tag:blogger.com,1999:blog-4468738368865493112012-02-01T07:26:57.042-07:00The information shared on this site is part of several research sessions and, in most textbooks, provides information that can harm your system if handled improperly. The decision to share it's purely investigative and educational, considering also useful for the prevention of attacks by different threats.Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.comBlogger1681100tag:blogger.com,1999:blog-446873836886549311.post-30971667722823483522012-01-29T09:02:00.000-07:002012-01-29T09:02:54.656-07:00

The term "hierarchy" refers to an entity pyramidal action. Judging by the name of this new Exploit Pack of Russian origin, it seems that the author seeks to find its place within the criminal ecosystem, but all point to the feelings behind this is, above all, a beginner who seeks criminal more. However, despite being a package of more criminal exploitation within a vast range of alternatives,

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-79362680980978648512012-01-24T01:49:00.005-07:002012-01-27T20:40:47.516-07:00

Since October 2011 we watch this affiliate system. Money Racing AV, a private PPS (Pay-Per-Sale) affiliate who spread actively fake antispywares (rogue). We have already seen this gang active in August 2009: A recent tour of scareware XII.Advertising can be found on various russian underground communities: First contact with FTL (6 October 2011): [14:29:33] Load4sales: hello [14:30:02] mr:

Steven Khttp://www.blogger.com/profile/00282466473904820396noreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-2666951596682530622011-10-11T22:48:00.000-07:002011-10-11T22:48:56.237-07:00

Phoenix Exploit's Kit is a package with more continuity in crime scene crimeware. After all this tour is currently in the wild version 2.8 that, despite having a low activity since the last half of this year, remains one of the many Exploit Pack with greater preference for cyber-criminals. Perhaps this "slack time" to have your response in high demand now has another crimeware of this style,

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-56288140961654285512011-09-26T17:34:00.000-07:002011-09-26T17:34:44.960-07:00

The last week was held in Barcelona the NoConName security conference, and I had the pleasure of attending to give a security conference about Android. It talked about how to perform a dynamic analysis, static and forensic skip protection and release application along with our friend of MalwareIntelligence too, Ehooo, a small PoC reveals a vulnerability of Tap-Jacking. For those who could not

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-32021690226335932342011-08-18T14:37:00.001-07:002011-08-18T14:38:57.708-07:00

Since its appearance in September 2010, Black Hole Exploits Kit had a very positive insight into the criminal environment. Their life cycle is not over yet so it has developed a natural evolution, and so far there are three generations that exist "in the wild". Black Hole Exploits Kit was developed by who is known under the nickname Paunch. The main screen allows viewing of each component of

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-71118135139659083982011-06-30T17:45:00.000-07:002011-06-30T17:45:41.571-07:00

JAVA is one of the largest computer technology integration in the field of cybercrime because of its status as a "hybrid". This transforms Java platform in a highly exploited vector for the spread of all types of malicious code. Even the modern crimeware includes a battery of exploits created to exploit vulnerable versions of JAVA through Exploit Packs, and in fact, together with the PDF files,

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-33385158530203569562011-06-15T15:29:00.001-07:002011-06-15T15:32:41.025-07:00

The development of new technologies, in catching up with military interests and dependence on existing technology by developed countries, sets up a scenario where the cyber war, or war in cyberspace, is becoming more important. All countries aware of the risks of such dependence developed defense programs against attacks that could jeopardize critical national infrastructure. On the other hand,

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com2tag:blogger.com,1999:blog-446873836886549311.post-46272311804235811132011-04-03T14:45:00.000-07:002011-04-03T14:45:08.180-07:00

A few days ago I watched one of the training of BlackHat Webcast whose title is the same as used for this post, where people of M86Security was assigned to conduct a superficial talking about the main vectors of infection today. Putting focus primarily on Exploit Packs, and emphasizing time on the modus operandi of Phoenix Kit Exploit, Neosploit and Open Source Exploit Kit (a lot of impact

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-55929857802866524882011-02-22T07:51:00.000-07:002011-02-22T07:51:26.717-07:00

As many readers know, this means of information read at this time, was founded by Jorge Mieres in 2006. What you may not know is that several months ago, Jorge has decided to move away from the front of MalwareIntelligence, leaving us with complete confidence (one of the many qualities and characteristics of Jorge) the command of his legacy. For this reason, and through these few words, we want

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com4tag:blogger.com,1999:blog-446873836886549311.post-70930439211367242532011-02-18T21:58:00.000-07:002011-02-18T21:58:35.166-07:00

In early 2010, from MalwareIntelligence started researching a new botnet designed to agglutination of sensitive information relating to bank accounts, and theft of credentials to exploit a disturbing list of programs. NOTE: At the bottom of this article may find the link to download the complete white paper, called "Inside Carberp Botnet", which describes the various internal components that

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-43168669490072494932011-02-16T18:57:00.000-07:002011-02-16T18:57:42.210-07:00

Botnets Administration. A real case - ZeuS & SpyEye Malware networks continue to grow and parallel to, the potential risk of becoming victims of their criminal activities. Gone are those days where the main vector for malicious code distribution was made up of pages that promote pornographic and warez type programs. Today, malware is distributed through any kind of website as a key used to

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-26702562467218008342010-11-07T15:53:00.002-07:002010-11-07T15:57:33.176-07:00

Currently, the crimeware is widely exploited by individuals or criminal groups that seek to improve its economy so completely fraudulent using evasive and aggressive strategies.To MalwareIntelligence, the fight against cyber-crime has become his philosophy and primary objective, which make everyday a perfect excuse to address different research then channeled through one of their blogs.That is

Jorge Mieresnoreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-3816611316506505422010-10-06T09:42:00.000-07:002010-10-06T09:42:45.967-07:00

