http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2016-04-25 06:10:52 - Security Bloggers Network : We've, recently, intercepted, a high-profile, Linux-based, botnet-driven, type of, malicious, software, that's capable, of launching, a multitude of malicious attacks, on, compromised servers, potentially, exposing, the, integrity, confidentiality, and http://www.secuobs.com/revue/news/604527.shtmlhttp://www.secuobs.com/revue/news/604527.shtml 2016-04-24 23:16:37 - Dancho Danchev's Blog Mind Streams of Information Security Knowledge : We've, recently, intercepted, a high-profile, Linux-based, botnet-driven, type of, malicious, software, that's capable, of launching, a multitude of malicious attacks, on, compromised servers, potentially, exposing, the, integrity, confidentiality, and, availability, of, the compromised servers Malicious attackers, often rely, on the use of compromised servers, for, the purpose, of, utilizing IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/604520.shtmlhttp://www.secuobs.com/revue/news/604520.shtml 2016-04-09 18:29:09 - Risk Assessment Ars Technica : Mumblehard blasted the Internet with spam for more than a year http://www.secuobs.com/revue/news/603330.shtmlhttp://www.secuobs.com/revue/news/603330.shtml 2016-04-07 15:17:00 - LinuxSecurity.com Latest News : LinuxSecuritycom Hackers are using malware which targets Linux to build botnets to launch distributed denial of service DDoS attacks security researchers have warned http://www.secuobs.com/revue/news/603104.shtmlhttp://www.secuobs.com/revue/news/603104.shtml 2016-02-26 08:00:56 - Security Bloggers Network : The Metasploit Framework has a lot of exploit modules including buffer overflow attacks, browser exploits, web application vulnerabilities, backdoor exploits, bot pwnage tools, etc Exploit Go on to the site to read the full article http://www.secuobs.com/revue/news/599446.shtmlhttp://www.secuobs.com/revue/news/599446.shtml 2016-02-17 15:00:46 - Help Net Security : Last October s disruption of the Dridex botnet by UK and US law enforcement agencies and the arrest of a Moldovan bot master have not lead to the death of the botnet That s because the botnet is segregated into a number of subnets, each likely operated by a different team of attackers, and they continue to mount campaigns that will swell the number of infected machines and to exploit the stolen banking information Dridex s operators are More http://www.secuobs.com/revue/news/598539.shtmlhttp://www.secuobs.com/revue/news/598539.shtml 2016-02-05 14:36:44 - Help Net Security : After last September's arrest of an alleged member of the gang that has been developing and spreading the Dridex banking malware, and last October's temporary disruption of the Dridex botnet at the ha http://www.secuobs.com/revue/news/597489.shtmlhttp://www.secuobs.com/revue/news/597489.shtml 2016-02-01 18:51:20 - Global Security Mag Online : Parmi les différents types de logiciels malveillants, les botnets sont en passe de devenir l'une des plus graves cyber-menaces Dans le dernier rapport technique de l'ENISA European Union Agency for Network and Information Security , les botnets sont considérés comme une menace absolue pour la cyber-sécurité, après les différentes attaques du Web et de code malveillant Aujourd'hui, aucune entreprise, aucune administration, aucun individu ne peut prétendre être à l'abri de l'effet des botnets sur - Points de Vue http://www.secuobs.com/revue/news/597054.shtmlhttp://www.secuobs.com/revue/news/597054.shtml 2015-12-08 22:53:07 - Ars Technica Risk Assessment : A growing number of users and applications are making Linux a prime hacking target http://www.secuobs.com/revue/news/592532.shtmlhttp://www.secuobs.com/revue/news/592532.shtml 2015-12-04 20:57:33 - Slashdot Your Rights Online : An anonymous reader writes Microsoft said in a blog post Thursday that it aided law enforcement agencies in several regions to disrupt a 4-year-old botnet called Dorkbot The botnet aims to steal login credentials from services such as Gmail, Facebook, PayPal, Steam, eBay, Twitter and Netflix and has infected one million computers worldwide The company didn't provide details on how Dorkbot's infrastructure was disrupted IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/592155.shtmlhttp://www.secuobs.com/revue/news/592155.shtml 2015-12-04 16:44:44 - Security Bloggers Network : Microsoft, with various law enforcement bodies around the world including the DHS and FBI, have collaborated to disrupt Dorkbot botnets http://www.secuobs.com/revue/news/592132.shtmlhttp://www.secuobs.com/revue/news/592132.shtml 2015-12-04 04:30:07 - Security Bloggers Network : Law enforcement agencies from around the globe, aided by Microsoft security researchers, today announced the disruption of one of the most widely distributed malware families Win32 Dorkbot The post News from the Dorkside Dorkbot botnet disrupted appeared first on We Live Security http://www.secuobs.com/revue/news/592059.shtmlhttp://www.secuobs.com/revue/news/592059.shtml 2015-12-04 01:14:22 - Security Bloggers Network : The post HNW2015 Hugo Gonzalez Android Botnets Past, Present and Future appeared first on BruteForce Lab's Blog http://www.secuobs.com/revue/news/592044.shtmlhttp://www.secuobs.com/revue/news/592044.shtml 2015-11-30 06:42:14 - Security Bloggers Network : In the spring of 2014, researchers at the Center for Strategic and International Studies identified a powerful strain of banking malware whose code functions similarly to that of ZeuS The malicious software, now formally known as Dyreza, hooks into Internet Explorer, Chrome and Firefox, at which point in time it harvests sensitive data whenever users Read More The post Dyreza Trojan Can Now Hook into Microsoft Edge, Enlist Windows 10 Users into Botnet appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/591506.shtmlhttp://www.secuobs.com/revue/news/591506.shtml 2015-11-24 21:04:23 - Blog : IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/591118.shtmlhttp://www.secuobs.com/revue/news/591118.shtml 2015-11-21 15:04:00 - Criminalités numériques : Préambule Il est difficile de trouver les mots justes et de s atteler à un sujet de discussion qui paraîtrait futile par rapport aux terribles attentats qui ont frappé la France, quelques heures avant Beyrouth, hier Bamako Je tiens en préambule à rendre hommage à toutes les victimes et les familles atteintes par ce drame Peut-être ai-je, http://www.secuobs.com/revue/news/590765.shtmlhttp://www.secuobs.com/revue/news/590765.shtml 2015-11-16 04:45:06 - Blog : IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/590131.shtmlhttp://www.secuobs.com/revue/news/590131.shtml 2015-11-13 10:39:26 - Help Net Security : A security researcher has created a tool that allows botnet masters to control their botnet by simply sending out commands via Twitter accounts I mostly wanted to create a PoC after Twitter decid http://www.secuobs.com/revue/news/589971.shtmlhttp://www.secuobs.com/revue/news/589971.shtml 2015-11-12 13:14:28 - Security Bloggers Network : By Bill Brenner, Akamai SIRT Senior Tech WriterXor, a Trojan malware attackers are using to hijack Linux machines to include within a botnet for distributed denial of service DDoS campaigns, appears to be behind an Oct 13 attack against a http://www.secuobs.com/revue/news/589874.shtmlhttp://www.secuobs.com/revue/news/589874.shtml 2015-11-04 09:37:30 - Help Net Security : A dropper component sent to the Akamai researchers led them to the discovery of a spamming botnet that consists of at least 83,000 compromised systems The botnet is multi-layered, decentralized, a http://www.secuobs.com/revue/news/589002.shtmlhttp://www.secuobs.com/revue/news/589002.shtml 2015-11-03 17:46:58 - Global Security Mag Online : Dans une recherche récente, Imperva révèle que les caméras de vidéosurveillance présentes dans les lieux fréquentés tels que les centres commerciaux sont transformées en botnets par les cybercriminels, la faute au laxisme des opérateurs de caméra qui ne prennent pas la peine de développer leur sécurité et de changer les mots de passe par défaut sur les appareils Les caméras de vidéosurveillance sont les objets connectés les plus répandus En mars 2014, Imperva alertait déjà le monde sur les dangers - Malwares http://www.secuobs.com/revue/news/588936.shtmlhttp://www.secuobs.com/revue/news/588936.shtml 2015-11-02 12:45:43 - Security Bloggers Network : By Bill Brenner, Akamai SIRT Senior Tech Writer Akamai released a new whitepaper today about a spambot investigation conducted by Chad Seaman, a Senior Security Response Engineer from Akamai's Security Intelligence Research Team SIRT Attackers are using a multi-layered, http://www.secuobs.com/revue/news/588728.shtmlhttp://www.secuobs.com/revue/news/588728.shtml 2015-11-02 06:36:07 - SecurityTube.Net : New generation Set Top Boxes Satellite receivers are embedded linux boxes offering all the features of any linux based machine, including wireless and network connectivities, this allowed hackers to crack most satellite DVB-CA encryption schemes promoting the apparition of a parallel black market for pay tv subscription at very low cost In this engaging session, we will present a practical attack that will exploit human weakness, Satellite receivers design, used protocols and subscription mechanisms that mainly relay on custom plugins on satellite receivers for channel decryption We will also describe technically a similar attack that was already conducted some years ago using a backdoor within CCCAM protocol provider This attack could be exploited to build a massive botnet of linux based satellite receivers or even computers used for satellite decryption and accessing end users local area networks that will be used as an edge for any other kind of attacks There are millions of unaware end users downloading and installing any kind of plugins seeking cheap or even free satellite television, then the attack could be difficult to mitigate, and could easily lead to a hacker controlling millions of devices on the internet For More Information Please Visit - https wwwblackhatcom http://www.secuobs.com/revue/news/588679.shtmlhttp://www.secuobs.com/revue/news/588679.shtml 2015-10-23 14:29:00 - Help Net Security : Incapsula researchers have uncovered a botnet consisting of some 9,000 CCTV cameras located around the world, which was being used to target, among others, one of the company's clients with HTTP flood http://www.secuobs.com/revue/news/587747.shtmlhttp://www.secuobs.com/revue/news/587747.shtml 2015-10-22 06:34:11 - Security Bloggers Network : Symantec recently discovered a new strain of malware, dubbed LinuxWifatch, which has already infected more than 10,000 IoT devices The malware s author says LinuxWifatch is actually beneficial because it removes a malicious backdoor and encourages users to update weak passwords Do the ends of vigilante-style malware and beneficial botnets like LinuxWifatch justify the means Listen Read More The post Security Slice Beneficial Botnets appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/587590.shtmlhttp://www.secuobs.com/revue/news/587590.shtml 2015-10-22 00:41:28 - Security Bloggers Network : In 2014, there were 245 million surveillance cameras operating around the world And this only accounts for the professionally installed ones There are likely millions more that were installed by unqualified professionals, with even fewer http://www.secuobs.com/revue/news/587568.shtmlhttp://www.secuobs.com/revue/news/587568.shtml 2015-10-21 11:14:01 - Acunetix Web Application Security Blog : Flash Zero Day receives emergency patch Poor old Flash is in the headlines again, and this time for a zero-day flaw which is being actively exploited Reported by a researcher and the Google Zero Day project, no details of the vulnerability have been disclosed but the update was rolled out on Friday If you re still Read More The post In the headlines Flash and Chrome patches, Dridex botnet, WP Akismet and more appeared first on Acunetix http://www.secuobs.com/revue/news/587466.shtmlhttp://www.secuobs.com/revue/news/587466.shtml 2015-10-21 00:46:07 - Security Bloggers Network : Security researchers are finding signs that a botnet responsible for infecting computers with the banking malware Dridex might still be functioning despite a recent international takedown David Bisson reports http://www.secuobs.com/revue/news/587431.shtmlhttp://www.secuobs.com/revue/news/587431.shtml 2015-10-18 21:31:29 - SecTechno : http://www.secuobs.com/revue/news/587127.shtmlhttp://www.secuobs.com/revue/news/587127.shtml 2015-10-16 20:24:14 - Security Bloggers Network : IMAGE Each week, the PhishLabs team posts The Week in Cybercrime TWIC