Security researchers have identified a Zbot component designed for Android which steals mobile transaction authentication numbers send by banks via SMS.ZeuS, aka Zbot, is one of the most popular banking trojans. Even though the original author of the malware has retired, the source code is available online for anyone to modify and fit it to their needs.Zbot originally targeted desktop systems and stole financial information and online banking credentials which fraudsters exploited.

via Zbot Targets Android Users – Softpedia.

The fact that TDL-4 code shows active development — a rootkit for 64-bit systems, the malware running prior to operating system start launches, the use of exploits from Stuxnet’s arsenal, P2P technology, its own ‘antivirus’ and a lot more — place TDSS firmly in the ranks of the most technologically sophisticated, and most complex to analyze, malware.

via TDL4 – Top Bot – Securelist.

I’d like to announce that our yearly annual report has just been published.

In addition, in our repository you can find the slides of the talks that I had at the Honeynet annual workshop.

enjoy.

The backdoor offers very simple functionality, mainly to load other components. It has some common tricks to hide itself in the infected machine, in order to make it more difficult for a user to notice its presence.

The main commands that can be sent to the backdoor are: download and run an executable, download and install a plugin, update the bot itself, reboot the machine, and uninstall the bot. The main purpose of this backdoor is therefore to offer a gateway to the attacker so that he can download and install his own malware.

This backdoor is not very widespread yet, but it has the potential to evolve into a more dangerous threat in the future; as always, we recommend the users to update their software and security products, and to use common sense in order to avoid malware.

via Dream Loader: the new bot C&C engine of your dreams | Symantec Connect.

We were able to further investigate a command-and-control C&C server of a SpyEye botnet, most of whose zombies were located in Poland. This is somewhat unusual, as bot herders prefer to target Western countries like the United States, the United Kingdom, Germany, Italy, Spain, and France.

via Uncovered Spyeye C&C Server Targets Polish Users | Malware Blog | Trend Micro.

Everybody is welcome to participate to this intriguing challenge !

Below are the instructions of the challange :

The Challenge:
Analyze the attached sanitized_log.zip and answer the following questions:

1. Was the system compromised and when? How do you know that for sure? (5pts)
2. If the was compromised, what was the method used? (5pts)
3. Can you locate how many attackers failed? If some succeeded, how many were they? How many stopped attacking after the first success? (5pts)
4. What happened after the brute force attack? (5pts)
5. Locate the authentication logs, was a bruteforce attack performed? if yes how many? (5pts)
6. What is the timeline of significant events? How certain are you of the timing? (5pts)
7. Anything else that looks suspicious in the logs? Any misconfigurations? Other issues? (5pts)
8. Was an automatic tool used to perform the attack? if yes which one? (5pts)
9. What can you say about the attacker’s goals and methods? (5pts)

Bonus. What would you have done to avoid this attack? (5pts)

This is the website of the challenge where you can find any other detail.

Enjoy!

Here is  the demo

Bank thieves have rolled out a new weapon in their arsenal of tactics — telephony denial-of-service attacks that flood a victim’s phone with diversionary calls while the thieves drain the victim’s account of money.A Florida dentist lost $400,000 from his retirement account last year in this manner, and the FBI said the attacks are growing.

via Thieves Flood Victim’s Phone With Calls to Loot Bank Accounts | Threat Level | Wired.com.

My speech is planned for Wednesday 21th @ 16:00 , hope to see you there!

p.s. …hoping that my flight wont be deleted due to the volcanic ash :S

I will attend to the Italian Security Summit 2010 in Milan on March 18th, for the the challenge “Best Italian thesis about IS – 2009″.

I will present the The Dorothy Project as a work related to the honeynet chapter,showing all our last improvements.

Hope to see you there!

saludos