Without functional alternatives to renew in the package, a new version of crimeware Eleonore Exploit Pack. This is the version 1.4.4mod. Acces panel of Eleonore Exploit Pack 1.4.4mod While this version of crimeware is positioned as part of a set of alternatives whose number is constantly increasing due to the large range that currently exists in the area of crime, isn't very viable option for

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com2tag:blogger.com,1999:blog-446873836886549311.post-15524515581037653212010-10-01T05:07:00.003-07:002011-04-13T10:43:58.996-07:00

PEK (Phoenix Exploit's Kit) has become one of the most used by those who flood the Internet every day with different types of malicious code. Currently, a large amount of malware is distributed through this crimeware, which is also widely used for collecting information relevant to a botmaster. Earlier we mentioned how it looks inside version 2.1 and at the same time we said that from the

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com3tag:blogger.com,1999:blog-446873836886549311.post-70580384318720497462010-09-30T11:14:00.000-07:002010-09-30T11:14:48.419-07:00

Crimeware industry continues to grow through the development and implementation of new marketing packages pre-compiled exploits add to the supply of alternatives to facilitate criminal maneuvers over the Internet. In this case, it's Black Hole Exploits Kits, a web application developed in Russia but also incorporates for the English language interface, and the first version (beta at the moment)

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com23tag:blogger.com,1999:blog-446873836886549311.post-36286836657400313732010-09-09T21:15:00.000-07:002010-09-09T21:15:27.586-07:00

The business model that represent the affiliate programs through systems of the type Pay-per-Install is in full swing, being a fundamental part of criminal groups seeking to increase their economy. In this case, we have a new affiliate program called Black Software, which promotes the discharge of malware.  Black Software Access Panel This is a simple authentication process and conventional and

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-16260630796465877412010-09-08T12:26:00.000-07:002010-09-08T12:26:00.631-07:00

The crimeware is one of the most used by cyber criminals to gather intelligence enabling the identification of trends and customs around by people who use the Internet daily. This seeks to obtain relevant information on time and complete details of the victims who, further, they allow criminals to know about which factors to emphasize their "improvements" in the web application, and botmaster

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-36235038796755072002010-09-07T20:58:00.001-07:002010-09-07T20:59:14.371-07:00

myLoader is a web application that allows offenders to collect statistical information related to different factors and features on each of the infected computers. The crimeware is sold in the underground market at an average cost of $ 700. The botnet Oficla started their criminal activities at the beginning of 2010 and just the executable binary detected by antivirus engines as Oficla or Sasfis

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-17992638314235815582010-09-07T20:14:00.000-07:002010-09-07T20:14:57.754-07:00

BKCNET "SIA" IZZI, also known as or simply ATECH-SAGADE is an AS (Autonomous System) numbers in 6851, currently is one of the most active of crimeware through which are distributed daily a large amount of malicious code , besides being the control base for the accommodation of several C&C which feed the underground economy. Your geolocation is in Latvia and, as I mentioned on another occasion, "

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-20658166196880445632010-09-03T18:02:00.000-07:002010-09-03T18:02:27.256-07:00

Malware hides behind a business. Without a doubt, I believe that no one denies this claim. Day by day is an important flow of malicious code that, while general purpose have a story in its activities, seeking final feedback on the business behind through fraudulent mechanisms and strategies. One of the most popular business models is to pay a percentage of money given to those who successfully

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com5tag:blogger.com,1999:blog-446873836886549311.post-13579494678077869562010-08-30T19:49:00.000-07:002010-08-30T19:49:22.891-07:00

Generally cheating strategies designed for the dissemination of false antivirus (AV Rogue) consist of online simulation of a scan for malware, showing an interface that mimics Windows Explorer and which always face the same threats, including when using operating systems other than Windows. Conventional strategy of deception This is one of the many templates. It shows a supposed scan to verify

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-27053371063157231982010-08-18T10:01:00.000-07:002010-08-18T10:01:09.308-07:00

Criminal alternatives grow very fast in an ecosystem where day to day business opportunities are conceived through fraudulent processes. In this sense, the demand for resources for the cyber criminal isn't expected and is constantly growing. Generally I find new crimeware looking to get a place and a good acceptance in the virtual streets of the world underground, trying to reflect a balance on

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-61230293155059074972010-08-15T20:37:00.000-07:002010-08-15T20:37:02.908-07:00

Affiliate programs are a growing business model more profitable for criminals and create a complete circuit of spreading / malware infection among many other alternatives, encouraging its customers with a percentage of money they get in terms of success their own business. One of the systems with greater uptake in this business model is provided by the facility payment, Pay-per-Install, where

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-76203735916197440262010-08-11T17:30:00.002-07:002010-08-11T17:33:21.230-07:00

One of the most profitable businesses in the area computer crime, what are the affiliate programs. These are systems which adhere offenders an economic return for a commission, as in this case, for each successful installation of malware that takes place through the system distributed.  VIVA INSTALLS, belonging to the same criminal group that is facing HAPPY INSTALLS, is one of them. This system

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-41173105179688659302010-08-09T08:00:00.000-07:002010-08-09T08:00:35.031-07:00

Phoenix Exploit's Pack (PEK) is another crimeware programs more widely accepted within the online criminal ecosystem, whose use in the past week massifies spreading a large amount of malware.Executable binaries that are part of the campaign so far is active, spread under the default name of the executable that incorporates the package, called exe.exe. Some of the executables that are part of this

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-48356410084520536592010-07-25T10:45:00.000-07:002010-07-25T10:45:46.871-07:00

After several months without news of Koobface, at least on typical propagation using as cover to attack the classic fake YouTube screen, is back with another season of propagation. This time, its spread continues through visual social engineering, but not in the template of course YouTube video but uses a page with pornographic content. As shown in the catch, when you attempt to access any of

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-74044773856636342972010-07-16T20:30:00.000-07:002010-07-16T20:30:20.362-07:00

Defacing attacks, generally attributed to the activities of hacktivism and often called "script kiddies" (although now I think what best describes this kind of bad guys is: aspirant to criminals), passed the criminal background as a sort of whim or complaint against some exploit's pack who have certain vulnerabilities and has already begun to see some examples. However, this does not cut the

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-91599797886997746662010-07-11T15:55:00.004-07:002010-07-16T20:33:45.821-07:00

In recent years the phenomenon Cloud Computing has become a real turning point as far as information security is concerned, the main focus of controversy does not pass both protection mechanisms that can reach their architectures implemented on but more round about the lack of trust still exists on who should take the decisions necessary to implement this style services. However, undoubtedly, for

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-52108281554964898292010-07-04T08:13:00.002-07:002010-07-04T15:48:31.312-07:00

Phishing attacks are increasingly common and are no longer confined as in the beginning to use as cover only banks, and any service offered over the Internet and requires username and password, sooner or later will be grounds target for criminals. PayPal isn't a new service and was one of the first to offer e-commerce services, whose image is one of the most commonly used for phishing. Starting

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-8391607299909251802010-07-03T19:17:00.000-07:002010-07-03T19:17:35.903-07:00

In a recent survey, Francisco Ruiz, Crimeware Researcher of MalwareIntelligence, broke through the security barriers of a new recruit crimeware designed to automate the running zombies and mass and scale of cyber crimes that are carried out using a vector of attack committed teams as part of the botnet. These BOMBA, which is accessed via web and which authentication system is based only on the

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-62775307183132108792010-06-29T21:32:00.000-07:002010-06-29T21:32:14.583-07:00

DDoS attacks are not a trivial problem, and various web applications in this style, such as BlackEnergy have been used to run campaigns of massive attacks, in the case of BE during the conflict between Russia and Georgia. The impact of such threats is extremely critical, and under this flag in the circuit enters the business that is channeled through crimeware, a web application called n0ise Bot

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-90075182919569528382010-06-26T16:07:00.001-07:002010-07-03T19:18:33.507-07:00

If you 5/6 years ago we were talking about control and centralized management of botnets (C&C) via http, when the massive operating botnets through IRC channels, it was seen as a trend. After the first appearance of the odd kit, demand began to be high but the supply was poor. However, despite having spent several years, today continue to set trends in crimeware and demand remains high but with

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-7955848690693688952010-06-23T20:27:00.000-07:002010-06-23T20:27:07.799-07:00

Undoubtedly the crimeware rate exploit pack and malware kit, whether these general purpose, such as ZeuS or as RussKill particular purpose, have become the creme de la creme of computer crime and synonymous with the easy for cybercriminals. Based on this, one of the fastest growing crimeware over the past six months is Eleonore Exploit Pack. He is currently on the lips of many would-be cyber

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-4718625252377353122010-05-28T09:32:00.004-07:002011-04-13T10:44:28.309-07:00

Siberia Exploit Pack is a crimeware, evolution of Napoleon Exploit Pack, which we've done a brief description on another occasion. However, since the time of that description to this day, the landscape has expanded its developer. In this regard, and while it ends up being one of the bunch, the interesting thing about this crimeware is information provided by their panel of statistics (

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-25258865118294443062010-05-24T08:46:00.003-07:002010-05-24T08:48:12.056-07:00

Recently, the legendary video game PAC-MAN has completed 30 years of existence and Google has launched a campaign in his honor by placing a banner that allows even play. However, Google not only benefits from this but also cyber-criminals, who saw in this campaign a new opportunity to attack and have launched another campaign, but the spread of malware through BlackHat SEO (also called SEO

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-34582376040896432802010-05-19T08:10:00.002-07:002010-05-19T19:47:07.533-07:00

CRiMEPACK exploit pack is a widespread and accepted in the crime scene in this area came under the slogan "Highest Lowest rates for the price". He is currently In-the-Wild 3.0 version is being developed as alpha (the first of this version). That's, is in the middle stage of evaluation, perhaps in the next few days will go on sale in underground forums, at which time it will know your actual cost

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-90665103300338666992010-05-04T17:13:00.001-07:002010-05-04T17:24:38.723-07:00

A-Fasta Antivirus91.188.59.112a-fast.com Latvia Riga Sagade LtdAS6851 - BKCNET "SIA" IZZI12/40 (30.00%)79.135.152.155sys-defender.comantispyware-system.com Latvia Colocation HostingAS2588 - LATNETSERVISS-AS LATNET

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-22393241665971934692010-05-03T07:32:00.000-07:002010-05-03T07:32:22.594-07:00

Currently running a major phishing campaign aimed at users in Argentina who use the services of the mobile phone company Claro. The following image is a screenshot of the attack: The strategy is the user trying to deposit the information in your credit card in the fraudulent when you want to buy credits on your cell phone. When the user falls into the trap and supposedly when processing the

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-16493708384124077902010-04-30T19:38:00.001-07:002010-04-30T19:40:01.669-07:00

Desktop Security 2010204.12.223.187 United States Kansas City Krutik Serversdesktopsecurity2010win.comcertifiedsecureprocessingpayments.comns1.startsecureplace.comns2.startsecureplace.comstartsecureplace.com91.121.45.67 France Ovh Sasglobal-d-security.comlevel1-antivirus.commax6antispyware.commega1-scanner.commega2-scanner.commega6-

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-18625328692859375212010-04-26T14:05:00.001-07:002010-08-14T10:03:54.879-07:00