to recap noteworthy cybercrime articles and reports open source http://www.secuobs.com/revue/news/587029.shtmlhttp://www.secuobs.com/revue/news/587029.shtml 2015-10-15 17:50:44 - Global Security Mag Online : Le démantèlement du réseau Botnet Dridex par le FBI et les services de police britannique démontre la sophistication dont les cybercriminels font dorénavant preuve dans leurs attaques Les pirates derrière ce réseau sont accusés d'avoir utilisé des logiciels malveillants pour subtiliser 20 millions de livres sterling à des comptes bancaires au Royaume-Uni ou encore en France David Emm, Principal Security Researcher, Global Research Analysis Team GReAT chez Kaspersky Lab analyse ici les - Malwares http://www.secuobs.com/revue/news/586883.shtmlhttp://www.secuobs.com/revue/news/586883.shtml 2015-10-15 14:53:38 - Security Bloggers Network : Andrey Ghinkul, aka Smilex, is alleged to have stolen millions, including 990,000 from a school in Pennsylvania, with a bank fraud botnet http://www.secuobs.com/revue/news/586859.shtmlhttp://www.secuobs.com/revue/news/586859.shtml 2015-10-14 17:09:19 - Office of Inadequate Security : A sophisticated malware package designed to steal banking and other credentials from infected computers has been http://www.secuobs.com/revue/news/586742.shtmlhttp://www.secuobs.com/revue/news/586742.shtml 2015-10-14 16:59:07 - Symantec Connect Symantec Security Response Billets : International police action hits gang that specialized in stealing banking credentials IMAGE Read More http://www.secuobs.com/revue/news/586741.shtmlhttp://www.secuobs.com/revue/news/586741.shtml 2015-10-14 16:52:59 - LinuxSecurity.com Latest News : LinuxSecuritycom Joint efforts by law-enforcement agencies in the US and UK have crippled an eastern European gang behind the bank credential-stealing botnet known as Dridex http://www.secuobs.com/revue/news/586739.shtmlhttp://www.secuobs.com/revue/news/586739.shtml 2015-10-14 14:36:06 - Help Net Security : The UK's National Crime Agency is spearheading an onslaught against the Dridex aka Bugat, aka Cridex banking malware and the criminals that wield it Dridex malware, also known as Bugat and Crid http://www.secuobs.com/revue/news/586715.shtmlhttp://www.secuobs.com/revue/news/586715.shtml 2015-10-13 19:06:30 - Office of Inadequate Security : This probably just made Brian s day Aaron Katersky reports A Ukrainian man who allegedly tried to frame http://www.secuobs.com/revue/news/586595.shtmlhttp://www.secuobs.com/revue/news/586595.shtml 2015-10-06 15:16:49 - LinuxSecurity.com Latest News : LinuxSecuritycom I get really, really tired of stories that make it sound like Linux has become more insecure No, it hasn't Here are some simple security truths First, no operating system or program is secure Some are more secure than others So sure, Linux is inherently more secure than Windows But a badly managed Linux server will still be more insecure than a well-administered Windows system http://www.secuobs.com/revue/news/585800.shtmlhttp://www.secuobs.com/revue/news/585800.shtml 2015-10-05 10:48:21 - Security Bloggers Network : Our security roundup series covers the week s trending topics in the world of InfoSec In this quick-read compilation, we ll let you know of the latest news and controversies that the industry has been talking about recently Here s what you don t want to miss from the week of September 28, 2015 A massive data breach at Experian Read More The post This Week in Security Experian and T-Mobile Breach, Linux Botnet, Android Stagefright 20 appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/585653.shtmlhttp://www.secuobs.com/revue/news/585653.shtml 2015-10-01 16:12:33 - LinuxSecurity.com Latest News : LinuxSecuritycom Threat actors are leveraging a botnet made up of infected Linux machines to launch powerful distributed denial-of-service DDoS attacks against as many as 20 targets per day, according to Akamai's Security Intelligence Response Team SIRT http://www.secuobs.com/revue/news/585379.shtmlhttp://www.secuobs.com/revue/news/585379.shtml 2015-10-01 13:37:31 - Global Security Mag Online : Akamai Technologies, Inc publie une nouvelle alerte de cybersécurité faisant état d'une menace révélée par son pôle SIRT Security Intelligence Response Team Des pirates informatiques ont créé un botnet capable de mener des campagnes d'attaques par déni de service distribué DDoS à plus de 150 Gbit s au moyen du malware XOR DDoS, un cheval de Troie servant à détourner des systèmes sous Linux L'avis décrivant en détail cette menace, notamment l'analyse des données utiles sur les techniques de - Malwares http://www.secuobs.com/revue/news/585336.shtmlhttp://www.secuobs.com/revue/news/585336.shtml 2015-09-30 15:30:01 - LinuxSecurity.com Latest News : LinuxSecuritycom Malware that has hijacked Linux systems for the past year has been recorded flooding targeted websites at speeds of over 150Gbps The Linux botnet, known as XOR DDoS or XORDDoS, is orchestrating attacks on around 20 targets a day, according go Akamai, which in late August blocked two attacks against customers that measured 50 Gbps and 100 Gbps, respectively http://www.secuobs.com/revue/news/585205.shtmlhttp://www.secuobs.com/revue/news/585205.shtml 2015-09-30 14:37:40 - Slashdot Your Rights Online : An anonymous reader writes The US Department of Justice has announced that Dimitry Belorossov, aka Rainerfox, an operator of the Citadel malware, has been sentenced to 45 years in prison following a guilty plea Citadel was a banking trojan capable of stealing financial information Belorossov and others distributed it through spam emails and malvertising schemes He operated a 7,000-strong botnet with the malware, and also collaborated to improve it The US government estimates Citadel was responsible for 500 million in losses worldwide Belorossov will have to pay over 320,000 in restitution IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/585179.shtmlhttp://www.secuobs.com/revue/news/585179.shtml 2015-09-29 16:39:15 - LinuxSecurity.com Latest News : LinuxSecuritycom In a report released on Tuesday, Akamai has profiled several recent attacks from the XOR botnet, which is capable of DDoS attacks in excess of 150Gpbs Researchers, after examining the more recent incidents, say that a vast majority of XOR's targets are organizations in Asia http://www.secuobs.com/revue/news/585069.shtmlhttp://www.secuobs.com/revue/news/585069.shtml 2015-09-29 16:15:38 - Help Net Security : Attackers have developed a botnet capable of 150 Gbps DDoS attack campaigns using XOR DDoS, a Trojan malware used to hijack Linux systems, according to Akamai What is XOR DDoS XOR DDoS is a T http://www.secuobs.com/revue/news/585058.shtmlhttp://www.secuobs.com/revue/news/585058.shtml 2015-09-29 12:35:11 - Ars Technica Risk Assessment : XOR DDoS bombards as many as 20 targets per day, sometimes with 150 GBpS of traffic http://www.secuobs.com/revue/news/585012.shtmlhttp://www.secuobs.com/revue/news/585012.shtml 2015-09-24 16:00:30 - Global Security Mag Online : Cette année, Kaspersky fera un focus sur sa solution de protection contre les attaques par déni de service distribué DDoS Selon les études réalisées par Kaspersky la France serait le premier pays ciblé des attaques DDoS par botnet en Europe au second trimestre 2015 GS Mag Qu'allez-vous présenter à l'occasion des Assises de la Sécurité Tanguy de Coatpont L'édition 2015 des Assises de la sécurité est l'occasion de mettre notre portefeuille de services et notre expertise, en termes de - Interviews affiche http://www.secuobs.com/revue/news/584571.shtmlhttp://www.secuobs.com/revue/news/584571.shtml 2015-08-28 17:47:15 - Security Bloggers Network : Historical OSINT is a crucial part of an intelligence analyst's mindset, further positioning a growing or an emerging trend, as a critical long term early warning system indicator, highlighting the importance, of current and emerging trends In thi http://www.secuobs.com/revue/news/581759.shtmlhttp://www.secuobs.com/revue/news/581759.shtml 2015-08-28 17:45:23 - Dancho Danchev's Blog Mind Streams of Information Security Knowledge : Historical OSINT is a crucial part of an intelligence analyst's mindset, further positioning a growing or an emerging trend, as a critical long term early warning system indicator, highlighting the importance, of current and emerging trends In this post, I'll discuss Troyak-AS, a well-known cybercrime-friendly hosting provider, that represented, the growing factor, for the highest percentage IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/581754.shtmlhttp://www.secuobs.com/revue/news/581754.shtml 2015-08-28 16:43:21 - LinuxSecurity.com Latest News : LinuxSecuritycom The Internet infrastructure pioneer and CEO of Farsight Security comes to the Dark Reading News Desk at Black Hat to discuss the state of DNS security, the bank TLD, how money rules everything, and how to use passive DNS to limit collateral damage of botnet takedown operations http://www.secuobs.com/revue/news/581749.shtmlhttp://www.secuobs.com/revue/news/581749.shtml 2015-08-28 13:56:32 - SecurityTube.Net : Mexican Botnet Dirty Wars Bots are waging a dirty war in Mexican social media Peñabots have been active in Mexican networks since the 2012 presidential elections Named after President Enrique Peña Nieto, armies of bots have become a political weapon to combat protests and attack critics of the Mexican government online Bots are waging a dirty war in Mexican social media They are weaponized censors that silence dissent and cover up crimes Developers in Mexico are using a variety of open source tools to create visualizations which are helpful in detecting bots They are working on new open source software to stop the botnets that have taken over Mexican social media, but they need help I ve observed several different bot activities in Mexican twitter I break them down into 5 categories 1 Hashtag spamming 2 Making artificial trends 3 Smear campaigns against media, individual journalists protesters 4 Death threat campaigns 5 Political propaganda Attached PDF presentation details each category with images videos For More Information Please Visit - https wwwcccde http://www.secuobs.com/revue/news/581724.shtmlhttp://www.secuobs.com/revue/news/581724.shtml 2015-08-09 10:06:25 - Hackaday : Satellite television is prevalent in Europe and Northern Africa This is delivered through a Set Top Box STB which uses a card reader to decode the scrambled satellite signals You need to buy a card if you want to watch But you know how people like to get something for nothing This is being exploited by hackers and the result is millions of these Set Top Boxes just waiting to form into botnets This was the topic of Sofiane Talmat s talk at DEF CON 23 He also gave this talk earlier in the week at BlackHat and has published his read more http://www.secuobs.com/revue/news/579654.shtmlhttp://www.secuobs.com/revue/news/579654.shtml 2015-07-31 16:12:30 - LinuxSecurity.com Latest News : LinuxSecuritycom The number of botnets has grown rapidly over the last decade From Gameover Zeus leveraging encrypted peer-to-peer command and control servers, to Conflicker, infecting millions of computers across the world - botnets are continuing to infiltrate many internet-based services and causing mass disruption, and it's getting worse http://www.secuobs.com/revue/news/579021.shtmlhttp://www.secuobs.com/revue/news/579021.shtml 2015-07-29 15:09:24 - SecurityTube.Net : The story of an investigation of a botnet from its detection trough network traffic analysis to its identification and classification On this presentation we will show some of the work done at anubis labs on botnet detection and analysis, detailing the process of reversing the malware DGA and network protocol For More Information Please Visit - http wwwbsideslisbonorg http://www.secuobs.com/revue/news/578732.shtmlhttp://www.secuobs.com/revue/news/578732.shtml 2015-07-16 16:59:23 - TrendLabs Security Intelligence Blog : We discovered GamaPoS, a new breed of point-of-sale PoS threat currently spreading across the United States and Canada through the Andromeda botnet GamaPoS is the latest in a long list of threats that scrape off credit card data from PoS systems Compared to its predecessors, GamaPoS uses malware coded using the NET framework a first in PoS Post from Trendlabs Security Intelligence Blog - by Trend Micro New GamaPoS Malware Piggybacks on Andromeda Botnet Spreads in 13 US States http://www.secuobs.com/revue/news/577344.shtmlhttp://www.secuobs.com/revue/news/577344.shtml 2015-07-07 17:40:47 - Help Net Security : Another malware building toolkit has been leaked, allowing less tech-savvy crooks to generate a fully functional variant of the KINS banking Trojan and to inject its configuration code in a JPG file i http://www.secuobs.com/revue/news/576393.shtmlhttp://www.secuobs.com/revue/news/576393.shtml 2015-06-19 19:12:49 - Security Bloggers Network : VPN service Hola, which has millions of users, recently came under fire for not being as up front with their users as they should have been In the past weeks it has been revealed that Hola does the following allows Hola users to use each others bandwidth sells their users bandwidth to their sister company IMAGE http://www.secuobs.com/revue/news/574726.shtmlhttp://www.secuobs.com/revue/news/574726.shtml 2015-06-19 15:59:16 - LinuxSecurity.com Latest News : LinuxSecuritycom Every day, the security team at network services provider Level 3 Communications monitors approximately 13 billion security events mitigates roughly 22 distributed denial of service DDoS attacks and removes, on average, one control and command C2 server network http://www.secuobs.com/revue/news/574693.shtmlhttp://www.secuobs.com/revue/news/574693.shtml 2015-06-15 16:19:57 - Forensic Focus : The Netherlands Forensic Institute is working on a Linux-based forensic operating system that will enable the police to secure and remotely analyze evidence related to botnets, project leader Ruud Schramp told SecurityNL Securing and analyzing digital evidence related to botnets is a costly and time-intensive operation for both the police and the data centers where the data is located With this project, which received financial incentives from the National Coordinator for Counter Terrorism and Security, the NFI hopes to streamline this process Read More NL Times http://www.secuobs.com/revue/news/574100.shtmlhttp://www.secuobs.com/revue/news/574100.shtml 2015-06-05 16:45:55 - Security Bloggers Network : Introduction Kuluoz, aka Asprox, is a spam botnet that emerged in 2007 It has been known for sending mass of phishing emails used in conjunction with social engineering lures eg booking Go on to the site to read the full article http://www.secuobs.com/revue/news/573141.shtmlhttp://www.secuobs.com/revue/news/573141.shtml 2015-05-29 19:40:21 - Security Bloggers Network : An anonymous message board was the alleged target of several denial of service DoS attacks launched by the free VPN service Hola earlier this week Israeli-based Hola is one of the most popular free virtual private network VPN providers today It boasts seven million users of its Chrome extension alone However, according to Frederick Brennan, Read More The post Attacker Used Hola Free VPN as Denial of Service Botnet appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/572422.shtmlhttp://www.secuobs.com/revue/news/572422.shtml 2015-05-29 11:57:31 - Security Bloggers Network : The free Hola package operates by reselling the bandwidth of millions of Hola users -- resulting in a millions-strong botnet for sale http://www.secuobs.com/revue/news/572364.shtmlhttp://www.secuobs.com/revue/news/572364.shtml 2015-05-29 07:39:44 - Computer Security News : One of the most popular Chrome extensions is selling its users' bandwidth, largely without their knowledge - and it can be used by hackers to maliciously attack websites Hola is a VPN - a virtual private network http://www.secuobs.com/revue/news/572355.shtmlhttp://www.secuobs.com/revue/news/572355.shtml 2015-05-13 14:01:28 - LinuxSecurity.com Latest News : LinuxSecuritycom Cybercriminals take advantage of tens of thousands of insecure home routers distributed by ISPs Internet Service Providers and manufacturers to create large botnets for distributed denial-of-service DDoS attack purposes http://www.secuobs.com/revue/news/570578.shtmlhttp://www.secuobs.com/revue/news/570578.shtml 2015-05-12 22:41:54 - Computer Security News : Tens of thousands of home routers have been infected with malware, and are being used by hackers to launch distributed denial-of-service attacks, including by the hacktivist group Anonymous The router-based botnet was discovered by Web security firm Incapsula while investigating a series of DDoS attacks against dozens of its customers that have been going on since late December http://www.secuobs.com/revue/news/570524.shtmlhttp://www.secuobs.com/revue/news/570524.shtml 2015-05-12 20:21:49 - Ars Technica Risk Assessment : Home and small office devices are free for the taking, ensuring follow-on hacks http://www.secuobs.com/revue/news/570507.shtmlhttp://www.secuobs.com/revue/news/570507.shtml 2015-05-12 17:05:10 - Slashdot Your Rights Online : An anonymous reader writes Taking advantage of lazy security, new research says Anonymous hacktivists among other groups hijacked thousands of routers using remote access and default login credentials 'For perpetrators, this is like shooting fish in a barrel, which makes each of the scans that much more effective,' the report explains 'Using this botnet also enables perpetrators to execute distributed scans, improving their chances against commonplace blacklisting, rate-limiting and reputation-based defense mechanisms' IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/570464.shtmlhttp://www.secuobs.com/revue/news/570464.shtml 2015-04-23 23:36:36 - Office of Inadequate Security : Jeff Jenkins reports A Wheeling area high school student was recently able to invade the public education computer network http://www.secuobs.com/revue/news/568598.shtmlhttp://www.secuobs.com/revue/news/568598.shtml 2015-04-23 19:56:34 - Security Bloggers Network : Introduction An IRC Botnet is a collection of machines infected with malware that can be controlled remotely via an IRC channel It usually involves a Botnet operator controlling the IRC bots through a previously configured IRC server channel The Botnet operator, after appropriate checks, periodically moves the IRC bot to a new IRC channel to thwart researchers automated sandboxes from http://www.secuobs.com/revue/news/568570.shtmlhttp://www.secuobs.com/revue/news/568570.shtml 2015-04-23 09:28:08 - Help Net Security : In order to provide organizations insight into the most insidious and pervasive banking botnets currently being used to target financial institutions and their clients, Dell SecureWorks released at RS http://www.secuobs.com/revue/news/568425.shtmlhttp://www.secuobs.com/revue/news/568425.shtml 2015-04-16 15:23:50 - Global Security Mag Online : Dans le cadre d'une opération coordonnée par l'INTERPOL Global Complex for Innovation à Singapour, un groupe de sociétés d'informatique de premier plan, parmi lesquelles Kaspersky Lab, Microsoft, Trend Micro et l'Institut de Cyber-défense du Japon, en collaboration avec des organismes d'application de la loi, ont démantelé le botnet criminel Simda un réseau comptant plusieurs milliers d'ordinateurs infectés dans le monde Dans une série d'actions simultanées le jeudi 9 avril, 10 serveurs de commande et - Malwares http://www.secuobs.com/revue/news/567655.shtmlhttp://www.secuobs.com/revue/news/567655.shtml 2015-04-15 15:29:59 - Security Bloggers Network : Interpol just announced a botnet takedown that has neutralised the operation of the Simba malware For now, anyway Paul Ducklin takes a look http://www.secuobs.com/revue/news/567467.shtmlhttp://www.secuobs.com/revue/news/567467.shtml 2015-04-14 13:43:58 - Security Bloggers Network : Some 770,000 PCs around the world are thought to have been hit by the Simda botnet, which has been taken down by the authorities Could you have been one of the victims http://www.secuobs.com/revue/news/567247.shtmlhttp://www.secuobs.com/revue/news/567247.shtml 2015-04-14 10:31:32 - OpenDNS Blog : The news agencies and antivirus companies claiming victory over the Beebone botnet are only half right The difficult effort of stopping the botnet is complete Operation Source, as it s become known, was a mark of success for collaboration between international law enforcement agencies and private security firms like Intel, Kaspersky, and Shadowserver But, as we ve The post Half the Battle Sinkholes Are Only the Beginning of a Botnet s End appeared first on OpenDNS Blog http://www.secuobs.com/revue/news/567223.shtmlhttp://www.secuobs.com/revue/news/567223.shtml 2015-04-13 18:52:32 - Ars Technica Risk Assessment : The Simda botnet that menaced 190 countries is no more http://www.secuobs.com/revue/news/567150.shtmlhttp://www.secuobs.com/revue/news/567150.shtml 2015-04-13 16:25:34 - LinuxSecurity.com Latest News : LinuxSecuritycom The Simda botnet, known for spreading banking malware and dropping a backdoor on hundreds of thousands of machines worldwide, was taken down last Thursday in a collaborative effort between international law enforcement bodies and private security and technology companies http://www.secuobs.com/revue/news/567121.shtmlhttp://www.secuobs.com/revue/news/567121.shtml 2015-04-13 15:52:06 - Symantec Connect Security Response Billets : Infrastructure owned by the Simda botnet also known as Rloader has been seized in an Interpol-led law enforcement operation IMAGE Read More http://www.secuobs.com/revue/news/567108.shtmlhttp://www.secuobs.com/revue/news/567108.shtml 2015-04-13 10:44:13 - Global Security Mag Online : Intel Security annonce sa participation à une opération internationale de police, nommée Operation Source', visant à faire tomber une organisation criminelle soutenant la prolifération du botnet polymorphe appelé Beebone' Cette menace a été identifiée par Intel Security en mars 2014 Six mois plus tard ayant recueilli suffisamment de données sur elle, Intel Security a approché les agences internationales de lutte contre le cyber-crime pour leur soutien et leur participation au contrôle de cette - Malwares http://www.secuobs.com/revue/news/567039.shtmlhttp://www.secuobs.com/revue/news/567039.shtml 2015-04-13 09:41:32 - Help Net Security : The Simda botnet, believed to have infected more than 770,000 computers worldwide, has been targeted in a global operation In a series of simultaneous actions around the world, on Thursday 9 April http://www.secuobs.com/revue/news/567034.shtmlhttp://www.secuobs.com/revue/news/567034.shtml 2015-04-13 08:33:11 - TrendLabs Security Intelligence Blog : The collaboration between Trend Micro, INTERPOL, and other private organizations resulted in another triumph for the security industry earlier this week the takedown of the SIMDA botnet Trend Micro provided information such as the IP addresses of the affiliated servers and statistical information about the malware used, which led to the disruption of the botnet activities Post from Trendlabs Security Intelligence Blog - by Trend Micro SIMDA A Botnet Takedown http://www.secuobs.com/revue/news/567030.shtmlhttp://www.secuobs.com/revue/news/567030.shtml 2015-04-13 00:09:29 - Security Bloggers Network : International law enforcement activity has taken out the botnet used by the Beebone worm - polymorphic malware that threatened thousands of computers worldwide Botnet Polymorphic Downloader We explain http://www.secuobs.com/revue/news/567013.shtmlhttp://www.secuobs.com/revue/news/567013.shtml 2015-04-10 22:02:43 - Computer Security News : A joint operation between the FBI and European police agencies succeeded in shutting down a major cybercrime tool on Wednesday The bust dismantled a network of more than 12,000 computers infected with a botnet that had targeted networks primarily in the US, Japan, India and Taiwan http://www.secuobs.com/revue/news/566918.shtmlhttp://www.secuobs.com/revue/news/566918.shtml 2015-04-10 19:12:50 - Office of Inadequate Security : As this blog makes painfully clear, the education sector struggles with data security and lags way behind other sectors, in http://www.secuobs.com/revue/news/566898.shtmlhttp://www.secuobs.com/revue/news/566898.shtml 2015-04-10 13:51:52 - Security Bloggers Network : The sophisticated botnet's operations have been disrupted in an international law enforcement operation http://www.secuobs.com/revue/news/566847.shtmlhttp://www.secuobs.com/revue/news/566847.shtml 2015-04-09 18:22:01 - Ars Technica Risk Assessment : Botnet provided a captive audience of backdoored PCs to online criminals http://www.secuobs.com/revue/news/566731.shtmlhttp://www.secuobs.com/revue/news/566731.shtml 2015-04-09 16:45:13 - LinuxSecurity.com Latest News : LinuxSecuritycom Europol, in collaboration with Dutch authorities, the US FBI and private security companies, have seized the domain names used to control a botnet called Beebone http://www.secuobs.com/revue/news/566713.shtmlhttp://www.secuobs.com/revue/news/566713.shtml 2015-04-09 12:46:59 - Forensic Focus : On 8 April, Europol s European Cybercrime Centre EC3 and the Joint Cybercrime Action Taskforce J-CAT , joined forces with the Dutch authorities and the FBI, and US-based representatives at the National Cyber Investigative Joint Task Force- International Cyber Crime Coordination Cell IC4 along with private sector partners, to target the Beebone also known as AAEH botnet, a polymorphic downloader bot that installs various forms of malware on victims computers Initial figures show that over 12,000 computers have been infected, however it is likely there are many more In the operation, led by the Dutch National High Tech Crime Unit, the J-CAT s Cyber Liaison Officers worked together with Europol officials and representatives from Intel Security, Kaspersky and Shadowserver The botnet was 'sinkholed' by registering, suspending or seizing all domain names with which the malware could communicate and traffic was then redirected Read More Europol http://www.secuobs.com/revue/news/566643.shtmlhttp://www.secuobs.com/revue/news/566643.shtml 2015-04-09 12:27:52 - Help Net Security : On April 8, a global operation targeted the Beebone also known as AAEH botnet, a polymorphic downloader bot which installs various forms of malware on victims computers Initial figures show tha http://www.secuobs.com/revue/news/566640.shtmlhttp://www.secuobs.com/revue/news/566640.shtml 2015-04-08 19:59:09 - Security Bloggers Network : Botnets are, in many ways, living organisms They are formed by their creators - both malicious and benign - and then roam the internet Much has been written about good and bad bots, but not much as been written http://www.secuobs.com/revue/news/566566.shtmlhttp://www.secuobs.com/revue/news/566566.shtml 2015-04-02 13:09:40 - SecurityTube.Net : Crazy Handler is a Python tool that is able to Control Command C C victims or zombiesAKA 'Robots' remotely, Crazy handler has the capability of synchronizing between multiple connections in a very handy way, if you want to connect to another Robot, ALL you have to do is to specify the getGET command and pass the session ID related to the victim you want to connect to, in addtion,the tool includes many commands used to send receive data from bots as well as broadcasting multicaspting commands to ALL or to a GROUP of the available victims http://www.secuobs.com/revue/news/565779.shtmlhttp://www.secuobs.com/revue/news/565779.shtml 2015-03-30 14:42:13 - Help Net Security : Most people dream about earning a living by doing something they enjoy For some gamers, that dream is achievable by using Twitch, the game streaming service that offers gamers with a big-enough follo http://www.secuobs.com/revue/news/565334.shtmlhttp://www.secuobs.com/revue/news/565334.shtml 2015-03-27 20:37:48 - Ars Technica Risk Assessment : With celebrity gamers receiving hefty sums for big audiences, it was inevitable http://www.secuobs.com/revue/news/565137.shtmlhttp://www.secuobs.com/revue/news/565137.shtml 2015-03-27 14:09:18 - Symantec Connect Security Response Billets : Attackers have been compromising users computers to add them to botnets, which are rented out to artificially inflate Twitch channel audience numbers IMAGE Read More http://www.secuobs.com/revue/news/565069.shtmlhttp://www.secuobs.com/revue/news/565069.shtml 2015-03-26 18:31:39 - SecViz Security Visualization and Intelligence : Using a dataset from http wwwuvicca engineering ece isot datasets indexphp, this graph shows botnet traffic between 5000 computers at the University of San Diego Different colors were used to indicate different protocols Nodes represent computers and were sized by degree Edges represent packets, weighted by packet size Image generated using KeyLines http://www.secuobs.com/revue/news/564963.shtmlhttp://www.secuobs.com/revue/news/564963.shtml 2015-03-26 18:31:39 - SecViz Security Visualization and Intelligence : Visualization showing botnet activity geographically The time bar at the bottom shows temporal trends and filters traffic shown on the map Data from http wwwcaidaorg data passive sipscan_datasetxml Image generated using KeyLines http://www.secuobs.com/revue/news/564962.shtmlhttp://www.secuobs.com/revue/news/564962.shtml 2015-03-26 18:31:39 - SecViz Security Visualization and Intelligence : This graph visualization shows the propagation of malware through a deliberately infected computer network Twelve machines in the network were infected to see how the traffic spread to other machines Over 7800 machines were included in the dataset All network in a single chart Yellow links indicate benign traffic red links indicate traffic with at least 1 infected packet Nodes are sized by volume of traffic Data taken from the MyDoom-Atargz, available here http wisnetseecsnustedupk projects ENS DataSetshtml Image generated with KeyLines http://www.secuobs.com/revue/news/564961.shtmlhttp://www.secuobs.com/revue/news/564961.shtml 2015-03-17 09:53:45 - Help Net Security : Cybercriminals are, once again, trying to swell the number of computers compromised by the Andromeda backdoor This will allow them to control the machines and download additional malware at the behes http://www.secuobs.com/revue/news/563716.shtmlhttp://www.secuobs.com/revue/news/563716.shtml 2015-03-16 06:13:14 - SecurityTube.Net : Security experts have accomplished significant knowledge on how the most impenetrable botnets operate While botnet intelligence gathering and disruptive tools are fast evolving, the legal mechanisms that enable investigation and prosecution of cyber crime are not progressing at the same pace This has frustrated security experts, who show lack of confidence on the work done by law enforcement There are many reasons why law enforcement is lagging behind in the fight against cyber crime Despite insufficient qualified staff, other structural issues are pronounceable Problems often unknown to experts fighting cyber crime Part of these obstacles is related to insufficient legal provisions that would enable the work of law enforcement, as many have figured out Others are connected to the need to rethink fundamental legal concepts such as jurisdiction and authorship But then again rethinking established legal concepts in a cyber crime context is a long process that is showing slow signs of progress In spite of everything, the past year has struck our attention with international efforts led by industry and law enforcement A closer look into the ZeroAccess Dec 2013 and Gameover Zeus Cryptolocker Jun 2014 disruptions reveals that law enforcement has found creative ways to investigate and go after botmasters, despite the structural barriers above mentioned For More Information Please Visit - https wwwbotconfeu http://www.secuobs.com/revue/news/563532.shtmlhttp://www.secuobs.com/revue/news/563532.shtml 2015-03-16 06:13:14 - SecurityTube.Net : CONDENSER A Graph-Based Approach for Detecting Botnets Pedro Camelo, João Moura and Ludwig Krippahl For More Information Please Visit - https wwwbotconfeu http://www.secuobs.com/revue/news/563531.shtmlhttp://www.secuobs.com/revue/news/563531.shtml 2015-03-16 06:13:14 - SecurityTube.Net : The Russian DDoS One or RD1 is an informal grouping of threat actors that focus on providing DDoS booter services on Russian language underground forums Besides the advertising, contact information, and the occasional drama, most of the business of Russian DDoS booters is done in private and difficult to attribute This includes the back-end infrastructure that performs the DDoS attacks To shed some light on the latter, this presentation will take a closer look at some of these RD1 threat actors, their booters, and their supporting DDoS botnets For More Information Please Visit - https wwwbotconfeu http://www.secuobs.com/revue/news/563529.shtmlhttp://www.secuobs.com/revue/news/563529.shtml 2015-03-16 06:13:14 - SecurityTube.Net : One of capabilities of a malicious botnet is to perform a distributed denial of service DDoS attack Attacks can be performed by various methods like volumetric flooding, slow HTTP attacks or TCP protocol misuse A DNS amplification is an example of volumetric flooding that became popular recently It is well known that Trojans for the Windows platform with resources containing Chinese locale have a long tradition of interest in this type of attacks and lack other spying features that Trojans usually possess We present a survey of current trends in usage of standalone grey area tools performing DDoS for multiple platforms The focus is put especially on Linux and FreeBSD versions These tools are later trojanized by adding persistence using executable droppers or scripts editing crontab The infection vector starts with automated brute-forcing of the SSH protocol, the malicious flooding tools are then deployed in the compromised system and executed The competition for resources, such as ports and CPU time, is manifested as the initial attempt to kill and to remove other, possibly flooding, processes Variants for Windows x86 x64 are co-distributed already with persistence and possess a debug string Chicken appearing in the title The technical part of this analysis covers versions designed for several platforms and architectures This involves behavioral aspects of initial droppers, the installation of components performing DDoS, the description of internet communication and the collection of various system and performance statistics For a better insight, we will demonstrate several bot builders and C C panels which have been acquired Screenshots of publicly available advertisements promoting the charged customizability of Linux variants will be displayed During our analysis, we connected to the botnets and monitored several C C servers for a certain period of time which gave us a chance to collect some statistics Therefore we are able to present particular examples of websites and services which were flooded We shortly discuss the motivation behind the selection of these attack preferences For More Information Please Visit - https wwwbotconfeu http://www.secuobs.com/revue/news/563528.shtmlhttp://www.secuobs.com/revue/news/563528.shtml 2015-03-13 18:43:59 - Security Bloggers Network : The Obama administration wants greater power to shut down botnets, responding to the growing threat of cybercrime and increasingly complex, modern techniques The post Obama administration seeks more power to tackle botnets appeared first on We Live Se http://www.secuobs.com/revue/news/563379.shtmlhttp://www.secuobs.com/revue/news/563379.shtml 2015-03-13 14:59:27 - Slashdot Your Rights Online : Trailrunner7 writes The Obama administration has proposed an amendment to existing United Stated federal law that would give it a more powerful tool to go after botnets such as GameOver Zeus, Asprox and others In recent years, Justice, along with private security firms and law enforcement agencies in Europe, have taken down various incarnations of a number of major botnets, including GameOver Zeus and Coreflood These actions have had varying levels of success, with the GOZ takedown being perhaps the most effective, as it also had the effect of disrupting the infrastructure used by the CryptoLocker ransomware In order to obtain an injunction in these cases, the government would need to sue the defendants in civil court and show that its suit is likely to succeed on its merits The Administration's proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked This numerical threshold focuses the injunctive authority on enjoining the creation, maintenance, operation, or use of a botnet, as well as other widespread attacks on computers using malicious software such as ransomware , assistant attorney general Leslie Caldwell wrote IMAGE IMAGE Share on Google Read more of this story at Slashdot http://www.secuobs.com/revue/news/563344.shtmlhttp://www.secuobs.com/revue/news/563344.shtml 2015-03-13 11:46:46 - SecurityTube.Net : This video is part of the computer information cyber security and ethical hacking lecture series by Z Cliffe Schreuders at Leeds Beckett University Laboratory work sheets and other open educational resources are available at http zcliffeschreudersorg The slides themselves are creative commons licensed CC-BY-SA and images used are licensed as individually attributed Topics covered in this lecture include The problem Programs behaving badly Malware Replication and payloads Viruses Worms History Morris Worm History Blaster Worm Trojans A history lesson, Trojans on Windows EXE wrappers Drive-by downloads unwanted software downloads installation Watering hole attacks malware placed on sites that are visited by their victims Rootkits Zombies and Botnets Spyware and Adware Scareware and rogue antivirus Ransomware eg Cryptolocker Banking trojans eg Zeus Sources of software and trust Digital signatures and certificates User accounts and access controls Traditional Mitigation Trust-based selective execution Signature-based detection Anomaly-based detection Digital signatures Reputation-based security The bad news Stuxnet Sandboxing Conclusion For More Information Please Visit - http zcliffeschreudersorg http://www.secuobs.com/revue/news/563305.shtmlhttp://www.secuobs.com/revue/news/563305.shtml 2015-03-12 20:37:14 - Security Bloggers Network : In an effort to crack down on hijacked computers and networks, the Obama administration is seeking expanded powers through an amendment to existing law http://www.secuobs.com/revue/news/563234.shtmlhttp://www.secuobs.com/revue/news/563234.shtml 2015-03-12 19:14:47 - Office of Inadequate Security : Leslie R Caldwell, Assistant Attorney General for the Criminal Division of the Department of Justice writes about the http://www.secuobs.com/revue/news/563223.shtmlhttp://www.secuobs.com/revue/news/563223.shtml 2015-03-05 09:17:04 - SecurityTube.Net : This video is all about BOTNET and how you can control a remote PC and how you can build BOTNET functionality for exploitation process http://www.secuobs.com/revue/news/562223.shtmlhttp://www.secuobs.com/revue/news/562223.shtml 2015-02-27 14:11:42 - Security Bloggers Network : In an international operation coordinated with multiple law enforcement and industry partners, Europol led a takedown of the infrastructure of the Ramnit botnet that infected 32 million Windows computers http://www.secuobs.com/revue/news/561478.shtmlhttp://www.secuobs.com/revue/news/561478.shtml 2015-02-26 20:21:29 - Security Bloggers Network : How can phishing exploits and botnets affect a business The post Phishing, exploits and botnets how can they affect your business appeared first on We Live Security http://www.secuobs.com/revue/news/561356.shtmlhttp://www.secuobs.com/revue/news/561356.shtml 2015-02-26 16:01:43 - LinuxSecurity.com Latest News : LinuxSecuritycom The Ramnit botnet, a favorite among thieves dabbling in financial fraud for its frequent updates, has been shut down in a joint effort spearheaded by Europol's European Cybercrime Centre EC3 http://www.secuobs.com/revue/news/561328.shtmlhttp://www.secuobs.com/revue/news/561328.shtml 2015-02-26 15:10:19 - Security Bloggers Network : The Ramnit botnet that is said to have affected 32 million computers has been shut down by European police The post Europol shuts down Ramnit botnet used to steal bank details appeared first on We Live Security http://www.secuobs.com/revue/news/561316.shtmlhttp://www.secuobs.com/revue/news/561316.shtml 2015-02-26 01:32:46 - Slashdot Your Rights Online : An anonymous reader writes The National Crime Agency's National Cyber Crime Unit worked with law enforcement colleagues in the Netherlands, Italy and Germany, co-ordinated through Europol's European Cybercrime Centre, to shut down command and control servers used by the RAMNIT botnet Investigators believe that RAMNIT may have infected over three million computers worldwide, with around 33,000 of those being in the UK It has so far largely been used to attempt to take money from bank accounts IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/561209.shtmlhttp://www.secuobs.com/revue/news/561209.shtml 2015-02-25 16:39:37 - Ars Technica Risk Assessment : Target botnet Ramnit is one of the biggest botnets in the world http://www.secuobs.com/revue/news/561130.shtmlhttp://www.secuobs.com/revue/news/561130.shtml 2015-02-25 16:03:43 - Security Bloggers Network : Responsible for a great deal of the hacking, spamming and malware every day here are some of the worst botnets of all time The post Nine bad botnets and the damage they did appeared first on We Live Security http://www.secuobs.com/revue/news/561121.shtmlhttp://www.secuobs.com/revue/news/561121.shtml 2015-02-25 16:03:43 - Security Bloggers Network : Europol and international law enforcement agencies have disrupted the activities of a botnet thought to have infected 32 million computers worldwide http://www.secuobs.com/revue/news/561118.shtmlhttp://www.secuobs.com/revue/news/561118.shtml 2015-02-25 14:05:31 - Help Net Security : The National Crime Agency s National Cyber Crime Unit NCCU worked with law enforcement colleagues in the Netherlands, Italy and Germany, co-ordinated through Europol s European Cybercrime Centre EC http://www.secuobs.com/revue/news/561094.shtmlhttp://www.secuobs.com/revue/news/561094.shtml 2015-02-24 22:12:43 - Office of Inadequate Security : Today in Washington, DC, the US State Department, the Department of Justice, and the FBI announced a reward of up to 3 http://www.secuobs.com/revue/news/560973.shtmlhttp://www.secuobs.com/revue/news/560973.shtml 2015-02-12 03:49:18 - SecurityTube.Net : This is the first Demonstration about a small project that i'm working on, which i'm going to share it with you by recording a video series explaining how to build one from scratch using Python http://www.secuobs.com/revue/news/559207.shtmlhttp://www.secuobs.com/revue/news/559207.shtml 2015-01-31 21:44:07 - Security Bloggers Network : The once-mighty botnet is now only a shadow of its former self, but it's reputation alone still makes it a headline grabber http://www.secuobs.com/revue/news/557461.shtmlhttp://www.secuobs.com/revue/news/557461.shtml 2015-01-30 19:51:09 - Security Bloggers Network : IMAGE Each week, the PhishLabs team posts The Week in Cybercrime TWIC to recap noteworthy cybercrime articles and reports open source http://www.secuobs.com/revue/news/557345.shtmlhttp://www.secuobs.com/revue/news/557345.shtml 2015-01-29 16:17:04 - Security Bloggers Network : ESET's researchers recently encountered a piece of malware targeting the filling of the forms belonging to the Consulate of Poland To understand why it is first necessary to have a brief look at the application process for visas The post MSIL AgentP http://www.secuobs.com/revue/news/557135.shtmlhttp://www.secuobs.com/revue/news/557135.shtml 2015-01-29 13:24:47 - Security Bloggers Network : The notorious ZeroAccess botnet operation is back in full swing, infecting PCs, stealing data and diverting advertiser revenue http://www.secuobs.com/revue/news/557103.shtmlhttp://www.secuobs.com/revue/news/557103.shtml 2015-01-28 10:22:58 - Acunetix Web Application Security Blog : A report recently published by Imperva has reported that more than half of web traffic comes from bots rather than human visitors They have also noted some changes in the type of bots observed, including a predictable yet worrying trend in impersonator bots, which now account for 22pourcents of bot traffic Overall, 29pourcents of all Read More The post With DDoS attacks on the rise, could you be a botnet zombie appeared first on Acunetix http://www.secuobs.com/revue/news/556921.shtmlhttp://www.secuobs.com/revue/news/556921.shtml 2015-01-02 13:19:40 - Security Bloggers Network : Financial and personal data increases in value, botnet use rises Are companies doing enough to stem the flow http://www.secuobs.com/revue/news/552762.shtmlhttp://www.secuobs.com/revue/news/552762.shtml 2014-12-15 13:55:28 - SecurityTube.Net : Baris Coskun and Suhas Mathur of AT T Security Research Talk about the P2P botnet ecosystem Originally recorded at the 2011 AT T Cyber Security Conference To see replays of this talk with the original slides, please visit For More Information please visit - https tawksterattcom securityconference For More Information please visit - https tawksterattcom securityconference http://www.secuobs.com/revue/news/550181.shtmlhttp://www.secuobs.com/revue/news/550181.shtml 2014-11-25 07:35:22 - SecurityTube.Net : Over the years, botnet creators have implemented various methods for protecting their networks, and especially their command and control servers Since hiding a C C means that the botnet will remain running for longer, specialized hosting services that are able to hide a server behind many proxies have appeared During one of our investigations, we discovered a network of this type, which currently has 10 'clients' 10 servers distributing different malware families This proxy network has two types of redirection, one on the HTTP standard port protecting the C C servers and the other on the UDP standard port protecting a dedicated server that handles the DNS resolution for domains generated by Domain Generation Algorithms or chosen at will This infrastructure is designed in such a way as to allow critical changes to be made in the shortest time So, any abuse report regarding the proxy nodes is handled immediately The so-called 'cleaning' is done by making some minor changes to the configuration of the proxy nodes This is usually achieved through changing the proxies between 'clients' Therefore the financial loss caused by interruption of the malware is very small In this paper we will emphasize the architecture of this network and the changes made during the time we have been monitoring it In the end we will present some examples of malware families that make use of it For More information please visit - https wwwvirusbtncom index IMAGE http://www.secuobs.com/revue/news/547093.shtmlhttp://www.secuobs.com/revue/news/547093.shtml 2014-11-21 15:54:16 - LinuxSecurity.com Latest News : LinuxSecuritycom The NotCompatible mobile malware has reached a new level of sophistication, according to a new report from San Francisco-based mobile security company Lookout, Inc http://www.secuobs.com/revue/news/546670.shtmlhttp://www.secuobs.com/revue/news/546670.shtml 2014-11-19 18:02:58 - Help Net Security : A new, more sophisticated and more stealthy version of the NotCompatible Android Trojan continues to strengthen one of the most long-lived and advanced mobile botnets ever to exist since mid-2012 http://www.secuobs.com/revue/news/546269.shtmlhttp://www.secuobs.com/revue/news/546269.shtml 2014-11-18 06:15:25 - SecurityTube.Net : What happens when computer criminals start using friendly cloud services for malicious activities In this presentation, we explore how to ab use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments Oh Also, we violate the hell out of some terms of service We explore just how easy it is to generate massive amounts of unique email addresses in order to register free trial accounts, deploy code, and distribute commands C2 We managed to build this cloud-based botnet all for the low cost of 0 and semi-legally This botnet doesn't get flagged as malware, blocked by web filters, or get taken over This is the stuff of nightmares While riding on the fluffy Kumobot kumo means cloud in Japanese , it was discovered that we were not the only ones doing this With the rise of crypto currency we now face the impending rise of botnets that mine for digital gold on someone else's systems with someone else's dime footing the electric bill Through our efforts in building a cloud-based botnet we built enough tools to share a framework for penetration testers and security researchers The anti-anti-automation framework will show those tasked with defense exactly what it looks like when their free trial gets assaulted For More Information Please visit - http blackhatcom IMAGE http://www.secuobs.com/revue/news/545924.shtmlhttp://www.secuobs.com/revue/news/545924.shtml 2014-11-06 07:23:59 - SecurityTube.Net : Bot herders deploy Command and Control C C panels for commanding and collecting exfiltrated data from the infected hosts on the Internet To protect C C panels, bot herders deploy several built-in software-centric protection mechanisms to restrict direct access to these C C panels However, there exist fundamental mistakes in the design and deployment of these C C panels that can be exploited to take complete control This talk discusses about the methodology of launching reverse attacks on the centralized C C panels to derive intelligence that can be used to build automated solutions This research reveals how to detect vulnerabilities and configuration flaws in the remote C C panels and exploit them by following the path of penetration testing This talk is derived from the real time research in which several C C panels were targeted and intelligence was gathered to attack the next set of C C panels A number of case studies will be discussed to elaborate step-by-step process of attacking and compromising C C panels This talk also demonstrates the use of automated tools authored for making the testing easier for the researchers For More Information Please visit - http blackhatcom IMAGE http://www.secuobs.com/revue/news/544022.shtmlhttp://www.secuobs.com/revue/news/544022.shtml 2014-10-28 14:33:39 - LinuxSecurity.com Latest News : LinuxSecuritycom Shellshock continues to reverberate Attackers are exploiting recently discovered vulnerabilities in the Bash command-line interpreter in order to infect Linux servers with a sophisticated malware program