volatility (…).»
Source : www.sysforensics.org/2012/04/zeus-v2-malware-analysis-part-ii.html
Billets en relation :
23/03/2012. Zeus v2 Malware Analysis – Part I : www.sysforensics.org/2012/03/zeus-v2-malware-analysis-part-i.html
28/03/2012. Malware Analysis : windowsir.blogspot.fr/2012/03/malware-analysis.html

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.

Navigation