Financial and banking institutions HSBC http://www.publimovilradio.com/modules/IBlogin.html http://favre-4.fr/xd881/index2.html?hsbc.co.uk/1/2/HSBCINTEGRATION/CAM10;jsessionid=0000GE8AijuUV604QIMQn-iQJDM:11j74lld0?IDV_URL=hsbc.MyHSBC_pib http://66.179.18.171/lib/support/templates/CVS/1/Login/2/User/ID/HSBC/SessionID/Submit/IBlogin.html http://mangiaonthird.com/ww/xx/CAM10.php?idv_cmd=idv.Logoff&

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-15009883251091612312010-04-19T01:30:00.002-07:002010-04-19T18:02:32.379-07:00

Updated 19.04.2010A new wave of domain scam employed by the IRS ZeuS ahead. So far we have detected only a few, but we believe that in the coming hours will begin to appear much more in the crime scene of this old strategy used by ZeuS.The domains, as usual, have the following structure:irs.gov.rewsserr.eu/fraud.applications/application/statement.phpFrom where you try to download the binary ZeuS

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-19269200334824963102010-04-18T14:10:00.002-07:002010-04-18T14:53:00.027-07:00

In this post we'll try to run Aurora as non-administrative user, and debug ad_1_.jpg which used by the attackers right after the attack. Well, I was very curious about other files in the attack, after not able to unpack the msconfig32.sys, and thought, maybe other files will give me clues on msconfig32.sys and might give me a way of unpacking it. I've looked into USCERT advisory regarding the

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-14934928755951198662010-04-03T10:47:00.004-07:002010-04-04T04:37:24.183-07:00

Financial and banking institutionsHSBC (http://www.hsbc.com)http://www.ellerencontre.com//forum/add/verify/HSBCINTEGRATIONCAM10jsessionid=00001DwpIt0wIyX1arHd6K8mQB6URL=hsbc.MyHSBCpib/hsbc/1.php?jsessionid=CAM10:jsessionid=0000RcSVT4vYF7HNB8AsppR8HRo:11j71fovq?IDV_URL=hsbc.MyHSBC_pibhttp://www.mygrowshop.com/GiantSolutions/includes/hsbc.co.uk/HSBCINTEGRATIONCAM10;js/Register%20forInternetBanking/

Jorge Mieresnoreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-64984142589594870502010-04-02T23:26:00.002-07:002010-04-02T23:32:47.548-07:00

The website of the Brazilian film tells the story of capoeirista Besouro, very good by the way :-), has been violated and contains a clone of the PayPal website.Previously we mentioned that the website Hooters Germany had been the victim of a similar attack.In this case, as we see, the site has set up a blog on WordPress and this is perhaps the weak point through which managed to upload illegal

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-62183964280451317252010-03-30T20:00:00.002-07:002010-03-30T20:09:24.512-07:00

As the Author says "Strike botnet is a new advanced http based botnet with which you can literally control thousands of computers at the same time, without them even noticing."The gradual increment in botnet developing is intresting, and this time "SqUeEzEr" (Scott Van Dinter, a Young boy of 18 years old, as some of his online profiles say) comes into the scene with a botnet developed in VB6,

Jorge Mieresnoreply@blogger.com11tag:blogger.com,1999:blog-446873836886549311.post-7341971876588315222010-03-28T19:14:00.002-07:002010-03-28T19:28:56.636-07:00

Hooters is a restaurant chain that has branches in a number of countries. At Wikipedia you can read more about what these particular food outlets, who granted one knows what I mean, and who has not had the opportunity to visit a hooters ... don't know what is lost ***comments in parentheses * *** :-)The point is that the website of hooters Germany was committed to a phishing attack against the

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-10764814580212463802010-03-28T05:56:00.000-07:002010-03-28T05:56:00.166-07:00

The supply and demand in terms of alternatives crimeware continues to grow, and in recent months some alternatives have emerged, including iPack and GOLOD.GOLOD charger is a resident (resident loader) written in C ++ and of Russian origin who tries to insert into the crime scene at a cost of USD 500 for their implementation in the domain of the buyer, plus USD 675 in case of acquisition with a

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-6915067202740650422010-03-27T07:01:00.001-07:002010-03-27T07:05:05.279-07:00

Economically-financial and banking institutionsHSBC (http://www.hsbc.com)http://210.116.103.118/~kardex/gnuboard4/bbs//hsbc/1.php?jsessionid=CAM10:jsessionid=0000RcSVT4vYF7HNB8AsppR8HRo:11j71fovq?IDV_URL=hsbc.MyHSBC_pibhttp://www.restoretherepublic.com/wp-content/bank/images/online.htmlhttp://72.16.130.62/.www.HSBC.co.uk/1.php?jsessionid=CAM10:jsessionid=0000RcSVT4vYF7HNB8AsppR8HRo:11j71fovq?