known as Mayhem http://www.secuobs.com/revue/news/542903.shtmlhttp://www.secuobs.com/revue/news/542903.shtml 2014-10-28 00:57:52 - Reverse Engineering : submitted by chubbymaggie link comment http://www.secuobs.com/revue/news/542799.shtmlhttp://www.secuobs.com/revue/news/542799.shtml 2014-10-17 09:22:40 - SecurityTube.Net : As much as we are trying to ignore it, IPv6 is here And IPv6 has real problems In my talk I ll discuss some of these problems, and show a design for a botnet command and control system that will be extremely resistant to takedown For More Information Please visit - https wwwderbyconcom http wwwirongeekcom iphp page videos derbycon4 mainlist IMAGE http://www.secuobs.com/revue/news/540864.shtmlhttp://www.secuobs.com/revue/news/540864.shtml 2014-10-10 23:09:48 - Security Bloggers Network : IMAGE Each week, the PhishLabs team posts The Week in Cybercrime TWIC to recap noteworthy cybercrime articles and reports open source IMAGE http://www.secuobs.com/revue/news/539587.shtmlhttp://www.secuobs.com/revue/news/539587.shtml 2014-10-07 00:10:09 - Ars Technica Risk Assessment : Apple continually updates a short list of known malware to prevent new installs http://www.secuobs.com/revue/news/538822.shtmlhttp://www.secuobs.com/revue/news/538822.shtml 2014-10-06 19:56:02 - Help Net Security : Apple has released an update for its XProtect anti-malware system which makes it detect three different version of the iWorm OS backdoor malware discovered last week by AV specialists from Dr Web http://www.secuobs.com/revue/news/538778.shtmlhttp://www.secuobs.com/revue/news/538778.shtml 2014-10-06 08:03:51 - SecurityTube.Net : This talk will explore the latest DDoS attack techniques Using recent and high profile DDoS attacks, we will exam core attack patterns against the availability of an asset Leveraging cloud-based elastic computing, we will showcase methods for simulating DDoS attacks and provide a toolkit that attendees can use to perform their own DDoS test cases For More Information Please visit - https wwwderbyconcom http wwwirongeekcom iphp page videos derbycon4 mainlist IMAGE http://www.secuobs.com/revue/news/538661.shtmlhttp://www.secuobs.com/revue/news/538661.shtml 2014-10-06 07:44:20 - CNIS mag : Cette technique décrite sur le blog de Dr Web n est pas sans rappeler ce proof of concept très visionnaire développé en 2010 par Itzik Kotler et Ziv Gadot le botnet qui prend ses ordres d une publication en ligne ou d un réseau social Mais celui découvert par les chasseurs de virus Russes n est http://www.secuobs.com/revue/news/538658.shtmlhttp://www.secuobs.com/revue/news/538658.shtml 2014-10-04 01:03:18 - Ars Technica Risk Assessment : MacBackDooriWorm used Minecraft server subreddit for command and control http://www.secuobs.com/revue/news/538506.shtmlhttp://www.secuobs.com/revue/news/538506.shtml 2014-10-03 22:29:20 - Security Bloggers Network : The post New Mac Botnet Commands 17,000 Infected Computers via Reddit appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/538489.shtmlhttp://www.secuobs.com/revue/news/538489.shtml 2014-10-02 16:09:45 - Reverse Engineering : submitted by sh3dow link comment http://www.secuobs.com/revue/news/538173.shtmlhttp://www.secuobs.com/revue/news/538173.shtml 2014-10-02 14:29:11 - Security Bloggers Network : Security researchers believe that they have uncovered a new botnet, which has recruited thousands of Mac computers And Reddit is helping the botmasters communicate with the infected Mac computers IMAGE http://www.secuobs.com/revue/news/538141.shtmlhttp://www.secuobs.com/revue/news/538141.shtml 2014-10-02 14:28:18 - Help Net Security : New malware targeting Mac machines, opening backdoors on them and roping them into a botnet currently numbering around 17,000 zombies has been spotted and analyzed by malware researchers of Russian AV http://www.secuobs.com/revue/news/538138.shtmlhttp://www.secuobs.com/revue/news/538138.shtml 2014-10-01 20:18:50 - Global Security Mag Online : En Septembre 2014, les spécialistes de Doctor Web ont analysé plusieurs nouvelles menaces ciblant Mac OS X L'une d'entre elles est un backdoor multifonctions ajouté à la base virale sous le nom MacBackDooriWorm A ce jour, les statistiques indiquent qu'un peu plus de 17 000 adresses IP uniques de Mac sont infectées par ce malware Les pirates ont utilisé les langues C et Lua, ainsi que la cryptographie Lors de son installation, le Trojan se décompresse dans le dossier Library Application - Malwares http://www.secuobs.com/revue/news/538005.shtmlhttp://www.secuobs.com/revue/news/538005.shtml 2014-09-28 09:32:18 - TrendLabs Security Intelligence Blog : One of the implications of the Bash Bug vulnerability also referred to as Shellshock is that cybercriminals and attackers can use it to launch DDoS attacks against enterprises and large organizations True enough, there are reports already mentioning that there are botnet attacks against certain institutions which employed the vulnerability A botnet is a network Post from Trendlabs Security Intelligence Blog - by Trend Micro Shellshock Vulnerability Used in Botnet Attacks http://www.secuobs.com/revue/news/537229.shtmlhttp://www.secuobs.com/revue/news/537229.shtml 2014-09-27 00:48:48 - TrendLabs Security Intelligence Blog : One of the implications of the Bash Bug vulnerability also referred to as Shellshock is that cybercriminals and attackers can use it to launch DDoS attacks against enterprises and large organizations True enough, there are reports already mentioning that there are botnet attacks against certain institutions which employed the vulnerability A botnet is a network Post from Trendlabs Security Intelligence Blog - by Trend Micro Bash Bug Vulnerability Used in Botnet Attacks http://www.secuobs.com/revue/news/537105.shtmlhttp://www.secuobs.com/revue/news/537105.shtml 2014-09-26 16:25:37 - LinuxSecurity.com Latest News : LinuxSecuritycom With a bug as dangerous as the shellshock security vulnerability discovered yesterday, it takes less than 24 hours to go from proof-of-concept to pandemic As of Thursday, multiple attacks were already taking advantage of that vulnerability, a long-standing but undiscovered bug in the Linux and Mac tool Bash that makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request http://www.secuobs.com/revue/news/537005.shtmlhttp://www.secuobs.com/revue/news/537005.shtml 2014-09-10 08:55:14 - SecurityTube.Net : Having worked to defend against some of the largest botnets to date I have gathered information on how easily they form and are executed I would like to present these findings, do a demonstration, and present some thoughts on how to defend against these types of attacks For More Information please visit - http carolinaconorg IMAGE http://www.secuobs.com/revue/news/534158.shtmlhttp://www.secuobs.com/revue/news/534158.shtml 2014-09-08 11:51:35 - Help Net Security : Here's an overview of some of last week's most interesting news, podcasts, and articles IT security is a matter of accountability The CEO has always had responsibility for the overall growth an http://www.secuobs.com/revue/news/533439.shtmlhttp://www.secuobs.com/revue/news/533439.shtml 2014-09-05 20:17:43 - Symantec Connect Security Response Billets : Botnet targets Apple customers, launching phishing email campaign to lure victims into disclosing their Apple IDs and passwords Read more http://www.secuobs.com/revue/news/533264.shtmlhttp://www.secuobs.com/revue/news/533264.shtml 2014-09-03 19:02:18 - Help Net Security News : The Semalt botnet is quickly spreading across the Internet, Incapsula researchers warn The botnet is named after a Ukrainian startup that poses as a legitimate online SEO service, and it current http://www.secuobs.com/revue/news/532838.shtmlhttp://www.secuobs.com/revue/news/532838.shtml 2014-09-03 13:19:22 - Help Net Security News : Akamai Technologies is alerting enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems Malicious actors may use infected Linux systems to launch DDoS attacks against t http://www.secuobs.com/revue/news/532784.shtmlhttp://www.secuobs.com/revue/news/532784.shtml 2014-08-26 21:50:27 - Computer Security News : A recent spam campaign encouraged Russian speakers to install malware on their computers to participate in DDoS attacks, researchers said The cybercriminal gang behind the Kelihos botnet is tricking users into installing malware on their computers by appealing to pro-Russian sentiments stoked by recent international sanctions against the country http://www.secuobs.com/revue/news/531670.shtmlhttp://www.secuobs.com/revue/news/531670.shtml 2014-08-25 18:45:49 - Help Net Security News : The cyber crooks behind the Kelihos botnet are, once again, trying to swell the number of computers included in it They are trying a novel approach posing as a community Russian programmers, http://www.secuobs.com/revue/news/531434.shtmlhttp://www.secuobs.com/revue/news/531434.shtml 2014-08-23 03:58:05 - Security Labs : Websense Security Labs has come across an interesting campaign, targeting Russian nationals, trying to lure them to download and run executables on their computers, under the guise of attacking Western government websites This is presented as a crowd-sourcing effort to retaliate against the governments that imposed sanctions on Russia following the conflict in Ukraine In fact, the unfortunate victims' machines fall prey to the Kelihos spam botnet Kelihos aka Hlux is a long running trojan bot backdoor family, with different variants having capabilities, such as Sending out spam email Sniffing sensitive information such as passwords for different protocols Stealing Bitcoin wallet contents Bitcoin mining Backdoor access to victims' computers Participating in DDoS distributed denial of service attacks Downloading additional malware Over the years, there have been several efforts to take down the botnet, but it seems the cyber criminals behind Kelihos are trying to revive and expand the botnet Following topical events as a lure is a technique we have seen in the past to distribute Kelihos, such examples were two large campaigns in 2013, that leveraged the RedKit Exploit kit to drop Kelihos on victims' computers That in turn, led to a series of stock pump dump campaigns, for financial gains Looking at Websense ThreatSeeker Intelligence Cloud telemetry of total hits to a specific type of webpages associated with Kelihos, we can see why the cyber criminals might be trying to expand We saw that after a big spike around April 2014, there seems to be a decrease in recent months, with a gradual uptick in August 2014 It's possible this is the beginning of the expansion efforts What's different about this case is that instead of appealing to the victims' sense of curiosity, the cyber criminals appeal to patriotic sentiments see details in analysis below , blatantly saying that they will run malware on the intended targets' computers, but without disclosing the true nature of the malware The variants we have analyzed so far in this campaign seem to have the spambot and sniffing functionality no DDoS behavior has been observed during preliminary analysis Even so, the damage for a business allowing their infrastructure to run such malware could be significant blacklisting for example Websense customers are protected from this threat by ACE, our Advanced Classification Engine, at the following stages out of the seven-stage process Stage 2 Lure - ACE has detection for the URLs in the email lures, and Websense email security products block the email lures Stage 5 Dropper Files - ACE has detection for the binary files associated with this attack Stage 6 Call Home - Communication to the associated Command Control C2 servers is prevented Note that this campaign does not use stages 3 4, details below Analysis The campaign started on August 20, 2014, and included email, such as this example The subject and body vary, but they are all similarly themed Here is a translation by Google of the above text Subject Help their homeland We, the community of programmers from Russia, thrilled unreasonable sanctions that the United States imposed against Russia We have created your answer, then you will find a link to a program written by us Open it on your computer, and it will begin secretly to attack government websites of the countries that imposed these sanctions The program operates silently, consumes no more than 5pourcents of your online channel, no more than 20MB of traffic per day, and takes almost no processing power After reboot the computer program completes its work, and if you want to - you can run it again manually Together, we - the power Link to file hxxp 8023423118 setupexe Spare link hxxp 1763613168 setupexe As we