JudulPenulisKutipanDiposting
Locky Is Back Asking For Unpaid DebtsSudeep Singh, Jonell Baltazar, Joonho Sa, Threat Research Blog (FireEye)On June 21, 2016, FireEye’s Dynamic Threat Intelligence (DTI) identified an increase in JavaScript contained within spam emails. FireEye analysts determined the increase was the result of a new Locky ransomware spam campaign. ...Senin, 01 Aug 2016
How I Cracked a Keylogger and Ended Up in Someone's InboxRodel Mendrez, SpiderLabs Blog (Trustwave)It all started from a spam campaign. Figure 1 shows a campaign we picked up recently from our spam traps with a suspicious document file attachment. ...Senin, 01 Aug 2016
GootKit: Bobbing and Weaving to Avoid Prying EyesLimor Kessem, Security Intelligence (IBM Blog)Discovered in the wild in the summer of 2014, GootKit is believed to be a privately held cybercrime tool that is not sold to other criminals in underground forums and is operated by a closed gang. ....Senin, 01 Aug 2016
Facebook malware: tag me if you canIdo Naor, SecureList (Kaspersky Lab Blog)On the morning of 26th June, news of a phishing campaign hit the Israeli media. Thousands of Facebook users complained that they had been infected by a virus through their accounts after they received a message from a Facebook friend claiming they had mentioned them in a comment. ....Senin, 01 Aug 2016
Espionage toolkit targeting Central and Eastern Europe uncoveredTomáš Gardo?, WeLiveSecurity (ESET Blog)Over the course of the last year, ESET has detected and analyzed several instances of malware used for targeted espionage – dubbed SBDH toolkit. Using powerful filters, various methods of communication with its operators and an interesting persistence technique, it aims to exfiltrate selected files from governmental and public institutions, which are mostly focused on economic growth and cooperation in Central and Eastern Europe."Senin, 01 Aug 2016
Detecting DNS Data ExfiltrationMartin Lee, Jaeson Schultz and Warren Mercer, Talos (Cisco Blog)The recent discovery of Wekby and Point of Sale malware using DNS requests as a command and control channel highlights the need to consider DNS as a potentially malicious channel. Although a skilled analyst may be able to quickly spot unusual activity because they are familiar with their organisation’s normal DNS activity, manually reviewing DNS logs is typically time consuming and tedious. In an environment where it might be unclear what malicious DNS traffic looks like, how can we identify malicious DNS requests? ...Kamis, 14 Jul 2016
Cracking Locky’s New Anti-Sandbox TechniqueFloser Bacurio and Roland Dela Paz, FortinetThe last few weeks saw new variants of the Locky ransomware that employs a new anti-sandbox technique. In these new variants, Locky’s loader code uses a seed parameter from its JavaScript downloader in order to decrypt embedded malicious code and execute it properly. For example, the downloaded Locky executable is executed by the JavaScript in the following manner: ...Kamis, 14 Jul 2016
BEBLOH Expands to Japan in Latest Spam AttackJanus Agcaoili, TrendLabs Security Intelligence Blog (Trend Micro)An old banking Trojan has been operating in Europe on a low level has spiked in activity after migrating to Japan. Cybercriminals are using local brand names such as local ISP providers and legitimate looking addresses to fool users into downloading malware that can steal information by monitoring browsers, file transfer protocol (FTP) clients, and mail clients. Its targets? Mostly rural banks. ...Kamis, 14 Jul 2016
An increase of sophisticated phishing attacks in SwedenDavid Jacoby, SecureList (Kaspersky Lab)Whilst sitting and working in the South African office I receive an email from my Swedish ISP. I quickly look at it and there is something that doesn’t add up. The email states that I need to pay my invoice, but I never receive electronic invoices from this company. ...Kamis, 14 Jul 2016
Connecting the Dots Reveals Crimeware Shake-upNick Biasini, Talos (Cisco Blog)For a couple of weeks in June the threat landscape was changed. Several high profile threats fell off the scene, causing a shake-up that hadn't been seen before. For a period of three weeks the internet was safer, if only for a short time. Still to date the Angler exploit kit has not returned and the threat outlook appears to be forever changed. This post will discuss a series of connections tying back to a banking trojan called lurk and a registrant account with ties that were far reaching across crimeware. ...Kamis, 14 Jul 2016
Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: