These documents were also presented last week during a dedicated workshop hosted in Cologne, where different experts from various sectors has attended the event.

The title of our paper is “A Framework For Financial Botnet Analysis“  and will be presented at the Anti Phishing Working Group (APWG) conference that this year will be held in Dallas.  Our work  represents a research study that is still in progress that is  based on developing new detection and mitigation strategies to cope with financial botnets.

The proposed research partially relies on a customized version of the Dorothy Framework by improving its overall development status. The Italian Chapter of the Honeynet Project is proud to see that its work is going to be useful also for such purpose, and this publication will encourage its future research.

The Internet Engineering Task Force IETF approved a customized version of the XML-based Instant Object Description Exchange Format IODEF. Extensions have been added to it that are appropriate for creating standard e-crime reports.

The format allows for unambiguous time stamps, support for different languages and a feature to attach samples of malicious code. It solves the problem facing the security industry of inconsistent reports, which make it harder to spot trends and react faster. [..]

via IETF approves e-crime reporting format – Computerworld.

[..]

Over the years Zeus has been released in a lot of different versions, adding or changing functionality, and is highly flexible in it’s configuration so this is just a snapshot of one version (1.2.7.19), giving an overview of it’s functionality.

In the early part of this blog I will disclose the process involved in building and distributing Zeus botnet in the wild. In the later part, I will discuss how Zeus captures personal information by injecting code dynamically, and finally some thoughts on Command and Control.

[..]

via Computer Security Research – McAfee Labs Blog.

Three-month-long investigation by CTU uncovers inner workings of Russian check counterfeiting operation. SecureWorks has notified and is working with law enforcement on this scam. SecureWorks has protections in place for both the Zeus and the Gozi Trojans which are utilized in this scam.

via Big Boss Check Counterfeiting Ring – Research – SecureWorks.

The latest Zeus bot configuration contains list of targeted financial institution from Spain, Germany, United Kingdom, and USA. The previous versions contains all the list of financial institutions from different countries around the world, while the new version only contains two targeted countries and currently paired as: Spain-Germany and UK-USA

via Zeus Version 3 – Target Spain, Germany, UK, and USA Banks – CA Security Advisor Research Blog.

According to CA , Spanish financial institutions appears to be the most targeted (26%) by this new version of ZBot.

We recently received a report of a new phishing attack that originated from Mexico. It takes advantage of the controversial news about an allegedly missing four-year-old girl, Paulette Gebara Farah, who was later found dead in her own bedroom.

Users who are following the said news may fall prey to this attack by visiting the page http://www.knijo.{BLOCKED}0.net/fotografias-al-desnudo-de-la-mama-de-paulette.htm, which contains an article about Paulette and claims to show nude photos of her mother. When a user accesses this page, a fake dialog box pops up and requests the user to download and install Adobe Flash Player.

via Tequila Botnet Targets Mexican Users | Malware Blog | Trend Micro.

This time, the malware upholds it notorious reputation with a new version related to previous detections TSPY_ZBOT.CRM and TSPY_ZBOT.CQJ.

ZBOT variants steal account credentials when users visit various social networking, online shopping, and bank-related websites. They have rapidly become popular tools for cybercriminals to use, thanks to exceptional information-stealing routines and rootkit capabilities, which allows them to stay stealthy and to affect users’ systems without their knowledge.

via Trend Micro.

PandaLabs published its report analyzing the IT security events and incidents of the first three months of the year.

The amount of new malware in circulation has continued to increase. In this first quarter, the most prevalent category was once again banker Trojans, accounting for 61% of all new malware.

The second placed category was traditional viruses (15.13%) despite having practically disappeared in recent years.

via 61% of new threats are banker Trojans.