mentioned, the text varies, and some of the messages carry a helpful tip to disable AV while running the executable Between August 20 and August 21, 2014, Websense Cloud Email Security has proactively blocked over 100,000 malicious messages from this campaign, all were sent to recipient addresses with ru TLD These are the subjects we observed Since the campaign tries to appeal to would-be cyber warriors, there is no need to disguise the fact that an executable will be run on the victims' computers therefore, the messages contain URLs with direct download links, such as The files hosted on these locations change to try to avoid AV detection At the time of the attack, AV detection was low 7 53 in one example, and 3 53 in another Here is a sample Websense Threatscope sandbox report for a file dropped in this attack Kelihos uses the Winpcap driver to monitor connections and sniff passwords from different protocols, mainly targeting SMTP so that mail can potentially be sent from seemingly legitimate email addresses When run on the victims' computers, the bot contacts the Command Control C2 infrastructure over TCP, then sends an encrypted GET request to the C2 URLs hosted in Russia and Ukraine , such as Where the configuration is downloaded Additionally, the bot gets a list of content links to spam from URLs such as Shortly afterwards, the bot makes DNS queries for mail servers And starts to send out email, in this case, the same kind that were observed earlier asking to download the executable Summary In this blog, we have seen an attempt by cyber criminals behind a long running bot network to expand and revive their operation, after a period of relative stagnation The tactic of playing on national pride to use the victims for another nefarious purpose is somewhat unique the criminals behind the campaign did not hide the fact that they are pointing to malware, just failed to mention that the immediate result of running it would be to join a spam botnet Since the dropper files change, it's not out of the question that a variant with DDoS capabilities would be used, but nonetheless, businesses should make sure they are protected against any such malware using comprehensive security solutions, both for inbound and outbound protection Contributors Ran Mosessco, Nick Griffin, Brandon Laux http://www.secuobs.com/revue/news/531194.shtmlhttp://www.secuobs.com/revue/news/531194.shtml 2014-08-22 20:05:26 - Security Bloggers Network : This is the second blog post in the Attacking financial malware botnet panels series After playing with Zeus, my attention turned to another old and dead botnet, SpyEye From an ITSEC perspective, SpyEye shares a lot of vulnerabilities with Zeus IMAGE http://www.secuobs.com/revue/news/531126.shtmlhttp://www.secuobs.com/revue/news/531126.shtml 2014-08-21 00:01:46 - Ars Technica Risk Assessment : The botnet that the government shut down is back, with some changes http://www.secuobs.com/revue/news/530772.shtmlhttp://www.secuobs.com/revue/news/530772.shtml 2014-08-15 19:14:54 - Darknet The Darkside : http://www.secuobs.com/revue/news/530117.shtmlhttp://www.secuobs.com/revue/news/530117.shtml 2014-08-15 17:28:06 - Help Net Security News : It's already widely known that the Gameover Zeus gang, whose activity has been temporarily foiled by a successful multi-national law enforcement takedown in June, is trying to regain lost ground http://www.secuobs.com/revue/news/530095.shtmlhttp://www.secuobs.com/revue/news/530095.shtml 2014-08-08 17:49:27 - Security Bloggers Network : Chances are that every day your email address receives more than its fair share of spam messages But have you ever wondered how all that spam was sent in the first place Learn more in my article on the Intralinks blog IMAGE http://www.secuobs.com/revue/news/529042.shtmlhttp://www.secuobs.com/revue/news/529042.shtml 2014-08-07 16:32:48 - LinuxSecurity.com Latest News : LinuxSecuritycom The situation we're in with advertising is a lot like where the banks are, where everyone has struggled with the fact that you can't trust the other end of the connection, says White Ops CEO Michael Tiffany It's the same cookies, user information, etc But one is real, and the other is fake http://www.secuobs.com/revue/news/528816.shtmlhttp://www.secuobs.com/revue/news/528816.shtml 2014-08-01 15:34:45 - SecurityTube.Net : Stormfucker Owning the Storm Botnet In the talk we will demonstrate how to own the storm botnet live demo included For More Information please visit - http eventscccde congress 2008 Fahrplan speakersenhtml IMAGE http://www.secuobs.com/revue/news/527974.shtmlhttp://www.secuobs.com/revue/news/527974.shtml 2014-07-28 21:46:00 - Fortinet Blog News and Threat Research All Posts : Asprox, aka Zortob, is an old botnet that was uncovered in 2007 It is known to spread by arriving as an attachment in spam emails that purport to be from well-known companies The attachment itself is disguised as a legitimate document file by using icons such as those of a doc or pdf file Figure 1 Asprox malware posing as a Microsoft Word document This blog post will give an overview on Asprox s functionality with a focus on the changes in its communication with the comman http://www.secuobs.com/revue/news/527278.shtmlhttp://www.secuobs.com/revue/news/527278.shtml 2014-07-25 18:16:12 - Security Bloggers Network : Two researchers have built a botnet using free anonymous accounts They only collected 1,000 accounts, but there's no reason this can't scale to much larger numbers IMAGE http://www.secuobs.com/revue/news/526986.shtmlhttp://www.secuobs.com/revue/news/526986.shtml 2014-07-25 07:31:27 - SecurityTube.Net : Traditional techniques for detecting malware, such as viruses, worms and rootkits, rely on identifying virus-specific signature definitions within network traffic, applications or memory Because a sample of malware is required to define an attack signature, signature detection has drawbacks when accounting for morphism, has limited use in Zero-Day protection and is a post-infection technique requiring malware to be present on a network, or device, in order to be detected Botnets are ideally suited for launching mass Distributed Denial of Services DDoS attacks against the ever increasing number of networked devices that are starting to form the Internet of Things, and ultimately Smart Cities Regardless of topology centralised with Command Control servers C C , or distributed peer-to-peer P2P , Bots must communicate with the other Bots in the Botnet, as well as their overall commanding Botmaster This communication traffic can be used to detect malware activity in the cloud well before it has been able to evade network perimeter defences, and to determine a route back to source to take down the threat This presentation highlights the main drawbacks of traditional signature based detection methods It discusses the alternative techniques of cloud based traffic analysis for pre-infection detection of malware, in particular Botnets, which can be performed on Big Data being generated by Service Providers, and demonstrates how cloud centric traffic based detection techniques can be used to complement traditional signature based anti-malware and overcome some of its drawbacks Finally, this presentation identifies a lack of techniques for detecting malicious Bot activity within virtual environments, which now form the backbone of data centre infrastructure, and provide a new, as of yet untapped, attack vector for future malware This identification of a lack of techniques works as a pre-cursor to my PhD research which is to detect malware behaviour within virtual environments For More Information please visit - https 2014appseceu IMAGE http://www.secuobs.com/revue/news/526862.shtmlhttp://www.secuobs.com/revue/news/526862.shtml 2014-07-24 16:21:36 - LinuxSecurity.com Latest News : LinuxSecuritycom Hackers have long used malware to enslave armies of unwitting PCs, but security researchers Rob Ragan and Oscar Salazar had a different thought Why steal computing power from innocent victims when there's so much free processing power out there for the taking http://www.secuobs.com/revue/news/526752.shtmlhttp://www.secuobs.com/revue/news/526752.shtml 2014-07-22 07:19:24 - Security Bloggers Network : The post Security Slice Bitcoins and Botnets appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/526297.shtmlhttp://www.secuobs.com/revue/news/526297.shtml 2014-07-18 22:20:25 - Security Bloggers Network : Each week, the PhishLabs team posts The Week in Cybercrime TWIC to recap noteworthy cybercrime articles and reports open source Three Reasons Why Account Takeover Is Still a Big Problem There's been a lot of buzz in financial industry media and conference tracks lately about account takeover, or ATO And financial institutions are rightly concerned According to a study conducted last year, losses due to ATO fraud have grown 69 percent and account for more than 46 billion in losses yes, that's billion with a B Crooks Seek Revival of 'Gameover Zeus' Botnet Krebs on Security Cybercrooks recently began attempting to resurrect the Gameover ZeuS botnet by sending out spam with phishing lures that include zip files booby-trapped with a new variant of the malware This revival attempt comes nearly a month after the FBI joined with several nations, researchers and security firms in a global effort to shutdown the botnet The original Gameover ZeuS botnet, which has been blamed for the theft of more than 100 million worldwide, remains locked down this new variant appears to be rebuilding the botnet from scratch IMAGE http://www.secuobs.com/revue/news/525955.shtmlhttp://www.secuobs.com/revue/news/525955.shtml 2014-07-18 18:40:48 - Help Net Security News : A new malware that researchers have dubbed Mayhem is being used to target Linux and Unix web servers and has so far compromised over 1,400 Linux and FreeBSD servers around the world, warn researchers http://www.secuobs.com/revue/news/525925.shtmlhttp://www.secuobs.com/revue/news/525925.shtml 2014-07-17 14:05:46 - Help Net Security News : According to industry estimates, botnets have caused over 9 billion in losses to US victims and over 110 billion in losses globally Approximately 500 million computers are infected globally each y http://www.secuobs.com/revue/news/525663.shtmlhttp://www.secuobs.com/revue/news/525663.shtml 2014-07-16 09:22:40 - Fortinet Blog News and Threat Research All Posts : Every 60 seconds 47,000 applications are downloaded off the internet Evidently, most of us don t think twice about downloading a song, widget, app, image or even malware Downloading is so second nature to us that a popular phishing scheme thrives on our carefree downloading reflex Say hello to Torpig A drive-by download is when a website suddenly prompts you to do something, such as a click here to close this ad Many unsuspecting web surfers simply hi http://www.secuobs.com/revue/news/525369.shtmlhttp://www.secuobs.com/revue/news/525369.shtml 2014-07-14 19:26:04 - Security Bloggers Network : IMAGE Satya should set his alarms to get up early for this The United States Senate's Committee on the Judiciary is slated to begin an investigation into the recent botnet slam-dunk, in which, Microsoft Corporation NasdaqGS MSFT is accused in the popular press of heavy-handedness The Committee will commence with it's scrutiny tomorrow morning, in the Other Washington Washington, DC, that is at the Dirksen Senate Office Building specifically in Dirksen 226 , at 2 30PM on Tuesday, July 15th, with United States Senator Whitehouse presiding over the meeting Promises to be a at the very least, interesting IMAGE http://www.secuobs.com/revue/news/525073.shtmlhttp://www.secuobs.com/revue/news/525073.shtml 2014-07-10 18:04:25 - Security Bloggers Network : BrutPOS Another day, another botnet This is how HP TippingPoint is protecting you IMAGE http://www.secuobs.com/revue/news/524603.shtmlhttp://www.secuobs.com/revue/news/524603.shtml 2014-07-10 12:38:21 - Global Security Mag Online : Le mois de juin a été marqué par une hausse des spams 69,9 pourcents en mai 2014, contre 75,6 pourcents en juin 2014 Chez Vade Retro, on explique cette augmentation par le réveil de nouveaux réseaux de botnets, notamment rendu possible par la multitude des postes utilisateurs infestés et utilisés par les spammeurs comme PC zombies , qui n'est pas sans rappeler le botnet Zeus Ainsi, le laboratoire Vade Retro a détecté des vagues de spams contenant des pièces jointes vérolées, destinées à infecter les réseaux - Malwares http://www.secuobs.com/revue/news/524546.shtmlhttp://www.secuobs.com/revue/news/524546.shtml 2014-07-09 17:06:44 - Security Bloggers Network : There have been an increasing number of