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-10328796176302088032010-03-19T10:36:00.008-07:002010-03-19T11:29:03.779-07:00

First of all, I'd like to thank MalwareIntelligence where I write as a researcher for getting me this precious file. In the Aurura attack, 1 .sys file had been used, called : msconfig32.sys. I was pretty curious about what does this driver do, and why no one else in the world had analyzed it. It had been a terrible journey to get the file. No one had it. No one wanted to share it. I was pretty

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-34332630463126541442010-03-15T23:12:00.001-07:002010-03-15T19:18:52.839-07:00

Updated 15.03.2010New domains have been released and has multi-stage attack whereby you chain multiple websites with malicious content.The last download a binary called update.exe (19d9cc4d9d512e60f61746ef4c741f09) which is a variant of the trojan ZeuS, which has a high detection rate.The sequence is as follows:Original 14.03.2010At this point the "circus", no doubt, as I always say, that ZeuS is

Jorge Mieresnoreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-82303060255633820772010-03-12T19:44:00.001-07:002010-03-12T19:45:03.152-07:00

Zynga is a virtual game developer that has a wide repertoire of games in flash, allowing fun with them even through some social networks like Facebook, MySpace and Tagged, among others. Recently Zynga image is being used as a phishing campaign animation using as cover some of the games that the company offers. The domains involved in the campaign are: claimpokerbonus.t35.com/zynga_poker/

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-83296091037904327572010-03-07T13:48:00.003-07:002010-03-07T13:58:07.030-07:00

In a recent investigation, we discovered a Oficla botnet, also known as Sasfis in nomenclature of some antivirus companies, with a significant amount of zombies recruited in 48 countries, demonstrating the connotation scale represents the same on stage crimeware.The base command and control (C&C) of this botnet Oficla is maintained through crimeware myLoader (costing in the underground market is

Jorge Mieresnoreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-35553275487364555902010-03-06T19:37:00.003-07:002010-03-06T19:42:16.430-07:00

myLoader is another alternative with which cyber criminals have for the management and administration of botnets. Its lifetime is about one semester, but most activity is being managed in the last month of the first quarter of 2010.It has a minimalist interface but with gathering data that is returned in an orderly manner through intuitive graphical whereby we obtain the state of the controlled

Jorge Mieresnoreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-14523727416967587212010-02-28T14:42:00.005-07:002010-03-01T20:51:23.725-07:00

Financial & Banking Institutions Canada Trusth (http://www.tdcanadatrust.com/) http://www-tdcanadatrust-com.epage.ru/td-bank-index.html Citigroup (http://www.citigroup.com) http://www.alanmetauro.com/home/online.citibank.com/US/JPS/portal/Index.do.htm?F6=1&F7=IB&F21=IB&F22=IB&REQUEST=ClientSignin&LANGUAGE=ENGLISH CUA - Credit Union Australia (http://www.cua.com.au) http://www.colconkproducts.com

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-23969571804321181682010-02-23T20:23:00.004-07:002010-03-01T20:52:59.767-07:00

A new strategy proposed by ZeuS phishing active. Previously we mentioned that the trusted entities used as part of the plan of Zeus infection and fraud involving the IRS, VISA and Facebook. Coverage now focuses its efforts on using the name of Google and Blogger. Some of the domains used are: http://www.google.com/update/VE.php?service=blogger http://www.google.com/update/VE.php --> annieliu@

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-7506354908912276532010-02-20T16:18:00.005-07:002010-03-01T20:53:23.570-07:00

Updated 21.02.2010 More active domains belonging to the same phishing campaign against users of VISA. The domains are: reports.cforms.visa.com.desz.kr/secureapps/vdir/cholderform.php reports.cforms.visa.com.desz.ne.kr/secureapps/vdir/cholderform.php reports.cforms.visa.com.desz.or.kr/secureapps/vdir/cholderform.php reports.cforms.visa.com.ersm.kr/secureapps/vdir/cholderform.php

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-72561244744807478882010-02-19T12:01:00.003-07:002010-03-01T20:57:11.123-07:00

In recent weeks, SpyEye (a new financial trojan) has been the talk of many for the positive acceptance was so in the underground scene due to its balance about cost/benefit, and the great impact that achievement to whiten the features in its latest version that allows systems to eliminate the activities of your competition: ZeuS. Our previous report, “SpyEye. Analysis of a new crimeware

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com2tag:blogger.com,1999:blog-446873836886549311.post-54103118339994627352010-02-16T06:00:00.003-07:002010-03-01T20:54:41.878-07:00

HSBC http://www.silverstoneincense.com.au/IBlogin.html http://www.buyitdirect.co.nz/images/indexx/hsbc/1.php?jsessionid=CAM10:jsessionid=0000RcSVT4vYF7HNB8AsppR8HRo:11j71fovq?IDV_URL=hsbc.MyHSBC_pib http://delthelboi.net/COsutmer/COsutmer/hsbc/1.php?jsessionid=CAM10:jsessionid=0000RcSVT4vYF7HNB8AsppR8HRo:11j71fovq?IDV_URL=hsbc.MyHSBC_pib http://woorizip1004.net/zboard/icon/IBlogin.html http://

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-55484246826213072132010-02-13T13:01:00.009-07:002010-03-01T20:55:15.058-07:00

As usual, the social engineering techniques are a fundamental pattern for attacks of any kind and magnitude. From this perspective, any news in a few minutes covering the media more important globally, or any event whose importance is known to people from all over the world, is an object in power to exploit his image with fraudulently the intention of spreading malware. The Olympic Games 2010

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-5989033605650447702010-02-12T15:32:00.003-07:002010-03-01T20:55:31.014-07:00

In one of our most recent posts have published a series of links to phishing pages against various entities. Today we will analyze one of them, an attack aimed at Wachovia bank customers. To this end, we got the full kit and have begun to analyze the files contained in it. Basically there are a few files PHP, HTML, various images and three style sheets. If we look at one of the php files:

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-10373724820161003012010-02-10T15:07:00.006-07:002010-03-01T20:57:24.572-07:00

Earlier this year saw the light in the underground black market that moves the axes of crimeware, a new application designed to provide feedback for criminal and fraudulent business. This application, called SpyEye, is aimed at facilitating the recruitment of zombies and managing your network (C&C - Command and Control) through management panel via the web, from which it is possible to process

Jorge Mieresnoreply@blogger.com2tag:blogger.com,1999:blog-446873836886549311.post-2573486808304606452010-02-08T22:19:00.003-07:002010-03-01T20:56:19.619-07:00

