Domain: seculert.com
Stories and comments across the archive that link to seculert.com.
Stories · 6
-
Analysis of Dexter Malware Uncovers Mystery Man, and Links To Zeus
chicksdaddy writes "The newly discovered Dexter malware is one of the few examples of a malicious program that targets point of sale terminals, but also communicates, botnet-like, with a command and control infrastructure. According to an analysis by Seculert, the custom malware has infected 'hundreds POS systems' including those operated by 'big-name retailers, hotels, restaurants and even private parking providers.' Now a detailed analysis by Verizon's RISK team suggests that Dexter may be a creation of a group responsible for the ubiquitous Zeus banking Trojan. By analyzing early variants of Dexter discovered in the wild, Verizon determined that the IP addresses used for Dexter's command and control were also used to host Zeus-related domains and several domains for Vobfus, also known as 'the porn worm,' which has been used to deliver the Zeus malware. Verizon also produced some tantalizing clues as to the identity of one individual who may be a part of the crew responsible for the malware. The RISK team linked the domain registration for a Dexter C&C server to an unusual online handle, 'hgfrfv,' that was used to post a number of suggestive help requests ('need help with decrypting a table encrypted with EncryptByKey') in online technical forums, where a live.com e-mail address was also provided. The account name was also linked to a shell account on the outsourcing web site freelancer.com, which lists 'hgfrfv' as an individual residing in the Russian Federation." -
Destructive Shamoon Malware Targets Energy Sector
An anonymous reader writes "A new spear-phishing attack targeting a number of specific companies in a few industries, including the energy sector, has been spotted by several security companies. Dubbed 'Shamoon' due to a string of a folder name within the malware executable, the attack ends up with delivering destructive malware on the targeted computers that ends up making them unusable. The interesting part of this malware is that instead of staying under the radar and collecting information, the malware was designed to overwrite and wipe the files and the master boot record of the computer." -
Ongoing Attacks Target Defense, Aerospace Industries
Gunkerty Jeb writes "Researchers have identified a strain of malware that's being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations. The attack campaign, as many do, appears to be changing frequently, as the attackers use different binaries and change up their patterns for connecting to remote command-and-control servers. The research, done by Seculert and Zscaler, shows that the attackers are patient, taking the time to dig up some information about their potential targets, and are carefully choosing organizations that have high-value intellectual property and assets (PDF)." -
Ongoing Attacks Target Defense, Aerospace Industries
Gunkerty Jeb writes "Researchers have identified a strain of malware that's being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations. The attack campaign, as many do, appears to be changing frequently, as the attackers use different binaries and change up their patterns for connecting to remote command-and-control servers. The research, done by Seculert and Zscaler, shows that the attackers are patient, taking the time to dig up some information about their potential targets, and are carefully choosing organizations that have high-value intellectual property and assets (PDF)." -
Next-Generation Banking Malware Emerges After Zeus
Batblue writes "The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation. What appears to be a beta version of a piece of malware that has bits of both Zeus and SpyEye is now in circulation, albeit among just a few people, said Aviv Raff, CTO and cofounder of Seculert. Seculert has published screen shots of the new malware, which has two versions of a control panel used for managing infected computers. One of those control panels resembles one in Zeus, and the other resembles that in SpyEye. Both of the control panels are connected to the same back-end command-and-control server, he said." -
Iranian Cyber Army Moves Into Botnet Renting
angry tapir writes "A group of malicious hackers who attacked Twitter and the Chinese search engine Baidu are also apparently running a for-rent botnet, according to new research from Seculert. The so-called Iranian Cyber Army also took credit last month for an attack on TechCrunch's European website. In that incident, the group installed a page on TechCrunch's site that redirected visitors to a server that bombarded their PCs with exploits in an attempt to install malicious software."