headlines about breaches at retailers in which attackers have made off with credit card data after compromising point-of-sale POS terminals However, what is not commonly discussed is the fact that one third of Continue reading IMAGE http://www.secuobs.com/revue/news/524398.shtmlhttp://www.secuobs.com/revue/news/524398.shtml 2014-07-09 09:15:41 - Fortinet Blog News and Threat Research All Posts : You have one new notification Most people don t think twice about a message from a friend on instant messenger, a link to a funny video from a work colleague, or a USB drive with the latest family album Most of us also assume the next best cat meme isn t going to offload our banking passwords to a remote server, hijack our system for DoS attacks, or hide all the files on our desktop Unfortunately, Dorkbot does all of these things Fortinet s threat research division, F http://www.secuobs.com/revue/news/524311.shtmlhttp://www.secuobs.com/revue/news/524311.shtml 2014-07-08 17:43:47 - Security Bloggers Network : Coordinated botnet disruptions have increased in pace and popularity over the last few years as more private companies work with international law enforcement agencies to combat malware infections on a grand scale Operation Tovar, announced on June 2 2014, is Continue reading IMAGE http://www.secuobs.com/revue/news/524173.shtmlhttp://www.secuobs.com/revue/news/524173.shtml 2014-06-28 16:21:24 - Computer Security News : Over the last few weeks our media have been enjoying a classic technology scare story, involving shadowy white-hatted hackers, more shadowy black-hatted hackers and the possibility that the pricey electronic equipment lurking in our homes may not have our best interests at heart - as if we hadn't guessed http://www.secuobs.com/revue/news/522696.shtmlhttp://www.secuobs.com/revue/news/522696.shtml 2014-06-26 21:56:20 - Computer Security News : In what is considered to be a natural evolution of tactics used by cybercriminals to infiltrate corporate networks, security firm Trend Micro has new evidence that more botnets and malware are being not only hosted in the cloud, but controlled remotely from cloud servers http://www.secuobs.com/revue/news/522457.shtmlhttp://www.secuobs.com/revue/news/522457.shtml 2014-06-23 18:03:26 - Security Bloggers Network : Relying on the systematic release of DIY do-it-yourself mobile malware generating tools, commercial availability of mobile malware releases intersecting with the efficient exploitation of legitimate Web sites through fraudulent underground traffic exchanges, as well as the utilization of cybercrime-friendly affiliate based revenue sharing schemes, cybercriminals continue capitalizing on the ever-growing Android mobile market segment for the purpose of achieving a positive ROI return on investment for their fraudulent activities We ve recently spotted yet another underground market proposition offering access to Android-based infected devices Let s take a peek inside its Web-based command and control interface, discuss its features, as well as the proposition s relevance The post A peek inside a commercially available Android-based botnet for hire appeared first on Webroot Threat Blog IMAGE http://www.secuobs.com/revue/news/520275.shtmlhttp://www.secuobs.com/revue/news/520275.shtml 2014-06-16 21:11:13 - Security Bloggers Network : The post Asprox Botnet Campaign Adopts Advanced Evasion Techniques appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/519112.shtmlhttp://www.secuobs.com/revue/news/519112.shtml 2014-06-16 17:12:52 - Security Bloggers Network : Executive Summary FireEye Labs has been tracking a recent spike in malicious email detections that we attribute to a campaign that began in 2013 While malicious email campaigns are nothing new, this one is significant in that we are observing Continue reading IMAGE http://www.secuobs.com/revue/news/519071.shtmlhttp://www.secuobs.com/revue/news/519071.shtml 2014-06-09 10:16:46 - Help Net Security News : Here's an overview of some of last week's most interesting news, interviews, podcasts and articles International action against Gameover Zeus botnet and CyptoLocker ransomware On Friday, 30 May http://www.secuobs.com/revue/news/517781.shtmlhttp://www.secuobs.com/revue/news/517781.shtml 2014-06-06 22:46:50 - Fortinet Blog News and Threat Research All Posts : Earlier this week, the United States Computer Emergency Readiness Team US-CERT released an advisory regarding the GameOver Zeus P2P Malware Along with that advisory was a national press release from the US Department of Justice and the FBI that announced a multi-national effort against the GameOver Zeus botnet GameOver Zeus, aka P2P Zeus, is a sophisticated type of malware that is used by cybercriminals to steal infected hosts banking information, install other malware, and perf http://www.secuobs.com/revue/news/517588.shtmlhttp://www.secuobs.com/revue/news/517588.shtml 2014-06-04 15:03:43 - Help Net Security News : Zeus is a well-known and highly successful crimeware kit - the flat-pack furniture of the virus world It is under constant development by several criminals or groups and new functionalities are const http://www.secuobs.com/revue/news/517055.shtmlhttp://www.secuobs.com/revue/news/517055.shtml 2014-06-04 13:57:21 - Help Net Security Articles : Zeus is a well-known and highly successful crimeware kit - the flat-pack furniture of the virus world It is under constant development by several criminals or groups and new functionalities are const http://www.secuobs.com/revue/news/517047.shtmlhttp://www.secuobs.com/revue/news/517047.shtml 2014-06-03 09:26:50 - SecurityTube.Net : Having worked to defend against some of the largest botnets to date I have gathered information on how easily they form and are executed I would like to present these findings, do a demonstration, and present some thoughts on how to defend against these types of attacks For More Information please visit - http carolinaconorg IMAGE http://www.secuobs.com/revue/news/516808.shtmlhttp://www.secuobs.com/revue/news/516808.shtml 2014-06-03 01:10:11 - OpenDNS Blog : Sometimes, it feels like there s a language barrier between technical and non-technical people Terms like backdoor, rootkit, or zero-day, which may be commonplace to a security professional, often leave users in the dark At OpenDNS, we SpeakSecurity every day and you can too In this post, we define 20 key terms everyone should know Threats The post Honeypots, Botnets, and Spyware, Oh My appeared first on OpenDNS Blog http://www.secuobs.com/revue/news/516735.shtmlhttp://www.secuobs.com/revue/news/516735.shtml 2014-06-02 21:09:29 - Security Bloggers Network : The post Worldwide Law Enforcement Operation Targets Gameover Zeus Botnet and CryptoLocker appeared first on The State of Security IMAGE http://www.secuobs.com/revue/news/516708.shtmlhttp://www.secuobs.com/revue/news/516708.shtml 2014-06-02 20:15:35 - Slashdot Your Rights Online : tsu doh nimh 609154 writes The US Justice Department announced today an international law enforcement operation to seize control over the Gameover ZeuS botnet, a sprawling network of hacked Microsoft Windows computers that currently infects an estimated 500,000 to 1 million compromised systems globally Experts say PCs infected with Gameover are being harvested for sensitive financial and personal data, and that the botnet is responsible for more than 100 million in losses from online banking account takeovers The government alleges that Gameover also was rented out to an elite cadre of hackers for use in online extortion attacks, spam and other illicit moneymaking schemes In a complaint unsealed today, the DOJ further alleges that ZeuS and Gameover are the brainchild of a Russian man named Evgeniy Mikhailovich Bogachev, aka 'Slavik' IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/516697.shtmlhttp://www.secuobs.com/revue/news/516697.shtml 2014-06-02 17:04:37 - Help Net Security News : On Friday, 30 May 2014, law enforcement agencies from across the world, supported by the European Cybercrime Centre EC3 at Europol, joined forces in a coordinated action led by the FBI which ensured http://www.secuobs.com/revue/news/516651.shtmlhttp://www.secuobs.com/revue/news/516651.shtml 2014-06-02 16:07:39 - Security Bloggers Network : The US Justice Department is expected to announce today an international law enforcement operation to seize control over the Gameover ZeuS botnet, a sprawling network of hacked Microsoft Windows computers that currently infects an estimated 500,000 to 1 million compromised systems globally Experts say PCs infected with Gameover are being harvested for sensitive financial and personal data, and rented out to an elite cadre of hackers for use in online extortion attacks, spam and other illicit moneymaking schemes IMAGE http://www.secuobs.com/revue/news/516633.shtmlhttp://www.secuobs.com/revue/news/516633.shtml 2014-05-30 16:13:45 - Fortinet Blog News and Threat Research All Posts : None of us is as good as all of us This quote, attributed to Ray Kroc, co-founder of McDonald s, is echoed in many management and leadership success stories It was the foundation to his business philosophy that not only transformed the fast food industry, but redefined enterprise teamwork and collaboration And today, it embodies our efforts to stop cybercrime In the news today, Fortinet and Palo Alto Networks announced the development of a jointly founded, cyber def http://www.secuobs.com/revue/news/516306.shtmlhttp://www.secuobs.com/revue/news/516306.shtml 2014-05-28 19:46:18 - Darknet The Darkside : http://www.secuobs.com/revue/news/515955.shtmlhttp://www.secuobs.com/revue/news/515955.shtml 2014-05-28 17:48:56 - Security Bloggers Network : Introduction The security community is observing a sensible increase of botnet activities, in particular of cloud-hosted botnets that are mainly based on the Amazon cloud architecture Amazon Go on to the site to read the full article IMAGE http://www.secuobs.com/revue/news/515933.shtmlhttp://www.secuobs.com/revue/news/515933.shtml 2014-05-23 23:48:27 - Security Bloggers Network : Ever heard the saying There is no such thing as a stupid question of course you have, what a stupid question This phrase was most likely meant to encourage people to ask questions Then again, if you re like me, if you come across a question as simple as What is a Botnet , you feel The post CnC Botnet Speak English Already appeared first on OpenDNS Security Labs IMAGE http://www.secuobs.com/revue/news/515277.shtmlhttp://www.secuobs.com/revue/news/515277.shtml 2014-05-23 21:24:22 - Network World on Security : Security researchers uncovered a global cybercriminal operation that infected with malware almost 1,500 point-of-sale POS terminals, accounting systems and other retail back-office platforms from businesses in 36 countries http://www.secuobs.com/revue/news/515262.shtmlhttp://www.secuobs.com/revue/news/515262.shtml 2014-05-17 02:56:33 - Security Bloggers Network : The talent over at MalwareBytes wrote this week about a Zbot dropper which comes from a PDF exploit through a spear-phishing e-mail In their blog, they discuss how a spear-phishing attempts to exploit either CVE-2013-0640 or CVE-2013-2729 User's IMAGE http://www.secuobs.com/revue/news/514020.shtmlhttp://www.secuobs.com/revue/news/514020.shtml 2014-05-13 01:47:37 - Security Bloggers Network : Cybercriminals continuing to systematically release DIY do-it-yourself cybercrime-friendly offerings in an effort to achieve a malicious economies of scale type of fraudulent model which is a concept that directly intersects with our Cybercrime Trends 2013 observations We ve recently spotted yet another subscription-based, DIY keylogging based botnet malware generating tool Let s take a peek inside its Web based interface, and expose the cybercrime-friendly infrastructure behind it More details Sample screenshots of the DIY keylogging platform Next to the standard keylogging features, the botnet malware generating tool also comes with DDoS functionality What s particularly interesting about this tool is that its primary hosting location exposes a cybercrime-friendly The post A peek inside a subscription-based DIY keylogging based type of botnet malware generating tool appeared first on Webroot Threat Blog IMAGE http://www.secuobs.com/revue/news/513157.shtmlhttp://www.secuobs.com/revue/news/513157.shtml 2014-05-07 15:11:20 - Help Net Security News : How long does it take for one out of the box digital video recorder to be compromised with malware once the device has been connected to the Internet The unfortunate answer is just one day When, http://www.secuobs.com/revue/news/512281.shtmlhttp://www.secuobs.com/revue/news/512281.shtml