Phishing responds to a purely criminal activity, part of the circuit that drives the illegal business of crimeware, designed to steal money using the sensitive and private information from users that criminals obtained through non-sacred activities. Therefore, as a preventive measure, it's important not to allow access to the domains that host usually banks cloned pages, webmail and any other

Jorge Mieresnoreply@blogger.com4tag:blogger.com,1999:blog-446873836886549311.post-41128581720885813872010-02-05T23:21:00.002-07:002010-03-01T20:56:52.899-07:00

Jorge Mieres Blog Research on security, crimeware, botnets, intelligence and criminal activity involving any programs and/or harmful actions. http://jorgemieresblog.blogspot.com

Jorge Mieresnoreply@blogger.com4tag:blogger.com,1999:blog-446873836886549311.post-18339091215964402452010-01-28T10:48:00.004-07:002010-03-01T20:58:13.124-07:00

The exploitation of vulnerability now represents one of the highest infection strategies used in the stage of crimeware and exploits while allowing exploit weaknesses aren't a new concept, the fact is that more and more notorious actions. In fact now continue to be exploited, especially through exploits pack, a large number of vulnerabilities that many have been settled more than two years ago.

Jorge Mieresnoreply@blogger.com2tag:blogger.com,1999:blog-446873836886549311.post-23402708554716174102010-01-28T04:00:00.001-07:002010-03-01T20:59:11.128-07:00

In light of all the recent financal trojans here are two examples of what ZeuS-bots have modules for. These modules are recording form info and keystrokes from user' logging into Bank of America and Paypal. Both of these screenshots are examples of the capabilities of the newer ZeuS-bots out there. This and keylogging opens the bank vault for these organized groups operating around the world.

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-24062668928189901452010-01-27T05:46:00.001-07:002010-03-01T20:59:34.200-07:00

SpyEye, a bot which first’s release was on January’s 2 of this year, is a "fresh" malware of interesting features, which has a considerable fast development, being on its 1.0.65 version at the moment. It was written almost in its entirety on C++, and the binary file has a size of 60kb approximately. It works from Windows 2000 to Windows 7, and it runs on ring3 (something that possibly makes it

Jorge Mieresnoreply@blogger.com2tag:blogger.com,1999:blog-446873836886549311.post-17569001062756060242010-01-25T12:49:00.005-07:002010-03-01T20:59:57.543-07:00

We were able to analyze a pack to make zombies of ZeuS at spammers through social networks. Specifically, the module is analyzed developed for use in Vkontakte.ru, the Russian clone of Facebook. This crimeware has been created by someone calling himself Deex of Freedomscripts Team and sold for the modest price of USD 100 (via WebMoney).The pack includes several configuration files, which make it

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-23614702060143190972010-01-18T06:07:00.003-07:002010-03-01T21:00:15.406-07:00

As many readers know, since we have been researching Malware Intelligence direct implications of all this new generation of malicious code and criminal activity that daily feed back the business of crimeware. Under this premise, the researchers focused their efforts on trying to reveal the different branches that are entangled with each other in a tangle of illegal actions aimed mainly to get

Jorge Mieresnoreply@blogger.com2tag:blogger.com,1999:blog-446873836886549311.post-61744598415842170962010-01-16T17:53:00.004-07:002010-03-01T21:00:34.874-07:00

Undoubtedly, the business that is currently crimeware expands every day. Not only this aspect is reflected in the professionalization on the development and operation of various computer applications and technologies used to commit crimes and attacks via web, but also on sales strategies that are used to channel the attention of a greater volume of restless minds, who collect stealing money from

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-38786074000681406282010-01-09T08:02:00.004-07:002010-03-01T21:02:08.247-07:00

This is the first release of an exploit pack to monitor a particular purpose botnets alled Napoleon Sploit, which launched the underground market crimeware in August 2009. Due to his premature and low status of "complex Exploit Pack" when compared with others of its style, is low cost and in fact had no impact on the underground circuit sales, although it's still for sale at a cost USD 299 can

Jorge Mieresnoreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-85700293244386716182010-01-09T07:58:00.003-07:002010-03-01T21:02:29.140-07:00

Anti-Virus Live 2010 = Anti-Virus Elite 2010, ErrorClean y NoAdware MD5: c50dc619e13345dec2444b0de371dfd4 IP: 204.232.131.12 204.232.131.14 United States Hoboken Noadware.net Domains associated antivirus-live.com Result: 9/41 (21.95%) NoMalware IP: 88.214.204.221 - 72.9.100.114 United Kingdom Hosting Solutions Ltd United

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-71228503518731878412010-01-05T04:23:00.003-07:002010-03-01T21:02:51.548-07:00

"Crimeware in 2009" presented in one document all that was channeled through this blog during the year in question on crimeware and associated hazards. There are a total of 262 pages and is divided by the most relevant topics that describe the criminal activities that were a source of news on this blog. Has two indices for getting the news in a simple (content) and another on the images (image

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-15702179484923683752010-01-04T04:23:00.002-07:002010-03-01T21:03:07.343-07:00

Since launching the first version in June 2009, Eleonore Exploit Pack has a major impact in the criminal field, both from the demand to get the Exploit Pack because of its cost competitive compared to similar web applications, as its high rate of activity. It currently has a repertoire of 6 (six) versions, the last being 1.3.2, recently appeared on the scene underground at a cost of USD 1000.

