MalwareIntelligence
Security against malicious code, computer intelligence and other threats
The development of new technologies, in catching up with military interests and dependence on existing technology by developed countries, sets up a scenario where the cyber war, or war in cyberspace, is becoming more important. All countries aware of the risks of such dependence developed defense programs against attacks that could jeopardize critical national infrastructure.This essay is intended as a point of reflection and knowledge about cyber warfare, on the present philosophy of Sun Tzu in the Art of War, and adapt their knowledge to technological scenario which we live and live, so we can get a modern compendium: The Art of Cyberwar.
Inside Carberp Botnet
Carberp traces its beginnings to early 2010, but has not been until the last months of the year in question when he jumped alert antivirus companies, after discovering some mechanisms used until then by a new malware. This window of time, which enjoyed the malicious code associated with the botnet Carberp means, essentially, that has been operating for months with a very low detection rate. Even just a few of its features did warn some antivirus products Zbot confusing activity with the ZeuS trojan.This document presents a detailed description of each piece that integrates the criminal chain that is generated through Carberp. From their different generations, through the internal components to the marketing process Malware Kit.
Botnets Administration. A real case - ZeuS & SpyEye
Malware networks continue to grow and parallel to, the potential risk
of becoming victims of their criminal activities. Gone are those days
where the main vector for malicious code distribution was made up of
pages that promote pornographic and warez type programs.Today, malware is distributed through any kind of website as a key used to feedback a crime far more comprehensive and ambitious, mainly led by botnets. Also incorporating self-defense mechanisms and more complex evasion. To understand this diversity, this paper describes a real example, which was part of a complex investigation, about how a given botmaster their botnets through SpyEye and ZeuS crimeware.
Criminal activities from AS6851 [SAGADE] [Part one]
SAGADE is the name given to the client a leading ISP in Latvia, AS whose (Autonomous System) is designated under the 6851 numbers. Currently, this AS is one of the most active resources for the crimeware through which are distributed daily a large amount of malicious code, as well as being the control base for the accommodation of several C&C which feed the underground economy.According to some sources, the ASN is listed as a server of criminal activities that range from the spread of different families of rogue, hosting crimeware as YES Exploit System, in 2009 I host the strategies Waledac botnet (Storm successor), also to ZeuS and to have direct relationship with the criminals who are behind the botnet Koobface maneuvers".
Computer Attacks. Security weaknesses that are commonly exploited
Over time, the advancement of media and communication technology has led to the emergence of new attack vectors and new types of crimes that have become Internet and computer technologies in areas most hostile to any kind of organization, and person you have computers connected to the World Wide Web.Unlike what happened years ago, where people with broad skills in the computer field enjoyed researching these issues with the aim of incorporating more knowledge, at present has completely distorted giving rise to new characters using computer resources and knowledge its functioning as a resource for crime and economic benefits.
Phoenix Exploit’s Kit. From the mythology to a criminal business
Criminal alternatives grow very fast in an ecosystem where day to day business opportunities are conceived through fraudulent processes. In this sense, the demand for resources for the cyber criminal isn’t expected and is constantly growing.Generally I find new crimeware looking to get a place and a good acceptance in the virtual streets of the world underground, trying to reflect a balance on the cost/benefit of the "product" promoted, that allows criminals to enter the market as quickly as possible. This paper presents a series of data on criminal activities and fraud carried out using Phoenix Exploit's Kit as channel management, how often the cycle of criminal business on this crimeware and what are the exploits found in its different versions.
myLoader. Base C&C to manage Oficla/Sasfis Botnet
Criminal activities are increasingly unfair. Currently, no one denies that the malicious code is an unethical business and criminal whereby cybercriminals steal lots of money.This also responds to the why of professionalism and sophistication in the development of malware, and associated components of spread and infection strategies, transforming them into increasingly aggressive threats.
Under this scenario, a new threat crimeware designed for fraudulent purposes is In-the-Wild. MyLoader is a particular purpose framework developed to manage the activities of a botnet.
SpyEye Bot [Part two]. Conversations with the creator of crimeware
In recent weeks, SpyEye (a new financial trojan) has been popular in the news and underground and well received. The cheap cost of the software relavtive to its competition combined with an easy to use interface has increased its popularity. The ability to remove the competition with the product with a built-in Zeus Killer has also raised eyebrows.Our previous report, "SpyEye. Analysis of a new crimeware alternative scenario", addressed known technical issues involving the activities of this threat.
In this second part we present the exclusive interview by Ben Koehl, Crimeware Researcher of MalwareIntelligence.
English | February 2010
SpyEye Bot [Part one]. Analysis of a new alternative scenario crimeware
Earlier this year saw the light in the underground black market that moves the axes of crimeware, a new application designed to provide feedback for criminal and fraudulent business.This application, called SpyEye, is aimed at facilitating the recruitment of zombies and managing your network (C&C – Command and Control) through management panel via the web, from which it is possible to process the information obtained (intelligence) and stored in statistics, a regular feature of criminal packages today. This document describes the activities of SpyEye from the stage of infection giving relevant information about their purpose.
Compendio anual de información. El crimeware durante el 2009
Sin lugar a dudas, el panorama actual de las acciones delictivas globales que se canalizan a través de la web constituye un negocio redondo y oscuro que se gesta en lo más subterráneo de los diferentes ambientes que ofrece Internet, robando información privada a través de diferentes "bichos"... ...que se diseminan ejecutando diferentes "planes" estratégicamente pensados, incluso desarrollando aplicaciones destinadas a automatizar los procesos delictivos que se comercializan en un mismo entorno clandestino, para luego trasformar todo en dinero.
Spanish | December 2009
Analysis of an attack of malware web-based
Internet has become an ally platform of attack for malware creators, who through the use of different techniques such as Drive-by-Download, Drive-by-Update, scripting, exploit, among others, and combining them seek to recruit an army of computers that respond only to their malicious instructions.These attacks, using the Internet as a basis for implementing a direct damaging loads on the victim, in parallel, almost instantaneous and transparent view of the less experienced users, has become a latent and dangerous risk of infection by the simple act of accessing a website.
The following document sets out a concrete example that uses the above actions to exploit and infect a victim, describing also several extra features that enhance the damage of malware.