The Italian chapter of the Honeynet Research Alliance
We were able to further investigate a command-and-control C&C server of a SpyEye botnet, most of whose zombies were located in Poland. This is somewhat unusual, as bot herders prefer to target Western countries like the United States, the United Kingdom, Germany, Italy, Spain, and France.
via Uncovered Spyeye C&C Server Targets Polish Users | Malware Blog | Trend Micro.
The FC5: Log Mysteries has started last week thanks of the collaboration of Raffael Marty, Anton Chuvakin f and Sebastien Tricaud.
Everybody is welcome to participate to this intriguing challenge !
Below are the instructions of the challange :
The Challenge:
Analyze the attached sanitized_log.zip and answer the following questions:
- Was the system compromised and when? How do you know that for sure? (5pts)
- If the was compromised, what was the method used? (5pts)
- Can you locate how many attackers failed? If some succeeded, how many were they? How many stopped attacking after the first success? (5pts)
- What happened after the brute force attack? (5pts)
- Locate the authentication logs, was a bruteforce attack performed? if yes how many? (5pts)
- What is the timeline of significant events? How certain are you of the timing? (5pts)
- Anything else that looks suspicious in the logs? Any misconfigurations? Other issues? (5pts)
- Was an automatic tool used to perform the attack? if yes which one? (5pts)
- What can you say about the attacker’s goals and methods? (5pts)
Bonus. What would you have done to avoid this attack? (5pts)
This is the website of the challenge where you can find any other detail.
Enjoy!
Folks,
We would like to hope you all a nice summer holidays !
We will back at work on September releasing new updates about our current projects .
See you there!
Security researchers warn that multiple recent Zbot variants are using a forged digital signature in an attempt to bypass antivurs detection. Ironically the digital signature was copied from a ZeuS removal tool developed by Kaspersky Lab.
[..]
There have been isolated cases of digitally-signed malware before, but the practice never really took off, primarily because malware authors believed the effort doesn’t justify the benefits.
[..]
via Zbot Authors Forge Kaspersky Digital Signature – Copy it from ZeuZ removal tool – Softpedia.
Trusteer, the leading provider of secure browsing services, today announced that it has uncovered a large Zeus version 2 botnet being used to conduct financial fraud in the UK which is operated and controlled from Eastern Europe. The botnet appears to be controlling more than 100,000 infected computers, 98% of which are UK Internet users.
via Trusteer: Trusteer uncovers Zeus botnet that plunders over 100,000 UK Internet user credentials.
According to a newly published report by AVG, upon obtaining access to a mini ZeuS botnet dubbed Mumba, part of Avalanche group’s online operations, they found 60GB of stolen data such as, accounting details for social networking sites, banking accounts, credit card numbers and intercepted emails.
via Researchers peek inside a mini ZeuS botnet, find 60GB of stolen data | ZDNet.
Three-month-long investigation by CTU uncovers inner workings of Russian check counterfeiting operation. SecureWorks has notified and is working with law enforcement on this scam. SecureWorks has protections in place for both the Zeus and the Gozi Trojans which are utilized in this scam.
via Big Boss Check Counterfeiting Ring – Research – SecureWorks.
SecureWorks researchers uncovered the complicated operation in April when it discovered a unique variant of the well-known Zeus Trojan that targets Windows-based PCs. In addition to stealing login credentials, the Trojan established a virtual private network VPN connection from the infected computer to a remote server using the PPTP Point-to-Point Tunneling Protocol functionality in Windows and listened to a random TCP Transmission Control Protocol port in order to serve as a SOCKS proxy.
via Check counterfeiting using botnets and money mules | InSecurity Complex – CNET News.
Slovenian police have arrested four suspects over allegations that they developed the Mariposa botnet malware.
The arrests follow a joint investigation between the FBI and Slovenian police and come after the earlier arrest of three suspects in Spain, who are charged with distributing Mariposa and using it to hack into online bank accounts.
via Mariposa botnet suspects quizzed in Slovenia • The Register.
Trojan horses that were planted onto the victims’ computers would generate a fake error message and request that the victim re-enter the authorization code. This way, amounts up to €4,000 were transferred to money mules and thence to Eastern Europe.
via Slashdot Your Rights Online Story | Online Banking Trojan Stole Money From Belgians.