Jorge Mieresnoreply@blogger.com2tag:blogger.com,1999:blog-446873836886549311.post-59306879592015960672010-01-03T04:22:00.001-07:002010-03-01T21:03:24.488-07:00

The business models offered by cloud computing are not new. Even many services currently offered under this banner have a model already established long ago in the market. However, the Cloud Computing concept in itself that we know today responds to a sharply inclined orientation to generate business leveraging the Internet as infrastructure, which in a highly competitive market enjoys certain

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-83714935567950221882010-01-02T04:59:00.002-07:002010-03-01T21:03:46.666-07:00

The trojan waledac in charge of recruiting zombies for a botnet dedicated to feed spam, recently returned to give notice as an excuse to use the new year 2010. However, their fraudulent activities dating from 2007 when he was known under the nomenclature of storm, and since then, this family of malware has taken advantage of social engineering as the main strategy of propagating different

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-81968762377678176272010-01-01T16:58:00.004-07:002010-03-01T21:04:08.005-07:00

After a long period of inactivity, the botnet consisting waledac again deploy a strategy of infection using the pattern that characterizes it: Social Engineering, that this time advantage as cover the beginning of the new year. Latest waledac campaigns dating from the middle of the year when propagation strategy used pretended to be a video on Independence Day in the U.S., hosted on YouTube. In

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-72850078038152802902009-12-29T17:51:00.003-07:002010-03-01T21:04:33.478-07:00

Fraudulent activity they related to each other through "associates" of business in which each cell officiates as an intra-organizational structure, complementing a company engaged in such illegal activities. In this sense, the rogue (also called scareware), has a significant amount of "affiliates" who are responsible for the distribution of malicious code. In fact, a recent study by the FBI

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-20435113396134739512009-12-27T17:05:00.002-07:002009-12-27T17:18:51.322-07:00

One of the strategies used by the propagators of scareware (rogue) is trying to attract users' confidence through "evidence" allegedly made by people who have already acquired the "solution" and that they express through his "great satisfaction by the same".Yet we know very well that only part of a scam that seeks to complement the overall strategy of propagation/infection, and that if we install

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-77238671301880213522009-12-25T19:44:00.004-07:002009-12-25T19:59:32.714-07:00

Siberia Exploit Pack is a new package designed to exploit vulnerabilities and recruit zombies original, as is easy to deduce from its name and as is customary in this area crimeware clandestine business in Russia. It was released almost together with RussKill, a particular purpose botnet also emerging.For now, the sale of Siberia Exploit Pack is closed. The versions that are shared in some

Jorge Mieresnoreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-31639242315676822842009-12-24T12:02:00.003-07:002009-12-24T12:20:46.815-07:00

Generally one has the false belief that malicious code is trivial that any technical problems solved by just formatting the system or acquire any of the known anti-malware market offers today.However, on the one hand, the reality is that behind the development of malware hides a very large business in which every day must be added more "associates". Moreover, what happens when we plan to buy this

Jorge Mieresnoreply@blogger.com1tag:blogger.com,1999:blog-446873836886549311.post-88130152138196537812009-12-23T22:38:00.002-07:002009-12-23T22:44:44.413-07:00

Doctor AlexMD5: 4f2bdddc4b71a428ec2e964cfed9f11aIP: 69.89.20.48 United States Provo Bluehost IncDominios asociadosdoctor-alex.comResult: 7/40 (17.50%)Safety Anti-SpywareMD5: 848aea51e9d26089982c9b820c2ea4baIP: 212.117.177.18 Luxembourg Luxembourg Root EsolutionsDominios asociadossafetyantispywareshop.comResult: 1/41 (2.44%)Antivirus

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-918157802468532042009-12-15T20:08:00.003-07:002009-12-17T18:03:25.245-07:00

Conceptually speaking, a DoS attack (Denial of Service attack) is basically bombarded with requests for a service or computer resource to saturate and the system can not process more data, so those resources and services are inaccessible, "denying" the access to anyone who wants them.From the standpoint of computer security, Denial of Service attacks are a major problem because many botnets are

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-27497990562611606752009-12-09T10:31:00.000-07:002009-12-09T10:31:00.236-07:00

It's increasingly common for research processes we find that on the same server are housed, "operating" actively, several crimeware Exploit Pack type from which control and manage the zombies that are part of his fraudulent business .A while ago we commented on ElFiesta and ZeuS coexisting in the same environment, and meet the same objectives.This time, the merger is between Fragus (an

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-69698247631369642422009-12-05T08:55:00.000-07:002009-12-05T10:45:45.160-07:00

Disinformation is basically distort or manipulate the information so that the recipient end believing something completely untrue, and which the originator obtains an advantage. For example, the rumor is a tool used in the campaigns of disinformation. In turn, misinformation is a tool that provides useful information in a timely manner (Intelligence).Transferred this concept to the computer field

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-55926942493862411562009-12-04T19:11:00.003-07:002009-12-04T19:19:45.115-07:00

Fragus is a web application developed for the management of zombies, of Russian origin, who long to live has been inserted crimeware clandestine market with an affordable price (USD 800) if we consider criminal capabilities it offers.The crimeware is basically composed of five sections: Statistics, Files, Sellers, Traffic links and Preferences. Each handles a specific task and they all complement

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-75604396201781692702009-12-01T20:07:00.002-07:002009-12-01T20:12:08.180-07:00

A massive campaign to spread the worm is Koobface In-the-Wild using blogs as a strategy generated from the Blogspot service.Koobface has become a nightmare for social networks and even though its propagation strategies do not change, this malware is almost two years of activity with a significant rate of infection, making it one of the largest botnets today.Blogspot domains used as cover for the

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-42717569823555993102009-11-29T17:35:00.005-07:002009-11-30T11:20:05.910-07:00

Crimeware industry still rising, and just as illegal marketing of web applications that seek to automate the process of infection through the exploitation of vulnerabilities. This time, the proposal called JustExploit. This is a new Exploit Pack of Russian origin who has a seasoning that is increasingly being taken into account most heavily crimeware developers: the exploitation of

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-26495818655933968362009-11-26T04:15:00.003-07:002009-11-26T04:15:00.176-07:00

One thing of concern to the creators/distributors of malware is whether the virus is able to detect their binary and thus ruin their economic plans.One possible way to test the detection capability of these binary antivirus is up to sites like VirusTotal, which to date, using 41 different antivirus engines.The big problem is that these sites often work in collaboration with antivirus companies,

Jorge Mieresnoreply@blogger.com4tag:blogger.com,1999:blog-446873836886549311.post-30453022736892834962009-11-24T05:25:00.001-07:002009-11-24T05:26:33.787-07:00

During this month remember having breakfast with a piece of news for many media seem to be new or exclusively connected with some Hollywood films, giving it a connotation of "amazing." I refer to espionage through computerized means. Then leave a screenshot of the news, in which it's evident that the malicious code are also part of the operations of intelligence in different contexts, both from a

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-91184896790462043282009-11-22T09:18:00.004-07:002009-11-22T09:44:50.597-07:00

An attack by Denial of Service (DoS) consists basically of abuse of a service or resource by successive requests, either intentional or negligent, which eventually break the availability of such service or resource temporarily or completely.When this type of attack is performed using the processing power of an important set of computers carrying out the abuse of requests synchronously, we are

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-35873760111211761232009-11-18T18:18:00.001-07:002009-11-18T18:18:27.181-07:00

Virus Protector = AntiAID, SystemVeteran, BlockProtector, SystemWarriorIP: 85.12.25.111, 83.233.30.66 Netherlands Eindhoven Web10 Ict Services Sweden Stockholm Serverconnect I NorrlandDominios asociadosantiaid.comblockkeeper.comblockprotector.comsystemveteran.comPope Green DefenderIP: 99.198.98.217 United States Chicago

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-16419816239513398742009-11-15T14:51:00.002-07:002009-11-15T15:01:31.214-07:00

T-IFRAMER is a package that allows you to automate, centralize and manage via http the spread of malicious code via code injection sites violated viral techniques using iframe, and feed a botnet. We then see a screen capture of authentication.While there is a complex kit allows computer criminals manage the spread of malware via the http protocol type attacks using Drive-by-Download and

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-1144372719338638872009-11-06T19:44:00.001-07:002009-11-06T19:45:57.192-07:00

Those who read the post about the project called crimeware Quad System, recall that between paragraphs said not knowing the cost of private version of this application for the control of botnets, for Windows platforms to GNU/Linux platforms.The thing is ... for things of life itself ... the developer of these particular projects designed in Perl, called cross, was finished with his exploits

Jorge Mieresnoreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-1735102370364464872009-08-29T06:57:00.001-07:002009-08-30T14:32:51.047-07:00

The development of crimeware is increasingly open. Its creators are constantly searching for malware implement in the evasive mechanisms increasingly effective with minimal resource impact on the team not only arbitrary but also controlled the servers that host them, and there are now a range of alternatives ranging from really important "products" payments to free. In this sense, at some point

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-6164782317772044112009-08-24T07:19:00.005-07:002009-08-30T14:34:02.895-07:00

More domains, IP addresses and related hosting malicious code type scareware (rogue) that during this month are spreading threats. As always, the recommendation is to block these addresses and domains. Antivirus Security MD5: db924706a824c5c43feebbe6a781d1ba IP: 84.16.237.52 Germany Berlin Netdirekt E.k Domains associated best-antivirus-security .com Result: 29/41 (70.73%

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-84796493268912806332009-08-17T14:05:00.046-07:002009-08-30T14:47:04.986-07:00

The development of web applications-oriented botnets control and management through the http protocol, is at an advanced level by the underground community of Eastern Europe, particularly from Russia, where cyber criminals constantly flood the market crimeware clandestine marketing packages as Eleonore, ZeuS, ElFiesta, Adrenaline, and many others. However, this business model that is already

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-27133368860420962322009-08-15T14:54:00.005-07:002009-08-30T16:22:19.900-07:00

A new web application written in php and developed as a delivery system exploits, malware and control spread of botnets, has entered the illegal market in crimeware promising to be one of the most exploited. This is Fragus v1.0, which has joined from July 2009 to the long list of applications of this kind that seek to corner the black market. Its development is originated in Russia and is

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-8059266465114118222009-08-14T16:22:00.001-07:002009-08-30T16:30:43.905-07:00

The black market controlled by cyber-criminals continues to create products 'competitive' in a business where the low cost of crimeware mark and justify its widespread use. In this sense, botnets are benefited by the development of web applications designed to make his administration an easy and intuitive; also constantly feed the criminal process to which they belong. Another alternative is to

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-23402146865972863792009-08-12T16:31:00.002-07:002009-08-30T16:35:19.839-07:00

Criminal activities of which are fed daily cyber criminals through a business model implemented by themselves, are channeled through the underground market that offer "services" more professionals to suit the needs of cyber -organized crime. Consequently, every day there are new crimeware applications to enhance the economics of cyber-criminals, whatever the role in the criminal chain. Some of

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0tag:blogger.com,1999:blog-446873836886549311.post-89183168313851885352009-08-08T16:34:00.004-07:002009-08-30T16:42:45.140-07:00

TRIAD is a web application designed to monitor and manage botnets by using GNU/Linux and MS Windows via the http protocol and of which we have discussed recently. It's part of an even more ambitious project by its author (who calls himself "cross"), called Hybrid Remote Administration System and which we will talk soon ;P This time, it's version 3 TRIAD botnet. This web application is still in "

Jorge Miereshttp://www.blogger.com/profile/01799574410927169333noreply@blogger.com0